Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 8:32 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Fri Aug 13, 2010 1:13 am 
Offline
Newbie

Joined: Fri May 28, 2010 4:49 am
Posts: 14
Noticed that the .vbs script sends IP addresses in a zero-padded format, ie.g 010.000.000.001, instead of 10.0.0.1. Yet the audit_linux.sh bash script did not. This caused a problem in the report with all audited systems; you could not properly sort that report by IP if your network contained linux systems.

So I wrote a couple of bash functions and added them to the audit_linux.sh script to pad the IP addresses with zeroes. This worked perfectly, and I checked on the server and now the report with all audited systems can be properly sorted by IP because all IPs are properly zero-padded, whether they come from Windows or Linux machines.

Yet there is a problem. When I click on any of the Linux systems on that report, and I get the summary info page, for some reason the IP address is not shown in that page. Even when the IP address appears fine and zero-padded perfectly on the full report, in this info page, right below the OS installation date, the IP and subnet fields are blank. This happens only for linux machines; Windows machines (audited with the .vbs script, however) do get the IP zero padded in the full report, and that same zero-padded IP appears perfectly on the summary page as well.

If I remove the call to my zero-padding in the linux script, the IP address and subnet do show up again on the summary info page of course, but the full report gets the IP sorting messed up again as well.

Why does the IP appear blank in the summary page of a linux audited machine when I zero-pad the IP address from the audit_linux.sh script?


Last edited by rsaavedra on Fri Aug 13, 2010 2:07 am, edited 3 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 13, 2010 1:59 am 
Offline
Newbie

Joined: Fri May 28, 2010 4:49 am
Posts: 14
In case anyone is interested, here are the zero padding functions I added to audit_linux.sh.

I just call zeropad_ip from the # System 01 Info # section of the script, right after the value of net_primary_ip is set:

net_primary_ip=$($oa_ifconfig ... etc
zeropad_ip net_primary_ip

[code]
# Functions used to zero-pad the IP addresses
# By Raul Saavedra, August-12-2010

function zeropad() {
local ZPAR="$1"
local ZVAL="${!ZPAR}"
local ZLEN=${#ZVAL}
#echo " Padding value of $ZPAR = $ZVAL ($ZLEN digits)"
if [ "$ZLEN" -eq 1 ]; then
eval $1="00$ZVAL"
elif [ "$ZLEN" -eq 2 ]; then
eval $1="0$ZVAL"
fi
}

function zeropad_ip() {
local PARAM="$1"
local IPADR="${!PARAM}"
#echo Zero Padding IP address in $PARAM with value $IPADR
local POSDOT1=`expr index "$IPADR" .`
if [ "$POSDOT1" -gt 0 ]; then
local IPBYTE1=${IPADR:0:POSDOT1-1}
local SUBSTR1=${IPADR:POSDOT1}
local POSDOT2=`expr index "$SUBSTR1" .`
if [ "$POSDOT2" -gt 0 ]; then
local IPBYTE2=${SUBSTR1:0:POSDOT2-1}
local SUBSTR2=${SUBSTR1:POSDOT2}
local POSDOT3=`expr index "$SUBSTR2" .`
if [ "$POSDOT3" -gt 0 ]; then
local IPBYTE3=${SUBSTR2:0:POSDOT3-1}
local IPBYTE4=${SUBSTR2:POSDOT3}
zeropad IPBYTE1
zeropad IPBYTE2
zeropad IPBYTE3
zeropad IPBYTE4
#echo "Padded IP address: $IPBYTE1.$IPBYTE2.$IPBYTE3.$IPBYTE4"
eval $1="$IPBYTE1.$IPBYTE2.$IPBYTE3.$IPBYTE4"
fi
fi
fi
}
[/code]


Last edited by rsaavedra on Fri Aug 13, 2010 5:39 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 13, 2010 5:08 am 
Offline
Newbie

Joined: Fri May 28, 2010 4:49 am
Posts: 14
Just found the solution. I simply had to add the following two statements after net_ip and net_subnet get initialized:
zeropad_ip net_ip
zeropad_ip net_subnet


Those two variables get initialized in an if statement within a for loop of the # Network Information # section (that's before net_primary_ip gets initialized).

With all of those variables zeropadded, the IP gets properly zero-padded on the all systems audited report, AND when clicking on a linux machine there, the IP and subnet both show up perfectly on the Summary - System info page.


I'd like to add that I found a minor bug in the statement that initializes the variable net_subnet. It yields an empty string when the interface is the loopback. I added an if statement after net_subnet is initialized, so that in case it ends up an empty string, then a command very similar to the original is applied, but instead of split($4 the new command uses split($3 (which works for the loopback case.)

[code]
net_subnet=$($oa_ifconfig $net_connection_id | $oa_awk '/inet add?r:/{split($4,a,":"); print a[2]}')
if [ "$net_subnet" = "" ]; then
net_subnet=$($oa_ifconfig $net_connection_id | $oa_awk '/inet add?r:/{split($3,a,":"); print a[2]}')
fi
[/code]


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group