Open-AudIT :: View topic - Auditing remote linux systems

Open-AudIT https://www.open-audit.org/phpBB3/

Auditing remote linux systems https://www.open-audit.org/phpBB3/viewtopic.php?f=9&t=1391	Page 1 of 1

Author:	erSitzt [ Sun Sep 17, 2006 9:21 am ]
Post subject:	Auditing remote linux systems
Hi, i found your tool a few days ago because i needed a tool to document the actual state of a new customer... I want to audit remote linux servers that are not able to access the openaudit webinterface and i want to be able to use a central script (audit_linux.sh) that will be copied to the specified system while auditing. I didnt find any info if someone already tried this in the forum but i thought it should be possible to achieve this using SSH and little modified version of your audit_linux.sh. This is what i ended up with : This is a .vbs that runs pscp/plink from PuTTY to copy the script to and execute it on the remote machine. Most of the script is copied from your standardscripts. : audit_remote_linux.vbs [code] ' Below calls the file audit_include.vbs to setup the variables. ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit.config").ReadAll ' If any command line args given - use the first one as strComputer If Wscript.Arguments.Count > 0 Then host = wscript.arguments(0) user = wscript.arguments(1) pass = wscript.arguments(2) scriptname = wscript.arguments(3) scriptpath = wscript.arguments(4) end if ' copy script in folder on remote machine command1 = "pscp.exe -pw " & pass & " " & scriptname & " " & user & "@" & host & ":" & scriptpath ' make script executable command2 = "plink.exe -pw " & pass & " " & user & "@" & host & " chmod +x " & scriptpath & scriptname ' run script (errors to /dev/null), output will be saved in output-variable command3 = "plink.exe -pw " & pass & " " & user & "@" & host & " " & scriptpath & scriptname & " 2>/dev/null" set sh1=WScript.CreateObject("WScript.Shell") sh1.run command1, 0, true sh1.run command2, 0, true WScript.echo command3 Set objWshScriptExec = sh1.exec(command3) Set objStdOut = objWshScriptExec.StdOut output = objStdOut.ReadAll ' only for debugging 'WScript.Echo output ''''''''''''''''''''''''''''''''''''''''' ' Create an IE instance for output into ' ''''''''''''''''''''''''''''''''''''''''' Dim ie Set ie = CreateObject("InternetExplorer.Application") ie.navigate ie_form_page Do Until IE.readyState = 4 : WScript.sleep(200) : Loop if ie_visible = "y" then ie.visible= True else ie.visible = False end if Dim oUser Dim oPwd Dim oDoc Set oDoc = IE.document Set oAdd = oDoc.getElementById("add") ''''''''''''''''''''''''''''''''' ' Output UUID & Timestamp to IE ' ''''''''''''''''''''''''''''''''' oAdd.value = oAdd.value + output + vbcrlf if ie_auto_submit = "y" then IE.Document.All("submit").Click Do Until IE.readyState = 4 : WScript.sleep(2000) : Loop end if if ie_auto_close = "y" then Do Until IE.readyState = 4 : WScript.sleep(5000) : Loop WScript.sleep(5000) ie.Quit end if end_time = Timer elapsed_time = end_time - ie_time if verbose = "y" then wscript.echo "IE Execution Time: " & int(elapsed_time) & " seconds." end if if online = "p" then oIE.document.WriteLn "</div>" end if [/code] I made this changes to audit_linux.sh : [code] # The end - submit to Open-AudIT cat $ReportFile rm "$ReportFile" [/code] This information is needed by audit_remote_linux.vbs : [code] user = "root" pass = "notmybirthdate" host = "192.168.1.67" ' name of central script scriptname = "audit_linux.sh" ' use leading AND trailing slash scriptpath = "/tmp/" [/code] I started this today so it is far from finished. By now it is not possible to audit multiple hosts using a list of hosts or connecting using public keys instead of passwords. If anyone has questions / comments... just ask/tell ! thanks ! erSitzt

Page 1 of 1	All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/