Open-AudIT

Maybe it should be possible to specify the config file with command line options.

Or the config option be inserted on the audit.vbs itself.
For example when accessing the web page and downloading the audit script it could generate at runtime the final audit.vbs.

[quote="Nandox7"]Or the config option be inserted on the audit.vbs itself.
For example when accessing the web page and downloading the audit script it could generate at runtime the final audit.vbs.

I don't understand how we could keep the config in the database. There are likely people with different setups that require multiple configs, so you can't really store it there for all cases. Hence, which one do you choose? I say you don't. Leave it in a file, as that's the most network efficient (despite it being really small anyway).

[quote="mikeyrb"]I don't understand how we could keep the config in the database. There are likely people with different setups that require multiple configs, so you can't really store it there for all cases. Hence, which one do you choose? I say you don't. Leave it in a file, as that's the most network efficient (despite it being really small anyway).

What is about this:

Let's code the ability to give all parameters for audit.vbs as command-line-parameters. Also the audit.config has to be a optional command-line parameter.

Seems perfect.
If you could pass the location of the audit.config, even has in a url type it would be perfect.
You could have the possibility to store diferent .config files always on the same place, and pick the one you want at runtime.

Who can code this?

-> All config-parameters as command-line-arguments
-> Optional config-file (Command-Line beats config-file)
-> Open config-file via HTTP

At this time, we can change the config-file-structure to ini-file. It's easyser to maintaine and we can separate different programms (i.e. nmap.vbs and audit.vbs)


Example:
[code]
[gernal]
audit_location = "l"
verbose = "y"
online = "yesxml"
strComputer = "."
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "y"
ie_form_page = "http:///openaudit/admin_pc_add_1.php"
non_ie_page = "http:///openaudit/admin_pc_add_2.php"

[audit]
input_file = ""
audit_local_domain = "n"
local_domain = "LDAP://"
hfnet = "n"
Count = 0
number_of_audits = 20
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "mac"

[email]
email_to = ""
email_from = ""
email_server = ""

[nmap]
nmap_subnet = "192.168.10." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.010." ' The subnet padded with 0's
nmap_ie_form_page = "http://192.168.10.28/oa/admin_nmap_input.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 21
nmap_ip_end = 254
[/code]

Here's a thought, could audit.vbs not just read its config from ...

[url]http://openauditserver/openaudit/scripts/audit.config[/url]

[quote="mikeyrb"]I don't understand how we could keep the config in the database. There are likely people with different setups that require multiple configs, so you can't really store it there for all cases. Hence, which one do you choose? I say you don't. Leave it in a file, as that's the most network efficient (despite it being really small anyway).

[code]Well if audit.vbs looks to a URL for its config, then we just have dynamically created pages for each site we want to audit.

So for example we want to audit aberdeen we use

https://openauditserver/openaudit/script_config_url.php?config=aberdeen [/code]

Imagine you have 10 sites that require different config files. The majority of the config options will probably be the same for each site so you would just create one config text file, copy the file then change the required parameters in each one file. Setting up each config file from a web interface would probably be much slower.

I don't see to much harm in being able to tell audit.vbs to read it's config from a webserver though. I just don't think we should have to provide a GUI for configuration or save the config in the database.

My ideal audit.vbs scipt would do the following:

If you don't give it any command line options then it will try and read the config from audit.config in same directory as audit.vbs. If audit.config is not found then exit with error.
A command line option for different audit.config file. This should be able to download config from webserver too.
Command line option to override parameters in the specified/unspecified config file.

[quote="A_Hull"][quote="mikeyrb"]I don't understand how we could keep the config in the database. There are likely people with different setups that require multiple configs, so you can't really store it there for all cases. Hence, which one do you choose? I say you don't. Leave it in a file, as that's the most network efficient (despite it being really small anyway).

Let's start at the beginning: Who can code the command-line stuff and the opening of a plaintext config-file from webserver in VB?

At the second step, we can dynamicly generate the config-file at the webserver.


Exmaple: Auditing Perth

cscript audit.vbs -config=http://bla.de/scripts/audit_perth.config

I am starting to think this will be a larger change than you previously thought. Therefore, I suggest we hold off on this for a little while, so that we can make sure everything else is working properly. I don't think this is a priority. I was pretty sure we were in agreement on bugfixing only!?

I would like to see command line arguments used in the future too.

Here's a short example reading a URL from an http server. I added a command line arg as well.

This is a WSF file (add .wsf extention). Running "cscript ReadURL.wsf" /? outputs the help for the command line args.

[code]
<job>
<runtime>
<description>
This screen reads a file from an HTTP or FTP server and outputs to stdout.
</description>
<named
name = "url"
helpstring = "The URL of the file to display"
type = "string"
required = "true"
/>

<example>
Example:
cscript ReadURL.wsf /url:"http://www.google.com"
</example>

</runtime>
<script language="VBScript">
Option Explicit

Dim objArgs

Set objArgs = new ArgumentData

If objArgs.HasAllRequiredArgs Then

wscript.echo GetFile(objArgs.URL)

Else
WScript.Arguments.ShowUsage
Wscript.Echo VBCrLF & objArgs.InvalidArgsErrorString
End If

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Purpose: Read file from a URL to a string.
'
'Input: strURL: The URL of the file that will be downloaded.
'
'Output: Returns the server response text.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Function GetFile(strURL)
Dim objXMLHTTP
Dim strResponse

Set objXMLHTTP = CreateObject("Microsoft.XMLHTTP")


With objXMLHTTP
.Open "Get", strURL, false
.Send

If .status = 200 Then
strResponse = .responseText
Else
strResponse = "StatusCode: " & .Status & " " & .StatusText
End If

End With

GetFile = strResponse

End Function

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'Purpose: Validate arguments.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Class ArgumentData

Private boolValidArgs
Private strInvalidArgs

Private strURL

Private Sub Class_Initialize()

boolValidArgs = True
strInvalidArgs = ""

Dim objRE

'Do some basic URL validation.
Set objRE = New RegExp
objRE.Pattern ="(http|ftp):\/\/\.*"

With Wscript.Arguments.Named

'Verify URL argument is valid
If .Exists("url") Then
If objRE.Test(.Item("url")) Then
strURL = .Item("url")
Else
strInvalidArgs = strInvalidArgs & vbCrLf & "/url:<URL> parameter is not a supported URL."
boolValidArgs = False
End If
Else
strInvalidArgs = strInvalidArgs & vbCrLf & "/url:<URL> parameter is required."
boolValidArgs = False
End If

End With

End Sub

'Obtain the URL parameter.
Public Property Get URL
URL = strURL
End Property

'Returns true if all arguments were valid.
Public Property Get HasAllRequiredArgs
HasAllRequiredArgs = boolValidArgs
End Property

'Contains any validation errors if HasAllRequiredArgs is false.
Public Property Get InvalidArgsErrorString
InvalidArgsErrorString = strInvalidArgs
End Property

End Class

</script>
</job>
[/code]