Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Domain Audit black list https://www.open-audit.org/phpBB3/viewtopic.php?f=9&t=2375 |
Page 1 of 1 |
Author: | mwm [ Tue Sep 25, 2007 12:03 pm ] |
Post subject: | Domain Audit black list |
Hello All, I am working on a blacklist function for Open Audit. I have encountered some systems that for whatever reason don't like to be audited. Could be a WMI thing but I have little interest in figuring out why at the moment. I have noticed it hand on some SQL servers. Anyway, I am creating a balcklist.txt file that is read into an array. At each call of the audit I compare comparray(i) to ArrSkipList(z). If they match, dont audit. If they dont match go ahead and audit it. I don't want to get too far into this if someone else is further along than I am. Let me know what you think! for z = 0 to Ubound(ArrSkipList) if comparray(i) <> ArrSkipList(z) Do The Audit Else wscript.echo "BLACKLIST HIT!" Write ArrSkipList to skip.txt for logging endif Next Thanks! -mwm http://www.blatbox.com |
Author: | ccpyle [ Tue Feb 12, 2008 6:43 am ] |
Post subject: | Re: Domain Audit black list |
I think it sounds wonderful. Did you ever finish developing this, 'cause I want to use it! |
Author: | The Tech Guy [ Sat May 10, 2008 2:18 am ] |
Post subject: | Re: Domain Audit black list |
yes yes this does sound good is it finished yet? |
Author: | acraiger [ Fri Oct 09, 2009 11:06 pm ] |
Post subject: | Re: Domain Audit black list |
Just wondering if anyone ever got this working, where we can add list of computers not to audit in the audit.config file. Maybe like a text file with the list of computers you want to exclude during a domain audit. I use ldap to connect to my Active Directory. So I'm thinking maybe in the audit.vbs code where it puts all the computers in an array, maybe add a little code where it searches the array after it has been populated, and removes the computers from the array you don't want audited. Maybe we can edit this function: Function GetDomainComputers(ByVal local_domain) Dim objIADsContainer ' ActiveDs.IADsDomain Dim objIADsComputer ' ActiveDs.IADsComputer Dim vReturn ' Variant ' connect to the computer. Set objIADsContainer = GetObject(local_domain) ' set the filter to retrieve only objects of class Computer objIADsContainer.Filter = Array("Computer") [color=#0000FF]Maybe do another filter here that removes computers in blacklist[/color] ReDim vReturn(0) For Each objIADsComputer In objIADsContainer If Trim(vReturn(0)) <> "" Then ReDim Preserve vReturn(UBound(vReturn) + 1) End If vReturn(UBound(vReturn)) = objIADsComputer.Name Next GetDomainComputers = vReturn Set objIADsComputer = Nothing Set objIADsContainer = Nothing End Function) |
Author: | acraiger [ Fri Mar 12, 2010 7:46 am ] | ||
Post subject: | Re: Domain Audit black list | ||
I think I finally got a blacklist to work. I attached my audit.vbs file. You have to create a blacklist.txt file in the same folder where audit.vbs runs. I also added an entry to the audit.config file blacklist_file = "blacklist.txt" I also added a Dim declaration just under the input_file declaration: Dim blacklist_file and also to where the Case Ucase(arg) are located: Case "BLACKLIST_FILE" blacklist_file = Wscript.Arguments.Named(arg) Below is the code I added just under the Do Until loop for ObjRecordSet.EOF which is located at around line 439. Or you could just say it is located just above the Randomize scan If statement. On Error Resume Next if blacklist_file <> "" then Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile("DomainPC.txt", 2) Set objTextFileBl = objFSO.OpenTextFile("blacklist.txt", 1) 'This inputs the blacklist.txt file into an array blacklist() Dim blacklist() i = 0 Do Until objTextFileBl.AtEndOfStream Redim Preserve blacklist(i) blacklist(i) = [color=#FF0000]UCase([/color]objTextFileBl.Readline) 'edited this i=i+1 Loop 'Start loop to create new comparray() Dim Newarray() match = false k=0 For i=0 to Ubound(comparray) For j = 0 to Ubound(blacklist) If comparray(i) = blacklist(j) Then match = true Exit For End if Next If match = false Then Redim Preserve Newarray(k) Newarray(k) = comparray(i) k=k+1 End If match = false Next erase comparray 'erase comparray and set equal to Newarray For i = 0 to Ubound(Newarray) 'output edited list of computers to text file Redim Preserve comparray(i) comparray(i) = Newarray(i) Next objTextFile.Close objTextFileBl.Close End If
|
Author: | acraiger [ Wed Jan 18, 2012 1:25 am ] |
Post subject: | Re: Domain Audit black list |
Note: I updated the above script to convert the imported blacklist to Uppercase. Otherwise it might not work if you type a computer name not in upper case. I highlighted the change above in red. I recently redeployed Open-Audit after changing jobs. Trying to get everything working like I had it at my last job. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |