Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 11:44 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: SMTP Authentication
PostPosted: Thu Dec 06, 2007 11:19 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
My corporate SMTP Server requires authentication, so audit.vbs can't send failed audits email. To fix it I had to:
- add the following lines to audit.config
[code]
email_to = "user@domain"
email_from = "user@domain"
'email_sender = "Open-AudIT"
email_server = "aaa.bbb.ccc.ddd" ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "user@domain" ' A valid Email account in user@domain format
email_user_pwd = "abc123" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds

[/code]
- modify the following lines in audit.vbs (email section):
[code]
''''''''''''''''''''''''''''''''''
' Send an email of failed audits '
' if there are any '
''''''''''''''''''''''''''''''''''

if email_failed <> "" then
On Error Resume Next
wscript.echo "This system failed to audit."
Set objEmail = CreateObject("CDO.Message")
objEmail.From = email_from
objEmail.To = email_to
'objEmail.Sender = email_sender
objEmail.Subject = "Open-AudIT - Failed Audits."
objEmail.Textbody = "The following systems failed to audit: " & vbCRLF & email_failed
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = email_server
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = email_port
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = email_auth
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = email_user_id
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = email_user_pwd
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = email_use_ssl
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = email_timeout
objEmail.Configuration.Fields.Update
objEmail.Send
if Err.Number <> 0 then
wscript.echo "Error sending email: " & Err.Description
else wscript.echo "Email sent." end if
Err.Clear
end if

' Exit the script
wscript.quit

[/code]
I commented out the "sender" lines because they could create spoofing problems with certain SMTP filters, but try yourselves, in your environment it could be OK.

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Thu Dec 06, 2007 11:48 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Thanks, the reason I didn't use this feature was because it didn't auth. I am testing as we speak. Added to SVN 917
I'll let you know if it breaks anything :wink:

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 1:18 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Wrote a quick testmail.vbs

This will appear in the SVN in the scripts folder, run it against audit.config in the same folder, it will test the settings by firing you an email .
If the settings are wrong, it will throw an error box, which may be of help, (but this is a Microsoft VBS error, so it probably wont help. :P)

[code]
'
'*
'* @version $Id: testemail.vbs 6th December 2007
'*
'* @author The Open Audit Developer Team
'* @objective Index Page for Open Audit.
'* @package open-audit (www.open-audit.org)
'* @copyright Copyright (C) open-audit.org All rights reserved.
'* @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see ../gpl.txt
'* Open-Audit is free software. This version may have been modified pursuant
'* to the GNU General Public License, and as distributed it includes or
'* is derivative of works licensed under the GNU General Public License or
'* other free or open source software licenses.
'* See www.open-audit.org for further copyright notices and details.
'*
'
this_config="audit.config"
'
dim filesys
Set filesys = CreateObject("Scripting.FileSystemObject")
'
If filesys.FileExists(this_config) then
'
sScriptPath=Left(WScript.ScriptFullName, InStrRev(WScript.ScriptFullName,"\"))
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile(sScriptPath & this_config).ReadAll
'
'
On Error Resume Next
wscript.echo "Open-Audit testing email using Mail Server: " & email_server
Set objEmail = CreateObject("CDO.Message")
objEmail.From = email_from
objEmail.To = email_to
objEmail.Sender = email_sender
objEmail.Subject = "Open-AudIT - Email Tester."
objEmail.Textbody = "Email sent from" & email_from & " Via Mail Server" & email_server & " : " & vbCRLF & email_failed
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = email_server
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = email_port
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = email_auth
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = email_user_id
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = email_user_pwd
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = email_use_ssl
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = email_timeout
objEmail.Configuration.Fields.Update
objEmail.Send
if Err.Number <> 0 then
' Possibly the error will come from the above scripting, as an error box, however here is a generic error, just in case
wscript.echo "Error sending email: " & Err.Description
else wscript.echo "Email sent sucessfully." end if
Err.Clear
else wscript.echo "Email not sent. Please check your settings." end if

[/code]

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 1:34 am 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
And (but this is off-topic) what about to add to admin_pc_add_2.php and admin_nmap_input.php the feature (optional) to send one or more emails in case of new systems/other systems/software detected? I don't want to publish OA to the internet to read its rss feeds, so it could be useful an email to inform a group of auditors.

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 1:50 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Sound like a cool idea, I was going to add the ability to email a particular machine details to my helpdesk, in the form of a service request, complete with VNC, RDP links, last logged on user etc.

The idea being that a user can log in to openaudit, and since they are not an admin, they only see a button to ask for assistance, and a details field for their problem. They fill out the request, and off goes a help-desk ticket to whatever email enabled help-desk system you are using, all nicely linked, timestamped etc.

Bear in mind, we need to fill in the email stuff in the include_config.php from the setup pages as well as audit.config

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 2:10 am 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
It would be great to add those 2 features: a (very basic) alert system (it could alert also if critical values has changed on a system from the last audit) and a help-desk trouble ticket system.

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 2:29 am 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Thank you Edoardo and Andrew for that code. I can finally get the e-mail notifications working - after running the test routine a dozen times to get the combination that worked!

John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 3:04 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I can think of a couple of ways of doing the first trick. Trouble is however you do it, you probably need to use some sort of scheduling.
If you use PHP, then you can do this server side using "at" on Linux or Windows (yes Windows has an "at" command too... not a lot of people know this)

If you use vbscript, you are limited to only being able to do things client side (even if the client happens to be the same windows server running the audit, if you know what I mean :? )

One trick would be to have the script (PHP or VBS) take the RSS pages for its input, and send this, suitably formatted to the email addresses in question. This has the advantage of keeping the results entirely predictable, if you change the RSS code, the emails will reflect the change.

I would rather keep the emailing PHP based if we can, so we can use the basic code throughout the application, however if there is a valid reason to do it all using VBS I am sure we can live with this.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 3:20 am 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
I agree, it would be better to add a php server-side emailing system.

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 3:47 am 
Offline
Contributor

Joined: Fri Sep 28, 2007 12:07 am
Posts: 189
In SVN there is an extra:

[code]
' Exit the script
wscript.quit
[/code]

at the end of the new email section in audit.vbs

thanks

Jason

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 5:58 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
I can confirm the extra 2 lines added in svn: could please it be fixed?
Also, could FAQs at viewtopic.php?f=6&t=1393&start=0&st=0&sk=t&sd=a be updated with new audit.config email settings? Thanks

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 6:57 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Fixed, Updated the FAQ. Check it now. Thanks. :D

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Fri Dec 07, 2007 7:13 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Thank you Andrew, please remind fixing also audit.vbs (see viewtopic.php?f=6&t=1393&start=0&st=0&sk=t&sd=a) which seems to me very important (to close that infamous can of worms)

_________________
Edoardo


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Thu Jun 26, 2008 7:50 pm 
Offline
Newbie
User avatar

Joined: Fri Feb 01, 2008 3:05 am
Posts: 29
Sorry to be adding to this already old post, but I'm trying to get the e-mailing part of OA working but I can't. Not sure what I'm doing wrong.

I've added the send_mail = true line, and when testing with the testemail.vbs script it works fine.

is OA only meant to send e-mails if an audit fails or for every audit?

sorry if this all souds a bit newbie-ish. Still love the product though! ;-)

Cheers,
Tom


Top
 Profile  
Reply with quote  
 Post subject: Re: SMTP Authentication
PostPosted: Thu Jun 26, 2008 8:54 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Make sure that in your audit.config is set also
[code]
use_audit_log = "y"
[/code]

_________________
Edoardo


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group