Open-AudIT
https://www.open-audit.org/phpBB3/

Improvement on audit.vbs
https://www.open-audit.org/phpBB3/viewtopic.php?f=9&t=3024
Page 3 of 3

Author:  NickBrown [ Mon Nov 24, 2008 1:02 am ]
Post subject:  Re: Improvement on audit.vbs

[quote="Mark"]Some thoughts...
Only problem with that would be that you're "trusting" the user input (script output) to have the correct field names. I (personally) think that's way to much trust to place on the user input. I am thinking more in terms of web submitted audits, etc. I am trying to trust as little as possible of the input data. Yes, I want the field names to match, but I don't think we should actually rely and automate (hence trust) this.


Not sure what your "trust" isue is here Mark? Are you referring to security or data integrity ? Why wouldn't the script output have the correct field names? Surely we have to assume that it will supply a correct data structure? Or at least accept that an incorrect data structure will result in a data submission error. But all this would be true of whatever XML schema we use wouldn't it?

[quote="Mark"]So, you'd need to include UUID, MAC and System Name in the URL. You would also need a global timestamp to be the same for submission with each section.

Actually I'd suggest that if we wanted to follow this approach then a uniquely generated session (or "audit") id would be be the way to go. This could be sent in the first data submission (along with UUI,MAC etc) and re-used for subsequent submissions. That way the received data fragments could re-assembled.

Author:  Mark [ Mon Nov 24, 2008 7:59 am ]
Post subject:  Re: Improvement on audit.vbs

[quote]Hey Mark, any chance you can post your code for the pc input for the xml. So we dont have to start from scratch (if youve got it, i know the tables are different). I would like to start trying to turn the audit.vbs and the pc add for the old version of open-audit into xml input/recieve
Short answer - not yet. The code uses the CodeIgniter Framework. As such, it doesn't have one single "pc input" page. At the moment (I think, from memory) it would have about 12. These pages are useless without the rest of the framework. So I'll need to post it all. I am not quite ready to do that. Please be patient.

[quote]Not sure what your "trust" isue is here Mark? Are you referring to security or data integrity ? Why wouldn't the script output have the correct field names? Surely we have to assume that it will supply a correct data structure?
I am thinking along two lines. One - NEVER trust information you receive from a "user". Two - this input form will have to account for being hooked up to a public facing web page. See point One...

[quote]Actually I'd suggest that if we wanted to follow this approach then a uniquely generated session (or "audit") id would be be the way to go. This could be sent in the first data submission (along with UUI,MAC etc) and re-used for subsequent submissions. That way the received data fragments could re-assembled.
Yeah - sounds interesting. How much harder would it be than a couple of extra fields on a form though, and is it worth the effort ? Thanks for the thoughts, and please don't think I am writing this second one off. Your thoughts are much appreciated, and can only help build a better product. More thought needed with this one - definitely.

Author:  Mark [ Mon Nov 24, 2008 9:11 am ]
Post subject:  Re: Improvement on audit.vbs

[quote]Yeah - sounds interesting. How much harder would it be than a couple of extra fields on a form though, and is it worth the effort ? Thanks for the thoughts, and please don't think I am writing this second one off. Your thoughts are much appreciated, and can only help build a better product. More thought needed with this one - definitely.

OK - had a thought. If we assume (a dangerous assumption) that the details for the "system" table are the first submitted on any given audit, we can return the system_id as the "page". This could then be included on subsequent posts (software, hard disk, et al) to determine which system / timestamp the post relates to. Still thinking...

Author:  Malenx [ Tue Dec 09, 2008 8:07 am ]
Post subject:  Re: Improvement on audit.vbs

Line 2578 and 2579 of Audit.vbs

' Include customer specific audits
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit_custom_software.inc").ReadAll

This calls audit_custom_software.inc which reads the registry and updates the xml. Couldn't we call all these categories one at a time using this method? Or would that break the IE side?

Author:  A_Hull [ Wed Dec 10, 2008 1:06 am ]
Post subject:  Re: Improvement on audit.vbs

[quote="Malenx"]Line 2578 and 2579 of Audit.vbs

' Include customer specific audits
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile("audit_custom_software.inc").ReadAll

This calls audit_custom_software.inc which reads the registry and updates the xml. Couldn't we call all these categories one at a time using this method? Or would that break the IE side?

You could indeed, in fact, you could install a simple "shim" audit.vbs which asks for each part of the main audit.vbs file from the server as and when it needs it, using the method I used to grab the config from the server. Using this method, you would have greater control of the script, it would never be out of date (as it would always get the latest version of each section from the server), and the scripts could be tailored to the calling PC/Linux Box/Sandwich Toaster or whatever called it.

Something like...

audit.vbs becomes...

[code]
Pseudocode.. audit.vbs
'''''''''''''''''''''''''''''''''''
' Open Audit '
' Software and Hardware Inventory '
' Outputs into MySQL '
' (c) Open-Audit.org 2003-2007 '
' Licensed under the GPL '
'''''''''''''''''''''''''''''''''''
'
this_main_url = "%host_url%"
if (left(this_main_url,1) = "%") then
this_main_url = "http://openaudit/openaudit/scripts/send_main.php"
end if
'
'
' Find out the name of this script, usually audit.vbs but it depends where we were called form.
full_script_name = WScript.ScriptFullName
' Strip off the .vbs and the path, so we can create files with the same suffix.
' No point in creating or overwriting audit.config if we aren't called audit.vbs
script_prefix = Left(full_script_name,(InStrRev(full_script_name,".vbs")-1))
script_prefix = Right(script_prefix,(len(script_prefix) - (InStrRev(WScript.ScriptFullName,"\"))))
' We also need the Path
sScriptPath=Left(WScript.ScriptFullName, InStrRev(WScript.ScriptFullName,"\"))

this_main = sScriptPath & script_prefix & ".main"

dim filesys
Set filesys = CreateObject("Scripting.FileSystemObject")

If filesys.FileExists(this_main) then
' Do nothing, or panic, since we should destroy the old "main" once the script has run
else
'wscript.echo("Downloading Main Audit Code")
'
'

' Now we open the web page where the remote main lives
Set WshShell = WScript.CreateObject("WScript.Shell")

Set http = CreateObject("Microsoft.XmlHttp")
' ...and we grab it..
http.open "GET",this_main_url, FALSE
http.send ""
'
Set main_file = CreateObject("Scripting.FileSystemObject")
Set our_main = main_file.OpenTextFile( this_main, ForWriting, True)
'... and post it to our local config.
our_main.write http.responseText
our_main.close
End If
' End of web download script.
ExecuteGlobal CreateObject("Scripting.FileSystemObject").OpenTextFile(this_main).ReadAll
'
[/code]

/scripts/send_main.php then sends the actual main part of the code...

If send_main.php uses a similar handoff proceedure, then it can in theory send each section of the code separately, run it, load the next section etc ad infinitum.

You can do something similar using bash scripts, just as easily.

You do need to have write access somewhere on the target box in order to read in and save the script sections, and run them.

Author:  ottl05 [ Wed Apr 22, 2009 11:09 pm ]
Post subject:  Re: Improvement on audit.vbs

[quote="jbsclm"]We audit different active directory OUs on each day, we have done this by having a different scripts directory for each OU and editing the audit .config in it. Upgrading needs each folder recreating and the respective files and audit config copying in. It would make life a lot easier if audit.vbs could be passed the config file as a parameter, eg "audit.vbs marketing.config". What do other people think, or have I missed an easier way to achieve what I want to do.

Server Info: Windows XP running XAMPP

Auditing: 4400 machines, mainly windows XP
W2K3: Active Directory

I´m actually facing the same problem.

I´ve got multiple configs for each ou. At the moment I edit the configname in the audit.vbs.
But when an update for the audit.vbs comes, I must edit all audit.vbs again.

So how do you audit your OUs?
Is it possible to start the audit.vbs with a auditxx.config as parameter?

Page 3 of 3 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/