Open-AudIT

Hi all!
I noticed that the linux script is missing Arch support, so I thought I could add it. There was also an error in the distribution detection (an else coming before some elifs), and the default distribution was debian. Now the order is correct again, and if no know distro is detected it defaults to 'unknown'. I also fixed a small typo.

The patch (wrote against the latest SVN head) follows, if it is appreciated I'll see if I can find some time to improve that script and maybe the rest

BTW, I couldn't find an accepted extension for my attachment... what can I use next time?

[code]--- audit_linux.sh.old 2009-01-23 17:17:49.222865105 +0100
+++ audit_linux.sh.new 2009-01-23 17:48:34.970177680 +0100
@@ -9,6 +9,7 @@
# Change this to nothing if you want to track ALL installed packages on dpkg systems.
OA_PACKAGES="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg"
OA_DPKG_TRACK=$OA_PACKAGES
+OA_PACMAN_TRACK=$OA_PACKAGES
OA_YUM_TRACK=$OA_PACKAGES
OA_PKG_TRACK=$OA_PACKAGES

@@ -30,6 +31,7 @@
OA_HOSTNAME=`which hostname`
OA_IFCONFIG=`which ifconfig`
OA_LSPCI=`which lspci`
+ OA_PACMAN=`which pacman`
OA_PKG=`which pkgtool 2> /dev/null`
OA_RM=`which rm`
OA_UNAME=`which uname`
@@ -52,6 +54,7 @@
OA_HAL_LIST=/usr/bin/lshal
OA_HOSTNAME=/bin/hostname
OA_IFCONFIG=/sbin/ifconfig
+ OA_PACMAN=/usr/bin/pacman
OA_PKG=/var/log/packages
OA_LSPCI=/usr/bin/lspci
OA_RM=/bin/rm
@@ -147,9 +150,6 @@
distribution="Yellow dog"
OS_RELEASE=`$OA_CAT /etc/yellowdog-release`
OS_PCK_MGR=''
- elif distribution="unknown"
- OS_RELEASE="unknown"
- OS_PCK_MGR=''
elif test -f /etc/issue; then
distribution="Ubuntu"
OS_RELEASE=`$OA_CAT /etc/issue`
@@ -158,10 +158,13 @@
distribution="Debian"
OS_RELEASE=`$OA_CAT /etc/debian_version`
OS_PCK_MGR=$OA_DPKG
- else test -f /etc/debian-version; then
+ elif test -f /etc/debian-version; then
distribution="Debian"
OS_RELEASE=`$OA_CAT /etc/debian-version`
OS_PCK_MGR=$OA_DPKG
+ else distribution="unknown"
+ OS_RELEASE="unknown"
+ OS_PCK_MGR=''
fi
fi

@@ -179,7 +182,7 @@
fi
if [ "$OS_RELEASE" = "Ubuntu 7.04 \n \l" ]
then
- OS_RELEASE="7.04 (Fiesty Fawn)"
+ OS_RELEASE="7.04 (Feisty Fawn)"
fi
if [ "$OS_RELEASE" = "Ubuntu 7.10 \n \l" ]
then
@@ -421,6 +424,31 @@
fi
done
fi
+elif [ "$OS_PCK_MGR" = "$OA_PACMAN" ] && [ -x $OA_PACMAN ]
+then
+ OA_ALL_PACKAGES=`$OA_PACMAN -Q`
+
+ if [ "$OA_PACMAN_TRACK" = "" ]
+ then
+ for OA_PACKAGE_LINE in $OA_ALL_PACKAGES; do
+ OA_PACKAGE_NAME=`echo $OA_PACKAGE_LINE | $OA_AWK '{print $1}' 2> /dev/null`
+ OA_PACKAGE_VERSION=`echo $OA_PACKAGE_LINE | $OA_AWK '{print $2}' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_NAME" ] && [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ else
+ for OA_PACKAGE_NAME in $OA_PACMAN_TRACK; do
+ OA_PACKAGE_VERSION=`echo $OA_ALL_PACKAGES | $OA_GREP "$OA_PACKAGE_NAME" | $OA_TAIL -n1 | $OA_AWK '{print $2}' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ fi
fi

if [ "$OS_PCK_MGR" = "$OA_PKG" ][/code]

Yay, another Arch user

You can attach the script by zipping it first then phpbb wont complain anymore. It would be nice to see some improvements merged into the linux script included with the current SVN. As it stands it's kind of a broken script.

I've made major changes to the script and actually use it to audit all my windows machines from my linux box. You can check the script out in this thread ... viewtopic.php?f=10&t=2554&start=75

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2

Thanks for the infos! I've taken a quick look at the script and tried to run it... You've made a whole lot of improvements! I'll try to get to it when I find some time. I only had one problem, the script stuck at user enumeration. I didn't have time to debug, but from what I can see there doesn't seem to be anything wrong. I'll double check later.

Thanks for your great work, it'd be great to see your script committed to svn!

And BTW yeah, Arch rocks

Once you are happy with the results, I can post it to the SVN.

Another thing I thought of...It would be nice to have the Admin> Audit my machine make a guess as to what kind of machine you are on (from your browser string perhaps), and throw back the correct script for Windows or Linux (or even OS-X)...

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

[quote="bardo"]Thanks for the infos! I've taken a quick look at the script and tried to run it... You've made a whole lot of improvements! I'll try to get to it when I find some time. I only had one problem, the script stuck at user enumeration. I didn't have time to debug, but from what I can see there doesn't seem to be anything wrong. I'll double check later.

Thanks for your great work, it'd be great to see your script committed to svn!

And BTW yeah, Arch rocks

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2