Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Sun Nov 17, 2019 8:47 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Sat Aug 01, 2009 9:22 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
It would be nice to include the "Log On As" value (Start_Name) for services.

John-Paul


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 01, 2009 6:41 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Useful idea! Added to SVN rev. 1175.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Sun Aug 02, 2009 4:08 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Thank you very much. This is quite useful for me.

How about an extension of the request? It would now help to have a query which includes this info for all hosts so we can quickly filter all services by the Log On As value.

Thanks again. I'm happy to have the data in the DB.


Top
 Profile  
Reply with quote  
PostPosted: Mon Aug 03, 2009 4:45 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Try Queries - All services: you will have the list and count of every audited service . Then, selecting one of them, you will have the list of all systems where that service was detected, with each service account included.
Otherwise, take at look at FAQs (viewtopic.php?f=6&t=2545) and try to buld your own view.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 04, 2009 1:36 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Save the following as list_viewdef_services_by_service_user.php in your openaudit folder.

Call with something like.. http://... ./openaudit/list.php?view=services_by_service_user&logon_as=LocalSystem <<**

** the paramater &logon_as=whoever is the user you are looking for. Leave blank for all services, then use the magnifier boxes if you want to do multiple searches.

Let me know if this is the sort of thing you are thinking of. If so I will pop it in the SVN, not sure where to link it too.

Code:
<?php

$query_array=array("headline"=>__("List Systems with Service Logon as ".$_GET["logon_as"]."."),
                   "sql"=>"SELECT * FROM service, system, service_details WHERE service_start_name = '" . $_GET["logon_as"] . "' AND service_uuid  = system_uuid AND service_timestamp = system_timestamp AND sd_display_name = service_display_name ",
                   "sort"=>"system_name",
                   "dir"=>"ASC",
                   "get"=>array("file"=>"system.php",
                                "title"=>"Go to System",
                                "var"=>array("pc"=>"%system_uuid",
                                             "view"=>"summary",
                                            ),
                               ),
                   "fields"=>array("10"=>array("name"=>"system_uuid",
                                               "head"=>__("UUID"),
                                               "show"=>"n",
                                              ),
                                   "20"=>array("name"=>"net_ip_address",
                                               "head"=>__("IP"),
                                               "show"=>"y",
                                               "link"=>"y",
                                              ),
                                   "30"=>array("name"=>"system_name",
                                               "head"=>__("Hostname"),
                                               "show"=>"y",
                                               "link"=>"y",
                                              ),
                           "35"=>array("name"=>"service_name",
                                               "head"=>__("Service Name"),
                                               "show"=>"y",
                                               "link"=>"y",
                                              ),
                                   "40"=>array("name"=>"service_start_mode",
                                               "head"=>__("Start Mode"),
                                               "show"=>"y",
                                               "link"=>"n",
                                              ),
                                   "50"=>array("name"=>"service_state",
                                               "head"=>__("State"),
                                               "show"=>"y",
                                               "link"=>"n",
                                              ),
                                   "60"=>array("name"=>"service_started",
                                               "head"=>__("Started"),
                                               "show"=>"n",
                                               "link"=>"n",
                                              ),
                                   "70"=>array("name"=>"service_start_name",
                                               "head"=>__("Logon As"),
                                               "show"=>"y",
                                               "link"=>"n",
                                              ),
                                   "80"=>array("name"=>"",
                                               "head"=>__("Descr."),
                                               "show"=>"y",
                                               "link"=>"n",
                                               "sort"=>"n",
                                               "search"=>"n",
                                               "help"=>"%sd_description",
                                              ),
                                  ),
                  );
?>


_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 04, 2009 3:21 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Thank you. This is what I was thinking. Maybe you could call it "All Services with Hosts" like some of the other queries. As a total hypothetical usage case say some time in the distant past you typo'd a service account name and then set multiple services on multiple hosts to use this service account and now you want to find those services and move them to the correctly spelled service account. Hypothetically you select the "All Services with Hosts" query and then magnifier search for the typo'd account to get your list.

It did not work quite right with a blank service_start_name. I removed the service_start_name where clause and it worked just as I'd like.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group