Open-AudIT
https://www.open-audit.org/phpBB3/

Include Log On As value on Service detail
https://www.open-audit.org/phpBB3/viewtopic.php?f=9&t=3393		 Page 1 of 1
Author:  jpa [ Sat Aug 01, 2009 9:22 am ]
Post subject:  Include Log On As value on Service detail
It would be nice to include the "Log On As" value (Start_Name) for services.

John-Paul
Author:  ef [ Sat Aug 01, 2009 6:41 pm ]
Post subject:  Re: Include Log On As value on Service detail
Useful idea! Added to SVN rev. 1175.
Author:  jpa [ Sun Aug 02, 2009 4:08 pm ]
Post subject:  Re: Include Log On As value on Service detail
Thank you very much. This is quite useful for me.

How about an extension of the request? It would now help to have a query which includes this info for all hosts so we can quickly filter all services by the Log On As value.

Thanks again. I'm happy to have the data in the DB.
Author:  ef [ Mon Aug 03, 2009 4:45 pm ]
Post subject:  Re: Include Log On As value on Service detail
Try Queries - All services: you will have the list and count of every audited service . Then, selecting one of them, you will have the list of all systems where that service was detected, with each service account included.
Otherwise, take at look at FAQs (viewtopic.php?f=6&t=2545) and try to buld your own view.
Author:  A_Hull [ Tue Aug 04, 2009 1:36 am ]
Post subject:  Re: Include Log On As value on Service detail
Save the following as list_viewdef_services_by_service_user.php in your openaudit folder.

Call with something like.. http://... ./openaudit/list.php?view=services_by_service_user[color=#40BFBF]&logon_as=LocalSystem [/color] <<**

** the paramater &logon_as=whoever is the user you are looking for. Leave blank for all services, then use the magnifier boxes if you want to do multiple searches.

Let me know if this is the sort of thing you are thinking of. If so I will pop it in the SVN, not sure where to link it too.

[code]
<?php

$query_array=array("headline"=>__("List Systems with Service Logon as ".$_GET["logon_as"]."."),
"sql"=>"SELECT * FROM service, system, service_details WHERE service_start_name = '" . $_GET["logon_as"] . "' AND service_uuid = system_uuid AND service_timestamp = system_timestamp AND sd_display_name = service_display_name ",
"sort"=>"system_name",
"dir"=>"ASC",
"get"=>array("file"=>"system.php",
"title"=>"Go to System",
"var"=>array("pc"=>"%system_uuid",
"view"=>"summary",
),
),
"fields"=>array("10"=>array("name"=>"system_uuid",
"head"=>__("UUID"),
"show"=>"n",
),
"20"=>array("name"=>"net_ip_address",
"head"=>__("IP"),
"show"=>"y",
"link"=>"y",
),
"30"=>array("name"=>"system_name",
"head"=>__("Hostname"),
"show"=>"y",
"link"=>"y",
),
"35"=>array("name"=>"service_name",
"head"=>__("Service Name"),
"show"=>"y",
"link"=>"y",
),
"40"=>array("name"=>"service_start_mode",
"head"=>__("Start Mode"),
"show"=>"y",
"link"=>"n",
),
"50"=>array("name"=>"service_state",
"head"=>__("State"),
"show"=>"y",
"link"=>"n",
),
"60"=>array("name"=>"service_started",
"head"=>__("Started"),
"show"=>"n",
"link"=>"n",
),
"70"=>array("name"=>"service_start_name",
"head"=>__("Logon As"),
"show"=>"y",
"link"=>"n",
),
"80"=>array("name"=>"",
"head"=>__("Descr."),
"show"=>"y",
"link"=>"n",
"sort"=>"n",
"search"=>"n",
"help"=>"%sd_description",
),
),
);
?>

[/code]
Author:  jpa [ Tue Aug 04, 2009 3:21 am ]
Post subject:  Re: Include Log On As value on Service detail
Thank you. This is what I was thinking. Maybe you could call it "All Services with Hosts" like some of the other queries. As a total hypothetical usage case say some time in the distant past you typo'd a service account name and then set multiple services on multiple hosts to use this service account and now you want to find those services and move them to the correctly spelled service account. Hypothetically you select the "All Services with Hosts" query and then magnifier search for the typo'd account to get your list.

It did not work quite right with a blank service_start_name. I removed the service_start_name where clause and it worked just as I'd like.
Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/