Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Wed Jan 23, 2019 6:37 am

View unanswered posts | View active topics


Board index » Open-AudIT » Discussion

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 2
  [ 18 posts ]  Go to page 1, 2  Next
  Print view Previous topic | Next topic 
Author Message
cimenta
 Post subject: How to use audit_osx.sh?
PostPosted: Wed Feb 04, 2015 12:32 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
Hi

I am currently running

Code:
You are running version 1.5.1 of Open-AudIT.
Your Host is: opmantek, and it's OS is Linux.
Your database platform is mysql (version 5.1.73).
Your web server is Apache/2.2.15 (CentOS) .
Your PHP version is 5.3.3 and it's running in timezone UTC.


from the virtual appliance.

I need to audit OSX as well. How do I do that? Is the "Audit the PC" button available for OSX? ( I don't have any OSX handy right now) Do I need to run any particular browser like for Windows?

Thank you

R


Last edited by cimenta on Tue Feb 10, 2015 10:24 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
shanimal
PostPosted: Fri Feb 06, 2015 5:29 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 205
Location: Massachusetts
I'm using version 1.5.2 of audit_osx.sh

I copy the script to the documents directory. Be sure to edit this file with the correct URL to your open audit server

Then you can run this command from terminal (cd to Documents first):

sudo ./audit_osx.sh

This works for me.

I wonder if anybody is using crontab or launchd to schedule a daily audit for OSX?

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices
Top
 Profile  
Reply with quote  
Mark
PostPosted: Fri Feb 06, 2015 9:05 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
"Audit This PC" is available for OSX on the Open-AudIT Enterprise logon screen.
You will have to download and run it as per Shanimal's advice.
Discovery should also work auditing OSX as long as you have the correct credentials.

In short - OSX is just another supported target.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Fri Feb 06, 2015 12:17 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
thank you both for reply

So currently I have to
- edit the sh file (update the url - that's it?)
- save it on OSX computer and execute it as root

to have this computer audited.

In the future we will have the "Audit this computer" for OSX as well. Any idea when this is going to be?

Thank you again.

R
Top
 Profile  
Reply with quote  
Mark
PostPosted: Sun Feb 08, 2015 10:44 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
"Audit This PC" is available for OSX on the Open-AudIT Enterprise logon screen.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Mon Feb 09, 2015 10:54 am 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
1) So do I still need to run the script as root?

We did so but it ends with error. See below.

Code:
sudo /Users/Scott/Downloads/audit_osx.sh
Password:
System Info
Network Cards Info
Processor Info
Memory Info
Hard Disks
Software Info
Software Keys
Submitting results to server
/Users/Scott/Downloads/audit_osx.sh: line 842: dev/null: No such file or directory
Scotts-MacBook-Air:Downloads Scott$ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Open-AudIT System Input</title>
</head>
<body>
<form action="http://192.168.20.149/open-audit/index.php/system/add_system" method="post" accept-charset="UTF-8" enctype="multipart/form-data">
<fieldset>
<legend>Paste the XML</legend>

<p><textarea name="form_systemXML" cols="100" rows="15" id="form_systemXML" ></textarea></p>
</fieldset><br /><br />or<br /><br />
<fieldset>
<legend>Select a File</legend>

<input type="file" name="upload_file" value=""  /></fieldset><p><input type="submit" name="submit" value="Submit"  /></p>
</form></body>
</html>curl: (7) Couldn't connect to server


2) I modified the script so the xml file is not deleted. Can I import it into the system?

I downloaded the "audit_osx.sh" script from the login screen on the computer that was going to be audited. So the computer can access the Open-AudIT web server. When checking the url (url="http://192.168.20.149/open-audit/index.php/system") it seemed to me ok. So I did not change anything.

The firewall on osx is off.

3) Any idea how to make it work?

Thank you

R.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Mon Feb 09, 2015 12:08 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
looking at the code

Code:
if [ "$submit_online" = "y" ]; then
   echo "Submitting results to server"
   #curl --data="$xml_file" $url 2>/dev/null
   curl --data @"$xml_file" $url 1&2>dev/null
fi


1) I tried to run the first curl it was said that info was sent to the server but I cannot see it anywhere
2) I tried to delete everything after 1&2 - so the command was like "curl --data @"$xml_file" $url 1&2" It did not help
3) I can see that there probably missing "/" in the command curl --data @"$xml_file" $url 1&2>dev/null should be curl --data @"$xml_file" $url 1&2>/dev/null It's just my thought ...

Thank you
R
Top
 Profile  
Reply with quote  
Mark
PostPosted: Tue Feb 10, 2015 11:41 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Yep - bug found - thanks!
Fixed for 1.5.6 (our next release).
You should have an audit result in Open-AudIT anyway though.
The line should be:
Code:
curl --data @"$xml_file" $url 1&2>/dev/null

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Tue Feb 10, 2015 1:38 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
Mark wrote:
You should have an audit result in Open-AudIT anyway though.


but I don't have it there :-( any idea how to make it work?

Mark wrote:
The line should be:
Code:
curl --data @"$xml_file" $url 1&2>/dev/null


then I don't understand why this line did not work for me.

Code:
curl --data @"$xml_file" $url 1&2


Thank you
R
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Tue Feb 10, 2015 1:42 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
ok, I was able to import the xml file. But the issue that I am not able to do it by running the .sh script exists.

Thank you
R
Top
 Profile  
Reply with quote  
Mark
PostPosted: Tue Feb 10, 2015 3:08 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Is the "url" variable set in the top of the script?
Is there a proxy between the OSX machine and the Open-AudIT server?

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Tue Feb 10, 2015 3:27 pm 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
Mark wrote:
Is the "url" variable set in the top of the script?


This url was there - http://192.168.20.149/open-audit/index. ... add_system and I did not amended it.

I can access the page from my computer right now. Note that my comp is a host for the VM runnning Open-AudIT. The OSX comp was able to access Open-AudIT Enterprise login page and download the script without any issue.

Mark wrote:
Is there a proxy between the OSX machine and the Open-AudIT server?


No proxy present. Firewall is off.

R
Top
 Profile  
Reply with quote  
Mark
PostPosted: Wed Feb 11, 2015 12:52 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
try this and see if any extra messages appear on the console...
Code:
./audit_osx.sh submit_online=y create_file=n debugging=3

Please paste the output here.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
cimenta
PostPosted: Tue Feb 17, 2015 11:05 am 
Offline
Newbie

Joined: Wed Jan 28, 2015 10:24 am
Posts: 21
Different computer. The same result. I don't I will be able to do much more debugging on that ...

Code:
users-MacBook-Air:Downloads user$ ./audit_osx.sh submit_online=y create_file=n debugging=3
System Info
2015-02-17 11:50:05.619 system_profiler[77125:2266517] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.621 system_profiler[77125:2266517] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.957 system_profiler[77140:2266563] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.959 system_profiler[77140:2266563] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.256 system_profiler[77146:2266584] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.257 system_profiler[77146:2266584] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.551 system_profiler[77153:2266605] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.553 system_profiler[77153:2266605] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.851 system_profiler[77159:2266627] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.852 system_profiler[77159:2266627] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
Network Cards Info
Processor Info
2015-02-17 11:50:14.086 system_profiler[77396:2267153] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.088 system_profiler[77396:2267153] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.386 system_profiler[77408:2267179] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.388 system_profiler[77408:2267179] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
Memory Info
Hard Disks
Software Info
Software Keys
Submitting results to server
users-MacBook-Air:Downloads user$ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Open-AudIT System Input</title>
</head>
<body>
<form action="http://192.168.20.149/open-audit/index.php/system/add_system" method="post" accept-charset="UTF-8" enctype="multipart/form-data">
<fieldset>
<legend>Paste the XML</legend>

<p><textarea name="form_systemXML" cols="100" rows="15" id="form_systemXML" ></textarea></p>
</fieldset><br /><br />or<br /><br />
<fieldset>
<legend>Select a File</legend>

<input type="file" name="upload_file" value=""  /></fieldset><p><input type="submit" name="submit" value="Submit"  /></p>
</form></body>
</html>curl: (7) Couldn't connect to server
Top
 Profile  
Reply with quote  
Mark
PostPosted: Wed Feb 18, 2015 9:58 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
The obvious clue is in the final line - "curl: (7) Couldn't connect to server".
I am unsure why this would be as it obviously CAN connect as it's receiving the HTML.

Bueller, Bueller, anyone, anyone???

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 1 of 2
  [ 18 posts ]  Go to page 1, 2  Next

Board index » Open-AudIT » Discussion

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group