Open-AudIT

What's on your network?
It is currently Fri Apr 20, 2018 1:33 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Jul 27, 2006 3:36 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
basicly what the topic is, how does the data get transported back to the sql dbase? i remember from reading old winventory post that you guys were moving twards http post to a php page that would then insert the data. is this how openaudit is working? oh yeah, im a first time poster long time project watcher :D


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 3:43 am 
That was the initial method used by open audit. Now there is an option of sending it directly to the submit page without IE. So, no information goes directly to the MySQL server, but goes through the webpage instead.


Top
  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 3:53 am 
Offline
Newbie

Joined: Thu Mar 09, 2006 4:17 am
Posts: 18
Location: Harleysville, PA, USA
I heard this was being worked on within the last day or two, is it completed? How can it be used?

_________________
"The first rule in government spending: 'Why build one when you can have two at twice the price?'" - From the movie 'Contact'.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 3:54 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
i see..
i was thinking about setting up a schedule that would run the scripts every few days, (maybe once a week what ever) and the data would transport via the web over https
can this be done? i havent even set up the new release yet for testing, just feeling things out 8)


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 4:05 am 
It can be done, don't know about https, but if you search the forums there is info about https.

Exdaix, if you get the latest source from the svn trunk, there's a scan option, which I think previously was "ie" and now is online = "yesxml". There is also the option for the non-ie submit page (which will point to admin_pc_add_2.php).


Top
  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 4:09 am 
Offline
Newbie

Joined: Thu Mar 09, 2006 4:17 am
Posts: 18
Location: Harleysville, PA, USA
Mine says online = iexml, is taht the same?

_________________
"The first rule in government spending: 'Why build one when you can have two at twice the price?'" - From the movie 'Contact'.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 4:34 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
mikeyrb wrote:
It can be done, don't know about https, but if you search the forums there is info about https.

Exdaix, if you get the latest source from the svn trunk, there's a scan option, which I think previously was "ie" and now is online = "yesxml". There is also the option for the non-ie submit page (which will point to admin_pc_add_2.php).


i wouldnt want send clear text info about my internal workstations over the web.. i know im paranoid, but i do alot of pentesting and security auditing to know thats not a good idea. even on a switched lan, having such information broadcasted unencrypted is a bad idea..


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 4:47 am 
Offline
Newbie

Joined: Thu Mar 09, 2006 4:17 am
Posts: 18
Location: Harleysville, PA, USA
Well in my case I have about 50 computer illiterate users and we are all behind a firewall to the outside. So I don't think we'll have too many script kiddies trying to steal my hardware information as it is transmitted.

And mikeyrb, I played with my settings a bit, and it seems the default of iexml does not work, but if I change it to yesxml, it gets submitted. Someone may want to change that default setting...

_________________
"The first rule in government spending: 'Why build one when you can have two at twice the price?'" - From the movie 'Contact'.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 5:22 am 
Exdaix, grab the latest code from SVN. That was fixed today.


Top
  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 7:47 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
Exdaix wrote:
Well in my case I have about 50 computer illiterate users and we are all behind a firewall to the outside. So I don't think we'll have too many script kiddies trying to steal my hardware information as it is transmitted.

And mikeyrb, I played with my settings a bit, and it seems the default of iexml does not work, but if I change it to yesxml, it gets submitted. Someone may want to change that default setting...


patch info and software versions leeked out, no bueno. :? i'll see what i can arrange as far as ssl.. but im no php ninja so i doubt this will go well


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 7:50 am 
Quote:
patch info and software versions leeked out, no bueno.
Hmm? All the code is on a subversion repository...


Top
  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 7:57 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
mikeyrb wrote:
Quote:
patch info and software versions leeked out, no bueno.
Hmm? All the code is on a subversion repository...


for ssl transport?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 8:01 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
Quote:
i wouldnt want send clear text info about my internal workstations over the web..


Is your Open-Audit server really web facing?
Is the server managed by you?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 8:14 am 
Offline
Newbie

Joined: Thu Jul 27, 2006 3:33 am
Posts: 8
Location: Houston, TX
d.l.dave wrote:
Quote:
i wouldnt want send clear text info about my internal workstations over the web..


Is your Open-Audit server really web facing?
Is the server managed by you?


i dont have anything setup at the moment. i have a few remote sites, no vpn tunnel between them. its kind of a mess.. with ssl transport i would beable to use openaudit. with out, im afriad not, with out setting some kind of vpn tunnels up, witch at the moment is out of the question :(


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jul 27, 2006 8:38 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
I would have thought that you could get the ie submit method to work over ssl without any code changes.

The yesxml method may or may not work. But you can increase your chances by making sure the server certificate is signed by a known certificate authority.

Remember that this will only stop people from snooping the data that gets sent to the Open-Audit server by your clients. It won't stop people from accessing the Open-Audit site from anywhere else unless you take other precautions.

It also won't stop anyone from connecting to the Open-Audit page and submiting whatever random data they feel like.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group