Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 8:45 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 
Author Message
PostPosted: Sun Aug 06, 2006 1:21 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Hello,

a scan of localhost takes 180 Seconds. 1000 Computers would take 50 hours.
Is there any way to scan some host (10 or 20) simultaneuosly?

Actually, I scan from one host my whole network. Is it better to run the audit by loginscript? My user have not admin-previliges.

Kind regards

matze


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Aug 06, 2006 2:07 am 
If you look in the audit.config file, you'll see a line that looks like this:

number_of_audits = 20

That number controls how many audits are run simultaneously. So, by default, it will audit 20 machines at a time. If you're on a domain, it will pull down the list of computers and start scanning them, so it won't take 50 hours!


Top
  
Reply with quote  
 Post subject:
PostPosted: Sun Aug 06, 2006 10:23 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Is it possible to scan a network based on a tcp-scan instead of ldap?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 3:19 am 
Currently, no. It wouldn't be incredibly hard to do, but what is your reason for needing a tcp-scan instead? I want to know how your network is setup to see what the best solution is.


Top
  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 3:54 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Hallo mikeyrb,

thanks for your help.

We run a NT4-Style Samba controlled Domain with OpenLDAP as backend on 10 Locations (connected via 2mbit vpn).

Actually, we run our inventory software based on a portscan at each locations-subnet 2 times a week.

But after studying the code and config-files, I think that we can scan our network with the hosts from ldap. Could you give me more informations about configuring scanning by ldap?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 4:00 am 
You will need to modify these lines in audit.config:

audit_local_domain = "y"

local_domain = "LDAP://"

Make sure audit_local_domain is "y" and then add your domain to local_domain, so if your domain was MYDOMAIN.COM, then that line would read:

local_domain = "LDAP://MYDOMAIN.COM"


Top
  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 4:25 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Hello,

this is my config.

audit_local_domain = "y"
local_domain = "ldap://servername/ou=computers,o=company,c=com"

But running "cscript audit.vbs" only audits the local pc. "cscript audit.vbs computername" works fine.

matzek


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 5:37 am 
Ah yeah, I forgot to mention that! Change strComputer to equal ""


Top
  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 6:37 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
C:\Programme\OpenAudit\audit.vbs(151, 3) Provider: Tabelle ist nicht vorhanden.

I'm not using AD. It's pure LDAP.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 8:18 am 
Yeah, the script was written for AD. We'll have to look into LDAP, but if you find out anything, let us know.


Top
  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 5:41 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
My first solution is to generate the pc_list_file.txt by ldapsearch from OpenLDAP and some Gnu-Tools:

C:\Programme\OpenLDAP\ldapsearch.exe -H "LDAP://server" -b "ou=computers,o=company,c=com" cn | grep cn: | cut -d ":" -f 2 | sed s/\$/,,/ | tr -d "\ " > C:\Programme\OpenAudit\pc_list_file.txt


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 6:50 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Is it possible to implement puren LDAP in the release?

This Code works fine:

Set ou = GetObject("LDAP://server.de/ou=computers,o=company,c=com")
For Each obj In ou

strComputer = Replace(obj.cn,"$","")
WScript.Echo strComputer

Next

All Machine-Accounts In Samba 3 have the "$"-Suffix, this must be replaced.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 7:18 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="matze"]Is it possible to implement puren LDAP in the release?

This Code works fine:

Set ou = GetObject("LDAP://server.de/ou=computers,o=company,c=com")
For Each obj In ou

strComputer = Replace(obj.cn,"$","")
WScript.Echo strComputer

Next

All Machine-Accounts In Samba 3 have the "$"-Suffix, this must be replaced.


I assume you mean universal LDAP approach, on that will work with both AD and SAMBA (and in theory Novell or any other LDAP).

Last edited by A_Hull on Mon Aug 07, 2006 7:56 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 7:23 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
> you mean universal LDAP approach, on that will work with both AD and SAMBA (and in theory Novell or any other LDAP).

Yep, is this possible?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Aug 07, 2006 7:55 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="matze"]> you mean universal LDAP approach, on that will work with both AD and SAMBA (and in theory Novell or any other LDAP).

Yep, is this possible?


I would think so, but I will look in to it. Why not add it to the feature requests.

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group