Table of Contents |
---|
Introduction
As at version 1.12.8, Open-AudIT can now retrieve details about a file or directory of files and monitor these files for changes as per other attributes in the Open-AudIT database.
...
File details will appear under the "Settings" menu item for a device. They are displayed as below. This is from a Linux machine using our /etc/init.d/ entry from earlier.
The database
Database Schema
Code Block | ||||
---|---|---|---|---|
| ||||
Create Table: CREATE TABLE `files` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(200) NOT NULL DEFAULT '',
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`path` text NOT NULL,
`description` text NOT NULL,
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
Example Database Entry
Files are stored in the database in the "files" table. A typical entry will look as below (for a single file).
id: 48
...
Code Block | ||||
---|---|---|---|---|
| ||||
id: 48 system_id: 8 |
...
current: y |
...
first_seen: 2016-08-04 00:56:35 |
...
last_seen: 2016-08-04 00:56:35 |
...
files_id: NULL |
...
name: single |
...
full_name: /etc/init.d/single |
...
size: 590 |
...
directory: /etc/init.d |
...
hash: 27579d05edbd1b71307d2059a6c3370a00823c54 |
...
last_changed: 2014-03-13 11:33:14 |
...
meta_last_changed: 2014-08-22 17:42:38 |
...
permission: 755 |
...
owner: root |
...
group: root |
...
type:
version:
...
type: version: inode: 5374232 |
Enabling the Feature Under Windows
...
Navigate to the Service list.
Double click the apache 2.2 service.
Click the tab for logon and then click the "this account" option. You might want to click the Browse button and search for the account. Click OK and then restart the service.
Apache will now be running under an account with network access and Open-AudIT will now be able to copy the audit script to the target Windows machine and run it, hence retrieving file details.
...