...
To do this, go to the Open-AudIT logon page at httpat http://YOUR-SERVER/omk/open-audit (but do not log in) using Internet Explorer your browser on a Windows PC. You should see a page as below. Click the "Audit My PC" button and run the script. You should see your computer being audited and the data should be posted to the Open-AudIT server.
...
First, ensure you have added the credentials for this device in menu -> Discover -> Credentials -> Create Credentials.
Then go to Menu -> Discover -> Discoveries -> Create Discoveries. You will see the below form.
If you have set the "Local Network Address" in the config (Menu -> Admin > Admin -> Community -> Discovery Configuration) the Network Address will be pre-populated. This should be the URL of your Open-Audit server. You can use HTTPS if preferred (and you have installed a SSL certificate).
...
Click the "Submit" button and you will be directed to the Discovery list page. Click the Execute button and the Discovery will start and you will be directed to the Discovery details page.
Auditing using a script (Windows)
Assuming you have an XAMPPLite XAMPP install of Open-AudIT on a Microsoft Windows machine.
Copy the file c:\xampplitexampp\open-audit\other\audit_windows.vbs to a suitable location. Do not remove this file from it's original location as it is needed by the web interface.
You can also download the scripts using the GUI by going to menu → Discover → Scripts → List Scripts, and choosing the download button on the right side.
Open your copy of audit_windows.vbs in a text editor. Check the following variables are set as below:
...
We have unix based (bash. ksh, etc) scripts for Linux, AIX, OSX, Solaris computers.
You can download the scripts using the GUI by going to menu → Discover → Scripts → List Scripts, and choosing the download button on the right side.
To use the Unix audit script located at /usr/local/open-audit/other/audit_linux.sh:
...
The script has variables that can be set the same as the variables in audit_windows.vbs. You could (for example) dynamically set the $url variable when you run the script by:
Code Block |
---|
chmod 777 audit_linux.sh sudo ./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices submit_online=y create_file=n |
The variables that are accepted on the command line are:
...
create_file - Defaults to "y". If set to "y", an XML file will be created and saved as per the audit_windows.vbs script. This file can be manually copied and submitted to the server at a later stage if desired.
Sample output on the console when the script has been run.
Code Block |
---|
mark@dev:/usr/local/open-audit/other$ sudo ./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices submit_online=y create_file=n [sudo] password for mark: Starting audit ---------------------------- Open-AudIT Linux audit script Version: 4.3.0 ---------------------------- My PID is 13869 Audit Start Time 2021-11-26 13:22:33 Create File y Submit Online n Debugging Level 2 Discovery ID Org Id Script Name audit_linux.sh URL http://your_server/open-audit/index.php/input/devices File /usr/local/open-audit/other/dev-20211126132233.xml ---------------------------- System Info USB Info Policy Info BIOS Info Processor Info Memory Info Motherboard Info Optical Drives Info Video Cards Info Sound Cards Info Shares Info Network Cards Info Hard Disk Info Guest (Docker, Proxmox, LXC) Info Docker Info Log Info Environment Variable Info Swap Info User Info Group Info Software Info Service Info systemd services upstart services init.d services Server Info apache mysql mongo Server Items mysql using /etc/mysql/my.cnf mariadb using /etc/mysql/mariadb.conf.d apache using apachectl for VirtualHosts mongod using /etc/mongod.conf Certificate Info Route Info Netstat Info Custom Files Info Audit Generated in '17' seconds. Submitting results to server using cURL URL: http://your_server/open-audit/index.php/input/devices Audit Completed in '47' seconds. |
Options
...
All variables can be passed via the command line at run time. You don't need to create one audit script for each different (say) set of remote user credentials. A couple of examples -
...
Copy the audit script to a USB drive, go to the remote computer and insert the USB drive. Open a command prompt and navigate to where you copied the script. Run the script and output to an XML file using the command
cscript audit_windows strcomputer=.vbs submit_online=n create_file=y
...