Table of Contents |
---|
*(Under Review for V2)
Introduction
Being able to determine which machines are configured in the same way is a major part of systems administration and auditing – and now reporting on that will be made simple and automated. Once you define your baseline it will automatically run against a set of devices on a predetermined schedule. The output of these executed baselines will be available for web viewing, importing into a third party system or even as a printed report.
...
A baseline can be created using the web interface if a user has a role that contains the baselines::create permission. Go to menu: Manage -> Baselines -> Create Baselines. There is also a create button on the collection page.
You must enter a (preferably unique) name and then the "Add policy from device" button will be enabled.
Click this button and a modal will appear.
Type in a hostname and click Search to populate the dropdown to enable you to choose a device to extract policies from.
Choose a device from the drop down, a table from the dropdown and a comparison operator.
The comparison operator only really works for software at this stage. Both netstat ports and users work on the principle of it exists so it must match.
Software though compares the package name and version. If you would like the policy to test for SSH "at least" version 1.2.3, click the "Equals or Greater Than" comparison operator. Checking if a name and version match exactly, click the "Equals" operator.
Once you click Submit, the baseline will be created and the policies will be added. You will then be sent to the Edit Baseline screen where you can add further policies from a device if required.
Executing a Baseline Definition
Once you have created your baseline and added some policies, you can execute it against a group of devices. When executing a baseline, bear in mind that baselines will only really provide useful information when the policies are matched to the specific operating system the baseline is executed against. IE - Don't create a baseline and add policies form a Windows Server and expect a group of devices containing Debian computers to match anything!
From the Baseline list page, click on the Execute button. The next screen will enable you to choose a group of devices to execute the baseline on.
Once a baseline has been executed you will be directed to the baseline results page. This page lists all the results from any given baseline.
Clicking the Results button will show you the results from this particular baseline result.
...
The policy detailed result is below.
...
...
Database Schema
The database schema can be found in the application is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the details button for the table.
API / Web Access
You can access the
...
collection using the normal Open-AudIT JSON based API. Just like any other collection. Please
...
Access is provided as part of a roles permissions. Summaries is a standard resource and can have create, read, update and delete permissions.
The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
---|---|---|---|---|---|---|---|
POST | n | create | summaries::create | /summaries | Insert a new summaries entry. | ||
GET | y | read | summaries::read | /summaries/{id} | Returns a summaries details. | ||
PATCH | y | update | summaries::update | /summaries/{id} | Update an attribute of a summaries entry. | ||
DELETE | y | delete | summaries::delete | /summaries/{id} | Delete a summaries entry. | ||
GET | n | collection | summaries::read | /summaries | Returns a list of summaries. | ||
POST | n | import | import | summaries::create | /summaries/import | Import multiple connections using a CSV. | |
GET | y | execute | execute | summaries::read | /summaries/2/execute | Execute (run) a summary and show the result. |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
---|---|---|---|---|---|---|
GET | n | create | create_form | summaries::create | /summaries/create | Displays a standard web form for submission to POST /summaries. |
GET | y | update | update_form | summaries::update | /summaries/{id}/update | Show the summaries details with the option to update attributes using PATCH to /summaries/{id} |
GET | n | import | import_form | summaries::create | /summaries/import | Displays a standard web form for submission to POST /summaries/import. |
...
see The Open-AudIT API documentation for further details.