Release Notes for Open-AudIT v3.2.0

Released 2019-09-06

Linux SHA256: bbb32cbcd517471b86518fa580d367c0f246190220d2800aa7ec0f6678a12973

Linux md5sum: e36410b059eb9e6fb9009ed2b9ad367d

NOTE - Re-released on 2019-09-06 to fix a task bug.


Open-AudIT 3.2.0 see's a major new feature incorporated - Rules. Rules allow you to manage properties for discovered devices. Think of it as "If This, Then That" for Open-AudIT. More details can be found on the Rules page and a new Blog Post. The affected files (in case you have made any customisations) are mostly within the SNMP helpers. A full list is at the bottom of the page, but the main files are:

Linux - /usr/local/open-audit/code_igniter/application/helpers/snmp_*_helper.php

Windows - c:\xampp\open-audit\code_igniter\application\helpers\snmp_*_helper.php


NOTE - Minor API change. We have replaced the attribute=inText setting to now use attribute=in(Text) in URLs and API requests. If you are using attribute=inText, you will need to refactor your calls. Apologies for any inconvenience caused. This was to better service requests like system.manufacturer=intel without having to code exceptions for every permutation we come across.

Old - http://server/open-audit/index.php/devices?system.status=inproduction,testing

New - http://server/open-audit/index.php/devices?system.status=in(production,testing)



VersionTypeCollectionDescription
Open-AudIT CommunityBugdiscoveriesSecurity issue reported and rectified. See Errata - 3.1.2 Security issue, September 2019 CVE-2019-16293
Open-AudIT CommunityNew FeaturerulesRules
Open-AudIT CommunityChangeAPIReplace attribute=inText with attribute=in(Text)
Open-AudIT CommunityImprovementscriptsEnable running audit_windows.vbs without Admin rights. Admin required for policy reading.
Open-AudIT CommunityImprovementdiscoveries

If we're running under Windows AND the default Apache service user AND have a failed 'net use' in the discovery log, show a warning.

Open-AudIT CommunityImprovementdiscoveriesProvide warning when Windows Apache running as Local System and we have failed audit script copies in the discovery log.
Open-AudIT CommunityBugcredentialsWhen retrieving credentials for a device::read, if they no longer exist, do not try to merge them into the response.
Open-AudIT CommunityBugscriptsRemove unnecessary wscript.quit in policy auditing (left from debugging).
Open-AudIT CommunityImprovementinputRevise 'in' operator to require opening and closing round braces in URL.
Open-AudIT CommunityImprovementqueriesFix parsing queries to use case-insensitive where (as opposed to case sensitive WHERE) when executing.
Open-AudIT CommunityImprovementdiscoveries

Allow the user to supply an ID when creating Discoveries. This enables the Server and Collector to use the same discovery ID so logs will align.

Open-AudIT CommunityImprovementcredentials, locations, orgsAs per discoveries, allow ID for Orgs, Locations and Credentials so they're in sync between Server and Collector.
Open-AudIT CommunityImprovementdiscoveries

Remove $device->id from log messages. We have $device-IP and we use that. Removing the ID (still stored in discovery_log.system_id) removes confusion when reading Collector vs Server discovery logs.

Open-AudIT CommunityImprovementlocations, orgsAdd reset function to Orgs and Locations controllers.
Open-AudIT CommunityImprovementdiscoveries

Set the local IP for a log entry (when status = complete). Only log discovery retrieved if we are given an IP (end of discover subnet script causes this.

Open-AudIT CommunityImprovementinput, logsAllow input/logs from localhost AND any IP of a Collector.
Open-AudIT CommunityImprovementusers, orgsDon't log in m_users::get_org as this is called repeatedly.
Open-AudIT CommunityImprovementscriptsEliminate loop disks (mounted by Snaps) from linux audit.
Open-AudIT CommunityImprovementrulesSet the PHP memory limit to 1024 the input controller. Discovery now regularly uses > 500MB because of the Rules matching.
Open-AudIT CommunityImprovementdiscoveriesAdd another match test, for dns_hostname.
Open-AudIT CommunityImprovementscriptsRemove the DirectX software entry as the registry cannot provide the correct version above 11.
Open-AudIT CommunityImprovementdiscoveriesShow the name as it is always present, rather than the hostname, in the log.
Open-AudIT CommunityImprovementdiscoveriesAdd the peak memory use to the last log line in discoveries.
Open-AudIT CommunityImprovementusersDisable the NMIS user (null password) by default.
Open-AudIT CommunityBugdiscoveriesFix non-updating status for discovery on single device discovery.
Open-AudIT CommunityBugusersFix bug in m_logon when testing for multiple LDAP servers. Allow for user.name@domain.com and parse to user.name when searching for a user or logging on using headers. Full user.name@domain.com is sent from Enterprise.
Open-AudIT CommunityImprovementscripts

Only show 'Audit My PC' on the logon screen if default network address is set and not to localhost.

Open-AudIT CommunityBugdiscoveriesValidate network address when discovery submitted and also when generating the command to be run.
Open-AudIT CommunityImprovementdiscoveriesSet discovery status, duration, etc on logs received for more accurate display in GUI.
Open-AudIT CommunityBugdiscoveriesDo not attempt to SCP audit file from target if not in returned array of audit script output.
Open-AudIT CommunityImprovementdatabaseSchema changes to ensure defaults for all coluins that are not TEXT type.
Open-AudIT CommunityImprovementdatabaseNew function to derive SQL schema columns. Replaces functions in m_collection and include_dictionary. Use new function in collections helper for columns.
Open-AudIT CommunityImprovementdatabase, groupsRemove GROUP BY name on groups collection for Strict MySQL compliance.
Open-AudIT CommunityImprovementgroupsEnable 'expose' in groups create form.
Open-AudIT EnterpriseImprovementcollectorsForward all discovery logs from Collector to Server.
Open-AudIT EnterpriseImprovementcloudsAbility to inventory and audit Google Compute cloud servers.
Open-AudIT ProfessionalImprovementnetworksAdd Cloud Network as a type of network.
Open-AudIT EnterpriseImprovementcollectorsStore the Collectors OS.
Open-AudIT EnterpriseImprovementfiles

Address issue when declaring a Unix style filepath containing a *. This breaks the Windows audit. If a path now starts with a /, exclude it from the Windows audit script.

Open-AudIT EnterpriseImprovementcollectors

Set default collector interval to 5 minutes.

Open-AudIT ProfessionalImprovementdiscoveriesRevise warning message for Centos/Redhat 6 for discovery create form.
Open-AudIT ProfessionalImprovementlogsNew "summary" logs page. Group all logs for an individual request. From Professional / Enterprise, there will still be multiple as a single web browser request can generate several calls to the Community API.
Open-AudIT ProfessionalImprovementAPI

Only load dictionary in include_read when format is screen. When reading a discovery, load org, assigned org and assigned location in the includes array.

Open-AudIT ProfessionalImprovementcredentialsRemove menu entry for Default Credentials (we no longer ship SNMP public).
Open-AudIT ProfessionalBugdevicesSort device types ignoring case in drop down on devices::read template.
Open-AudIT ProfessionalImprovementdiscoveriesRevise the status naming on discoveries::collection and discoveries::read.
Open-AudIT EnterpriseBugdashboardsAllow all dashboards on Cloud.
Open-AudIT EnterpriseImprovementdiscoveries

Do not flag SNMP status as true when cloud auditing.

Open-AudIT ProfessionalImprovementnetworksAdd the new network type and sort alpha on networks::read template.
Open-AudIT ProfessionalImprovementnetworksAdd a Refine button on networks::collection template (Show all /24 networks, for example).
Open-AudIT EnterpriseBugdiscoveriesEnable edit discovery options in Cloud.
Open-AudIT ProfessionalImprovementdiscoveriesShow warning for Discovery Apache Service user under Windows.
Open-AudIT EnterpriseBugtasksShow Collector on tasks:read when type == discoveries.
Open-AudIT EnterpriseImprovementcollectorsAdd OS to the collector details when registering.
Open-AudIT ProfessionalImprovementtasksFor the tasks::create and tasks::read templates, only allow intervals of 5 minutes.
Open-AudIT ProfessionalBugtasksspecify the correct type on tasks::create template form (tasks, not scripts).
Open-AudIT EnterpriseImprovementdiscoveriesDiscovery Execute button on Server should create a task for Collector.
Open-AudIT ProfessionalImprovementGUIAll ? buttons should go to Documentation, not the Feature page.
Open-AudIT ProfessionalImprovementcredentials, discoveriesAdd wizard buttons on Discovery and Cloud pages.
Open-AudIT EnterpriseImprovementcollectorsSync Orgs and Locations to Collector.
Open-AudIT ProfessionalImprovementGUIAdd Get Support to Help menu.
Open-AudIT ProfessionalTaskinstaller

New package requirement for Ubuntu/Debian only - php-curl. Centos/RedHat ship with this, as does our Xampp install for Windows.

Open-AudIT EnterpriseImprovementcollectorsAllow credentials and discoveries when in Collector mode.
Open-AudIT EnterpriseImprovementcollectors, discoveriesDelete the discovery logs on the server when a Collector discovery runs.
Open-AudIT ProfessionalBuginstallerParse database.php config correctly so we can back it up in the installer.
Open-AudIT ProfessionalImprovementdiscoveriesOn discoveries::read template, insert a BR where we have a new line int he logs.
Open-AudIT EnterpriseBugdiscoveries

If we are Cloud or have Collectors, disable Run Discovery on Bulk Edit template. If we run Discovery from Bulk Edit, redirect upon completion to Dashboard with success or fail flash. Allow for new id=in() format in URL.

Open-AudIT ProfessionalImprovementdevices

Remove the sortable attribute from Bulk Edit (in table header) on devices::collection template.

Open-AudIT ProfessionalImprovementGUIOnly populate debug panel if $response is set.
Open-AudIT EnterpriseImprovementGUIDo not allow 'discover this device' when running Cloud.
Open-AudIT EnterpriseImprovementlogsRevised log severity from error to debug on collector request with no discoveries returned.
Open-AudIT ProfessionalBugLDAPFix logging on to Professional / Enterprise using LDAP, verified by Community using full user.name@domain.com format.
Open-AudIT ProfessionalImprovementnetworksUse ip_padded for table display to enable sort on networks::read template.
Open-AudIT EnterpriseImprovementcollectorsPopulate the Collectors discovery response with the config match items from the local (Server) install.
Open-AudIT ProfessionalImprovementGUIOn all individual item pages make the tab title $collection - $name.
Open-AudIT EnterpriseBugcollectors, networksCollector Register should not create multiple entries in /networks (each time one is registered from the same subnet).
Open-AudIT EnterpriseBugcollectorsChange Collector status to approved once a collector requests is received.
Open-AudIT ProfessionalImprovementdiscoveries

Links on Discoveries::Read::Summary now directly show devices audited or not audited, rather than link to the devices::collection template, hence show what the user expects to see.

Open-AudIT ProfessionalNew FeatureGUI

Export & Import.

On each details page (for all collections except devices, so Credentials, Locations, Rules, etc), there is now an "Export" button. This will provide a JSON object of the item in question, minus it's ID and edited_date, edited_by fields.

On each list page (again, except devices) there is a new button called "Import". The JSON from the aforementioned Export can be copied here and a new item created.

This ties in nicely to let users share queries, rules or anything else they would like to.

NOTE - It does include credentials. If you want to remove those from being included, set the configuration item "decrypt_credentials" to 'n'.





snmp_850_helper.php

snmp_838_helper.php

snmp_81_helper.php

snmp_818_helper.php

snmp_8072_helper.php

snmp_800_helper.php

snmp_7571_helper.php

snmp_7309_helper.php

snmp_7262_helper.php

snmp_705_helper.php

snmp_6889_helper.php

snmp_683_helper.php

snmp_6527_helper.php

snmp_6486_helper.php

snmp_641_helper.php

snmp_637_helper.php

snmp_6027_helper.php

snmp_5776_helper.php

snmp_5624_helper.php

snmp_5596_helper.php

snmp_5567_helper.php

snmp_52_helper.php

snmp_5227_helper.php

snmp_4900_helper.php

snmp_47196_helper.php

snmp_46242_helper.php

snmp_429_helper.php

snmp_3873_helper.php

snmp_3833_helper.php

snmp_36_helper.php

snmp_3607_helper.php

snmp_3417_helper.php

snmp_3375_helper.php

snmp_3347_helper.php

snmp_31926_helper.php

snmp_3097_helper.php

snmp_30065_helper.php

snmp_3003_helper.php

snmp_2_helper.php

snmp_29999_helper.php

snmp_297_helper.php

snmp_2971_helper.php

snmp_278_helper.php

snmp_253_helper.php

snmp_248_helper.php

snmp_2435_helper.php

snmp_2352_helper.php

snmp_2334_helper.php

snmp_232_helper.php

snmp_2281_helper.php

snmp_2272_helper.php

snmp_22610_helper.php

snmp_21671_helper.php

snmp_20916_helper.php

snmp_1981_helper.php

snmp_19746_helper.php

snmp_1916_helper.php

snmp_1896_helper.php

snmp_18334_helper.php

snmp_17453_helper.php

snmp_1723_helper.php

snmp_171_helper.php

snmp_1713_helper.php

snmp_1588_helper.php

snmp_12532_helper.php

snmp_1230_helper.php

snmp_12140_helper.php

snmp_1139_helper.php

snmp_10418_helper.php