UNFINISHED PRE-RELEASE ONLY
Released 2023-10-
md5sum:
sha256sum:
Linux only release.
The New Stuff
Version 5 of Open-AudIT. Wow, what a ride. Underneath the skin, it is huge. We have upgraded the underlying framework and brought the code itself up to current best practices. As a result, we now install on current Redhat, Debian, and Ubuntu and we need a minimum of PHP 7.4. Hence, the following are the officially supported distributions: Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. We also deprecated the omkd daemon and associated Perl framework (for Open-AudIT, not the other FirstWave applications). So now there is a single interface and a single website for Open-AudIT. Obviously, this makes for less code. Which means fewer errors. And less work. All in all, I'm very happy with the result.
But that's all underneath - you don't care about that! You just want the new features. Well, to be honest, there aren't a lot. We have upgraded the front end to use Bootstrap 5. Community users will notice that the most. We have also moved on from the Tango icons set. Now in use is the Newaita Reborn set. Tango has been awesome, but after almost 20 years, it's time for a change!
If you download the package from FirstWave, you'll get the Enterprise functionality which includes the javascript library for charting. If you download, build, and install from Github you won't get the Enterprise functionality, nor the javascript charting library. Those pieces are not open source. Them's the breaks - a guy's gotta eat!
OK, the nitty gritty.
Important Caveats
We now only support Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. Upgraders please read all the documentation below.
For version 5.0.0, we do not have Okta or Crowd authentication in place. Even if you are using Okta or Crowd for authentication, you still have your users in Open-AudIT for authorisation. Just assign them a password in Open-AudIT and you can continue to use 5.0.0 until such time as Okta and/or Crowd are implemented.
SAN audit processing has not been implemented yet.
Upgraders
Upgrading from as far back as 2.3.3 (the last version 2.x release) is supported. Please make sure you read all the Open-AudIT Release Notes including this one, before you begin.
If you are upgrading from a version before 3.3.1, you will have to recreate any baselines you have, as well as any roles. The simplest way to recreate the Roles is to go to menu → Manage → Roles → List Roles. Then click the Default Items button. Then click the Reset button.
If you are upgrading (IE, you're running Ubuntu 20.04) when you first log in the header states that it is Open-AudIT Community and you do have a license, DON'T PANIC. It just needs a new request to consult the license file and all will be well. Just upgrade the database and continue on. You should see the header change with the next request.
If you're moving from an old to a new server, see Migrating Licenses below.
We require a minimum of version 7.4 for PHP. This is fine for the supported distributions as listed above, however, if you have installed a custom PHP it's on you to upgrade it.
This is a large upgrade. New installs will "just work", but upgraders should take the time and install it into a testing environment before migrating production instances.
Changes
system Becomes devices
The largest change - the 'system' table that holds all your device data (IP, name, manufacturer, model, et al) is now called the 'devices' table. Much more intuitive and something I've been meaning to do for years. For those upgrading - your queries, summaries, and widgets (et al) will be upgraded as best we can. I would suggest checking any self-created items to ensure they work as intended. Also for upgraders, we have implemented a 'view' in the database named 'system' which should function as the system table did before and enable a (relatively) painless transition. That view will not exist for new installs.
And related to that, all collections that have default items (think groups, queries, roles, et al) now have the ability to "Reset to Default". Using that function will remove any existing items in the collection and import the new items as per v5.0.0.
Changed Collections
We have removed a few items that were surplus to needs and to be frank, creating unnecessary complexity. Buildings, Floors, Rooms, and Rows are all gone. Those attributes were used only by the Racks collection and the attributes are now stored directly in the Racks table. When you create a new rack you can select an existing building, floor, room, and row or create a new one. Your existing data will populate the racks table as you would expect.
The data for Baselines Results is now stored in the database, just like a regular collection.
Removed URLs
All web requests now go to /open-audit/index.php/$collection. Previously we had that URL for Community and /omk/open-audit/$collection for Enterprise. The latter has now been removed. You will need to update any of your own links.
As a result, we have updated the The Open-AudIT API page.
The included Response Section
The format of the JSON response for included has changed. Previously it was a single array of objects, each of which could be any type. Now we have included being an object, with each attribute being an array. Each included attribute is the $collection. So now we have included->orgs[{},{}]. This saves time enumerating the entire included array when you need a specific type of item. They're now all neatly grouped together. An example is at the bottom of this page.
We have removed the /devices?sub_resource=$component URL and replaced it with /components?components.type=$component. If you're calling this URL, you should supply a type, i.e. - /components?components.type=bios. The components collection covers the following database tables: bios, certificate, disk, dns, file, ip, log, memory, module, monitor, motherboard, netstat, network, nmap, optical, pagefile, partition, policy, print_queue, processor, radio, route, san, scsi, server, server_item, service, share, software, software_key, sound, task, usb, user, user_group, variable, video, vm, windows.
A couple of examples:
- To retrieve all Bios entries in the database - /open-audit/index.php/components?components.type=bios
- To retrieve all Software from a given machine (ID 2) - /open-audit/index.php/components?components.type=software&devices.id=2
Other Items
The DiscoveriesCollection template has been improved to make it render much faster. Previously if you had many discovery logs, generating the list of Discovery Issues could take a long time and even timeout on occasion. We have revised the logging so we can much more easily select any Discovery Issues and in addition have limited the number selected to 100.
Any existing licenses for Professional, Enterprise, and Collectors are automatically imported.
The GUI has nice new shiny buttons. There is now an option (per user) to display the buttons with an icon and text, just an icon or just text. The icons are colored consistently. Blue for read-only, Green for read/write of data, and Red for removing data. Oh, and there are a couple of yellow/orange icons for warnings. This makes sense to me.
As well, there is now a per-user option to use a 'compact' GUI. This makes the table rows (and associated buttons) smaller so more information fits on the screen at once. An example screenshot is below.
There is no more worrying about SSL/HTTPS. As it is now just a regular site on Apache and not essentially two separate sites that need to talk to each other, HTTPS "just works".
We now use the PHP Composer dependency package. If you download from GitHub you will need to use this and install the dependencies yourself. If you download from FirstWave, we have taken care of that for you.
If you download from GitHub you will need to install the OS-level dependencies manually. If you download from FirstWave, the installer script will take care of this for you.
All templates are escaped and protected with nonce's for javascript and use Content Security Policy headers.
All templates were validated against https://validator.w3.org with no errors and minimal warnings.
Logging is now on the filesystem, rather than in the database. All-access is logged by default. You can find daily logs at /open-audit/writeable/logs/. You may need to manually remove these 'eventually'. The logs rotate daily, but we do not delete these. They are potentially a source of security/access information. It is left to you the user to remove these when you want to. The default amount of logging is minimal though, so you should be able to leave a lot of these in place.
Session data is no longer stored in the database. You can find it on the filesystem at /open-audit/writeable/session/
Rules now have a regex option to match attributes.
We are incredibly proud of what we have achieved with this release, even if outwardly not a lot is visible.
Going forward this will enable us to improve the code and add new features at a much faster pace - and we have some ideas for killer features. Stay tuned for those.
Screenshots
Click to enlarge.
Summaries Collection. | Devices Collection. | Networks Collection. |
Discoveries Collection. | Dashboard (for Professional and Enterprise licenses). | Device Details. |
Compact Display. |
Upgrading From an Unsupported Distribution
This is not difficult. Perform the below steps to upgrade. The 'from' and 'to' distributions really don't matter. You are free to go from (say) Centos 7 to Debian 12.
On your new server, install a new distribution of your choice (from our new list of supported ones as above). You will need SSH on this machine.
On your new server, install Open-AudIT v5.0.0 as per a regular fresh install.
On your new server, verify it is working (you can get to the GUI and log in).
On your original Open-AudIT server, take a backup of the database. Note - you may need to substitute your MySQL root user password if it is not the default). Note #2 - The log entries in the database will be deleted, remove the DELETE LOGS command from below if you really need to keep them (most users shouldn't).
mysql -u root -popenauditrootuserpassword openaudit -e "DELETE FROM oa_user_sessions; DELETE FROM logs;" mysqldump -u root -popenauditrootuserpassword --extended-insert=FALSE --routines openaudit > /tmp/openaudit.sql
On your new server, copy the database backup from the original server along with a couple of other directories. Run the below (obviously substitute the items in CAPITAL letters).
scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/tmp/openaudit.sql /usr/local/open-audit/ scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/var/www/html/open-audit/custom_images/* /usr/local/open-audit/public/custom_images/ scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/usr/local/open-audit/code_igniter/application/attachments/* /usr/local/open-audit/app/Attachments/
If you have Baselines you wish to keep, on your new server, copy them across.
Replace $WWWGRP with www-data for Debian and Ubuntu and apache for Redhat.
sudo mkdir /usr/local/open-audit/temp_baselines_results scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/usr/local/omk/var/oae/baselines/results/*.json /usr/local/open-audit/temp_baselines_results/ chmod -R 777 /usr/local/open-audit/temp_baselines_results chown -R $WWWGRP:$WWWGRP /usr/local/open-audit/temp_baselines_results
On your new server, restore the database.
cd /usr/local/open-audit mysql -u root -popenauditrootuserpassword -e "DROP DATABASE openaudit; CREATE DATABASE openaudit;" mysql -u root -popenauditrootuserpassword openaudit < openaudit.sql
On your new server, log in. You should be asked to upgrade the database. Obviously, please do so.
On your new server, if you're happy, delete the database backup.
rm /usr/local/open-audit/openaudit.sql
As a bonus, you now know how to backup and restore your Open-AudIT server going forward. Take a backup of the database and copy the mentioned directories somewhere safe. If the worst case happens, you can spin up a new server and restore the database and directories - easy
Migrating Licenses
On your original Open-AudIT server, open the file /usr/local/omk/conf/opLicense.json
Copy the contents of the key "Open-AudIT Enterprise" and/or "Open-AudIT Professional" (and Open-AudIT Collector if licensed).
On your new server, in the GUI go to menu → Licenses → Manage Licenses and paste the contents of the JSON key. NOTE - Only the contents.
IE - Your file will contain this. Only copy the red text, not including the " quotes.
"Open-AudIT Enterprise" : "53616c7465645f5f3a52599dcec64e1c6db004a02d8bf07783dc8a72bd58db49b29504272a92006075b4fdeaeb7394a4529183aedc32c0212345678985ea78308010cf73a35530c597bb49df3f9bf8ffab54893251724257d1ffc8d7fee8f38f7a45637488bff6f74b2e479673e8aa187acb7ae2860f7705a7fbe4e0e636e3cf9f4f05023c519ae8d51177dcf6edb5c6d6a5508c2dc151096bfc7054ee09eae45d7e56be954a14f5ca374d330f3179256f551a1c972f18e77934aafeae0b19081d929b3fd91296c549d5723dd01b7a03cb758b228cd551f69838f63d4c9123456789bc9e81b634daf8e40d0fd4bf11da3b9794cf91450b48c8185655fd0a431fe28d9fd5d7d40c72c27a1",
So you would copy and paste this into the Open-AudIT GUI.
53616c7465645f5f3a52599dcec64e1c6db004a02d8bf07783dc8a72bd58db49b29504272a92006075b4fdeaeb7394a4529183aedc32c0212345678985ea78308010cf73a35530c597bb49df3f9bf8ffab54893251724257d1ffc8d7fee8f38f7a45637488bff6f74b2e479673e8aa187acb7ae2860f7705a7fbe4e0e636e3cf9f4f05023c519ae8d51177dcf6edb5c6d6a5508c2dc151096bfc7054ee09eae45d7e56be954a14f5ca374d330f3179256f551a1c972f18e77934aafeae0b19081d929b3fd91296c549d5723dd01b7a03cb758b228cd551f69838f63d4c9123456789bc9e81b634daf8e40d0fd4bf11da3b9794cf91450b48c8185655fd0a431fe28d9fd5d7d40c72c27a1
Example included response
"included": { "audit_log": [ { "debug": "", "device_id": "332", "devices.name": "heimdall", "id": "185", "ip": "127.000.000.001", "timestamp": "2023-06-26 13:08:23", "type": "audit", "username": "", "version": "4.4.2", "wmi_fails": "" }, { "debug": "", "device_id": "332", "devices.name": "heimdall", "id": "186", "ip": "127.000.000.001", "timestamp": "2023-06-26 14:58:38", "type": "audit", "username": "", "version": "4.4.2", "wmi_fails": "" } ], "bios": [ { "asset_tag": "", "current": "y", "date": "12/12/2018", "device_id": "332", "first_seen": "2023-06-26 13:08:23", "id": "31", "last_seen": "2023-10-02 20:07:51", "manufacturer": "Phoenix Technologies LTD", "model": "Phoenix BIOS - Firmware Rev. 6.00", "name": "Phoenix BIOS - Firmware Rev. 6.00", "revision": "4.6", "serial": "VMware-56 4d bd 9b 23 af 49 f8-c7 b4 bc 06 39 fd 99 62", "smversion": "2.7", "version": "6.00" } ] }