Release Notes for Open-AudIT v3.2.0
Released 2019-09-06
Linux SHA256: bbb32cbcd517471b86518fa580d367c0f246190220d2800aa7ec0f6678a12973
Linux md5sum: e36410b059eb9e6fb9009ed2b9ad367d
NOTE - Re-released on 2019-09-06 to fix a task bug.
Open-AudIT 3.2.0 see's a major new feature incorporated - Rules. Rules allow you to manage properties for discovered devices. Think of it as "If This, Then That" for Open-AudIT. More details can be found on the Rules page and a new Blog Post. The affected files (in case you have made any customisations) are mostly within the SNMP helpers. A full list is at the bottom of the page, but the main files are:
Linux - /usr/local/open-audit/code_igniter/application/helpers/snmp_*_helper.php
Windows - c:\xampp\open-audit\code_igniter\application\helpers\snmp_*_helper.php
NOTE - Minor API change. We have replaced the attribute=inText setting to now use attribute=in(Text) in URLs and API requests. If you are using attribute=inText, you will need to refactor your calls. Apologies for any inconvenience caused. This was to better service requests like system.manufacturer=intel without having to code exceptions for every permutation we come across.
Old - http://server/open-audit/index.php/devices?system.status=inproduction,testing
New - http://server/open-audit/index.php/devices?system.status=in(production,testing)
Version | Type | Collection | Description |
|---|---|---|---|
Open-AudIT Community | Bug | discoveries | Security issue reported and rectified. See Errata - 3.1.2 Security issue, September 2019 CVE-2019-16293 |
Open-AudIT Community | New Feature | rules | Rules |
Open-AudIT Community | Change | API | Replace attribute=inText with attribute=in(Text) |
Open-AudIT Community | Improvement | scripts | Enable running audit_windows.vbs without Admin rights. Admin required for policy reading. |
Open-AudIT Community | Improvement | discoveries | If we're running under Windows AND the default Apache service user AND have a failed 'net use' in the discovery log, show a warning. |
Open-AudIT Community | Improvement | discoveries | Provide warning when Windows Apache running as Local System and we have failed audit script copies in the discovery log. |
Open-AudIT Community | Bug | credentials | When retrieving credentials for a device::read, if they no longer exist, do not try to merge them into the response. |
Open-AudIT Community | Bug | scripts | Remove unnecessary wscript.quit in policy auditing (left from debugging). |
Open-AudIT Community | Improvement | input | Revise 'in' operator to require opening and closing round braces in URL. |
Open-AudIT Community | Improvement | queries | Fix parsing queries to use case-insensitive where (as opposed to case sensitive WHERE) when executing. |
Open-AudIT Community | Improvement | discoveries | Allow the user to supply an ID when creating Discoveries. This enables the Server and Collector to use the same discovery ID so logs will align. |
Open-AudIT Community | Improvement | credentials, locations, orgs | As per discoveries, allow ID for Orgs, Locations and Credentials so they're in sync between Server and Collector. |
Open-AudIT Community | Improvement | discoveries | Remove $device->id from log messages. We have $device-IP and we use that. Removing the ID (still stored in discovery_log.system_id) removes confusion when reading Collector vs Server discovery logs. |
Open-AudIT Community | Improvement | locations, orgs | Add reset function to Orgs and Locations controllers. |
Open-AudIT Community | Improvement | discoveries | Set the local IP for a log entry (when status = complete). Only log discovery retrieved if we are given an IP (end of discover subnet script causes this. |
Open-AudIT Community | Improvement | input, logs | Allow input/logs from localhost AND any IP of a Collector. |
Open-AudIT Community | Improvement | users, orgs | Don't log in m_users::get_org as this is called repeatedly. |
Open-AudIT Community | Improvement | scripts | Eliminate loop disks (mounted by Snaps) from linux audit. |
Open-AudIT Community | Improvement | rules | Set the PHP memory limit to 1024 the input controller. Discovery now regularly uses > 500MB because of the Rules matching. |
Open-AudIT Community | Improvement | discoveries | Add another match test, for dns_hostname. |
Open-AudIT Community | Improvement | scripts | Remove the DirectX software entry as the registry cannot provide the correct version above 11. |
Open-AudIT Community | Improvement | discoveries | Show the name as it is always present, rather than the hostname, in the log. |
Open-AudIT Community | Improvement | discoveries | Add the peak memory use to the last log line in discoveries. |
Open-AudIT Community | Improvement | users | Disable the NMIS user (null password) by default. |
Open-AudIT Community | Bug | discoveries | Fix non-updating status for discovery on single device discovery. |
Open-AudIT Community | Bug | users | Fix bug in m_logon when testing for multiple LDAP servers. Allow for user.name@domain.com and parse to user.name when searching for a user or logging on using headers. Full user.name@domain.com is sent from Enterprise. |
Open-AudIT Community | Improvement | scripts | Only show 'Audit My PC' on the logon screen if default network address is set and not to localhost. |
Open-AudIT Community | Bug | discoveries | Validate network address when discovery submitted and also when generating the command to be run. |
Open-AudIT Community | Improvement | discoveries | Set discovery status, duration, etc on logs received for more accurate display in GUI. |
Open-AudIT Community | Bug | discoveries | Do not attempt to SCP audit file from target if not in returned array of audit script output. |
Open-AudIT Community | Improvement | database | Schema changes to ensure defaults for all coluins that are not TEXT type. |
Open-AudIT Community | Improvement | database | New function to derive SQL schema columns. Replaces functions in m_collection and include_dictionary. Use new function in collections helper for columns. |
Open-AudIT Community | Improvement | database, groups | Remove GROUP BY name on groups collection for Strict MySQL compliance. |
Open-AudIT Community | Improvement | groups | Enable 'expose' in groups create form. |
Open-AudIT Enterprise | Improvement | collectors | Forward all discovery logs from Collector to Server. |
Open-AudIT Enterprise | Improvement | clouds | Ability to inventory and audit Google Compute cloud servers. |
Open-AudIT Professional | Improvement | networks | Add Cloud Network as a type of network. |
Open-AudIT Enterprise | Improvement | collectors | Store the Collectors OS. |
Open-AudIT Enterprise | Improvement | files | Address issue when declaring a Unix style filepath containing a *. This breaks the Windows audit. If a path now starts with a /, exclude it from the Windows audit script. |
Open-AudIT Enterprise | Improvement | collectors | Set default collector interval to 5 minutes. |
Open-AudIT Professional | Improvement | discoveries | Revise warning message for Centos/Redhat 6 for discovery create form. |
Open-AudIT Professional | Improvement | logs | New "summary" logs page. Group all logs for an individual request. From Professional / Enterprise, there will still be multiple as a single web browser request can generate several calls to the Community API. |
Open-AudIT Professional | Improvement | API | Only load dictionary in include_read when format is screen. When reading a discovery, load org, assigned org and assigned location in the includes array. |
Open-AudIT Professional | Improvement | credentials | Remove menu entry for Default Credentials (we no longer ship SNMP public). |
Open-AudIT Professional | Bug | devices | Sort device types ignoring case in drop down on devices::read template. |
Open-AudIT Professional | Improvement | discoveries | Revise the status naming on discoveries::collection and discoveries::read. |
Open-AudIT Enterprise | Bug | dashboards | Allow all dashboards on Cloud. |
Open-AudIT Enterprise | Improvement | discoveries | Do not flag SNMP status as true when cloud auditing. |
Open-AudIT Professional | Improvement | networks | Add the new network type and sort alpha on networks::read template. |
Open-AudIT Professional | Improvement | networks | Add a Refine button on networks::collection template (Show all /24 networks, for example). |
Open-AudIT Enterprise | Bug | discoveries | Enable edit discovery options in Cloud. |
Open-AudIT Professional | Improvement | discoveries | Show warning for Discovery Apache Service user under Windows. |
Open-AudIT Enterprise | Bug | tasks | Show Collector on tasks:read when type == discoveries. |
Open-AudIT Enterprise | Improvement | collectors | Add OS to the collector details when registering. |
Open-AudIT Professional | Improvement | tasks | For the tasks::create and tasks::read templates, only allow intervals of 5 minutes. |
Open-AudIT Professional | Bug | tasks | specify the correct type on tasks::create template form (tasks, not scripts). |
Open-AudIT Enterprise | Improvement | discoveries | Discovery Execute button on Server should create a task for Collector. |
Open-AudIT Professional | Improvement | GUI | All ? buttons should go to Documentation, not the Feature page. |
Open-AudIT Professional | Improvement | credentials, discoveries | Add wizard buttons on Discovery and Cloud pages. |
Open-AudIT Enterprise | Improvement | collectors | Sync Orgs and Locations to Collector. |
Open-AudIT Professional | Improvement | GUI | Add Get Support to Help menu. |
Open-AudIT Professional | Task | installer | New package requirement for Ubuntu/Debian only - php-curl. Centos/RedHat ship with this, as does our Xampp install for Windows. |
Open-AudIT Enterprise | Improvement | collectors | Allow credentials and discoveries when in Collector mode. |
Open-AudIT Enterprise | Improvement | collectors, discoveries | Delete the discovery logs on the server when a Collector discovery runs. |
Open-AudIT Professional | Bug | installer | Parse database.php config correctly so we can back it up in the installer. |
Open-AudIT Professional | Improvement | discoveries | On discoveries::read template, insert a BR where we have a new line int he logs. |
Open-AudIT Enterprise | Bug | discoveries | If we are Cloud or have Collectors, disable Run Discovery on Bulk Edit template. If we run Discovery from Bulk Edit, redirect upon completion to Dashboard with success or fail flash. Allow for new id=in() format in URL. |
Open-AudIT Professional | Improvement | devices | Remove the sortable attribute from Bulk Edit (in table header) on devices::collection template. |
Open-AudIT Professional | Improvement | GUI | Only populate debug panel if $response is set. |
Open-AudIT Enterprise | Improvement | GUI | Do not allow 'discover this device' when running Cloud. |
Open-AudIT Enterprise | Improvement | logs | Revised log severity from error to debug on collector request with no discoveries returned. |
Open-AudIT Professional | Bug | LDAP | Fix logging on to Professional / Enterprise using LDAP, verified by Community using full user.name@domain.com format. |