Errata - 3.3.0 Global Exclude IP list from configuration not being honoured
When we execute a discovery in 3.3.0, the global configuration item discovery_exclude_ip is not being honored.
A work-around is to add these excluded IPs into the individual discovery (Enterprise users). Other users will have to apply the below patch.
In the file open-audit/code_igniter/application/helpers/discoveries_helper.php Lines 245 - 247 are as below.
$CI->db->query($sql, $data); $all_ip_list = all_ip_list($discovery);
In between these lines insert the below.
if ( ! empty($CI->config->config['discovery_ip_exclude'])) { $exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']); if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) { $discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip; } else { $discovery->attributes->other->nmap->exclude_ip = $exclude_ip; } }
So the section of file now looks like
$CI->db->query($sql, $data); if ( ! empty($CI->config->config['discovery_ip_exclude'])) { $exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']); if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) { $discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip; } else { $discovery->attributes->other->nmap->exclude_ip = $exclude_ip; } } $all_ip_list = all_ip_list($discovery);
That code will combine any excluded IPs from the configuration with those specified in the individual discovery.
You can find a patched file on github at https://github.com/Opmantek/open-audit/blob/master/code_igniter/application/helpers/discoveries_helper.php
Apologies for the inconvenience.