Open-AudIT Configuration
All settings apart from the database credentials should be accessible using the GUI. The GUI menu has entries for each major section and the Professional / Enterprise configuration options are separate from the Community options. The configuration options for Community are stored in the database. The configuration options for Professional / Enterprise are stored in a text file (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.
Common Settings to Consider Adjusting
The only attributes commonly set are those for email (see below). All other settings should likely be left as-is, unless a specific requirement is to be met.
Configuring Professional or Enterprise
In the config file is a section named authentication. You can verify users logging into Open-AudIT Enterprise using their Open-AudIT Community credentials if you set auth_method_1 to openaudit in this section. You can have up to three methods of authentication. openaudit then htaccess are the defaults.
To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration → Enterprise
You may need to restart the omkd daemon / service after making changes to these items.
The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.
The settings are common to all Opmantek commercial applications.
Section | Name | Original Value |
| Possible Values | Description |
|---|---|---|---|---|---|
openauditenterprise | oae_application_heading | undef |
|
| Unused. |
openauditenterprise | oae_baseline_match_case | y |
| y, n | When we match software in the baselines endpoint, should we match regardless of case in software.name |
openauditenterprise | oae_cloud_server | https://cloud.open-audit.com |
| <url> | Unused in on-premise installations. |
openauditenterprise | oae_debug_level | 0 |
| 0. 1. 2. 3 | Log verbosity (larger is more verbosity). |
openauditenterprise | oae_gui_refresh_time | 20 |
| <integer> | Unused. |
openauditenterprise | oae_link | /open-audit/ |
| <absolute url> | The standard link to Open-AudIT Community |
openauditenterprise | oae_password |
|
| <password> | Unused. The password for the Open-AudIT Enterprise user account. |
openauditenterprise | oae_rss_url | https://community.opmantek.com/rss/OAE.xml |
| <url> | The online address of the RSS feed. |
openauditenterprise | oae_rss_use | y |
| y, n | Should we use the RSS feed on the dashboard. |
openauditenterprise | oae_server | http://127.0.0.1/open-audit/ |
| <url> | The link to Open-AudIT for internal connections. Should always be the original value unless explicitly directed by Opmantek to be changed. |
openauditenterprise | oae_type |
|
|
| Unused in on-premise installations. |
openauditenterprise | oae_username | open-audit_enterprise |
| <username> | The Open-AudIT Enterprise user (used internally). |
openauditenterprise | oae_collector_connect_timeout | 10 |
| <integer> | Seconds to timeout waiting for the server when in Collector mode. |
openauditenterprise | oae_collector_request_timeout | 240 |
| <integer> | Seconds to timeout waiting for the server when in Collector mode. |
openauditenterprise | oae_collector_inactivity_timeout | 30 |
| <integer> | Seconds to timeout waiting for the server when in Collector mode. |
The email settings are used to email scheduled Queries and Reports. These should be changed to your required email server's settings.
To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> Email
You may need to restart the omkd daemon / service after making changes to these items.
The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.
The settings are common to all Opmantek commercial applications.
Section | Name | Original Value |
| Possible Values | Description |
|---|---|---|---|---|---|
mail_domain | yourdomain.com |
| <domain> |
| |
mail_from | yourmailname@yourdomain.com |
| <email> |
| |
mail_password | your_password |
| <password> |
| |
mail_server | smtp.yourdomain.com |
| <fqdn> |
| |
mail_server_port | 25 |
| <integer> |
| |
mail_subject_prefix | [automatic] |
|
|
| |
mail_use_tls | true |
| true, false |
| |
mail_user | your_user_account@your_domain.com |
| <username> |
|
Authentication
In the config file is a section named authentication. You can verify users logging into Open-AudIT Enterprise using their Open-AudIT Community credentials if you set auth_method_1 to openaudit in this section. You can have up to three methods of authentication. openaudit then htaccess are the defaults. These should mostly be left as their defaults unless a specific requirement is to be met. To enable MS Active Directory and/or OpenLDAP, see the bottom of this page.
To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> Authentication
You may need to restart the omkd daemon / service after making changes to these items.
The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.
The settings are common to all Opmantek commercial applications.
Section | Name | Original Value |
| Possible Values | Description |
|---|---|---|---|---|---|
authentication | auth_crowd_password |
|
| <password> |
|
authentication | auth_crowd_server |
|
| <ip> |
|
authentication | auth_crowd_user |
|
| <username> |
|
authentication | auth_expire_seconds | 3600 |
| <integer> |
|
authentication | auth_htpasswd_encrypt | crypt |
| crypt, plaintext, apache-md5 |
|
authentication | auth_htpasswd_file | <omk_conf>/users.dat |
| <relative filepath> |
|
authentication | auth_lockout_after | 0 |
| <integer> | seconds, 0 for none. |
authentication | auth_login_motd | Authentication required: default credentials are nmis/nm1888 |
|
|
|
authentication | auth_method_1 | openaudit |
| htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam |
|
authentication | auth_method_2 | htpasswd |
| htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam |
|
authentication | auth_method_3 |
|
| htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam |
|
authentication | auth_ms_ldap_attr | sAMAccountName |
|
|
|
authentication | auth_ms_ldap_base | CN=Users,DC=your_domain,DC=com |
| <ldap> |
|
authentication | auth_ms_ldap_debug | true |
| true, false |
|
authentication | auth_ms_ldap_dn_acc | CN=Administrator,CN=Users,DC=your_domain,DC=com |
|
|
|
authentication | auth_ms_ldap_dn_psw | your_administrator_password |
| <password> |
|
authentication | auth_ms_ldap_group | CN=Users,DC=your_domain,DC=com |
| <ldap> |
|
authentication | auth_ms_ldap_server | your.ip.address.here |
| <ip> |
|
authentication | auth_ms_ldaps_capath | required |
|
|
|
authentication | auth_ms_ldaps_server | your.ip.address.here |
| <ip> |
|
authentication | auth_ms_ldaps_verify |
|
|
|
|
authentication | auth_sso_domain |
|
| <domain> |
|
Configuring Community
Below are the default values and a description for the configuration of Open-AudIT. These can all be changed to work as you desire.
To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> All
Name | Original Value |
| Possible Values | Description |
|---|---|---|---|---|
access_token_count | 20 |
| <integer> | Allow this many access tokens to be stored in the cookie. |
access_token_enable | y |
| y, n | Should we enable access tokens for CSRF mitigation. |
blessed_subnets_use | n |
| y, n | Should we only accept data from the blessed subnets list. |
collector_check_minutes | 5 |
| 5, 10, 15, 20, 30, 60 | The default check interval for collectors. |
create_change_log | y |
| y, n | Should Open-AudIT create an entry in the change log table if a change is detected. |
create_change_log_bios | y |
| y, n | Should Open-AudIT create an entry in the change log table if a change is detected in the bios table. |
create_change_log_disk | y |