Release Notes for Open-AudIT v5.0.0

Released 2023-11-14

md5sum: 56ca4ea98cfb71d6df0b377ee18b06d5

sha256sum: d37c1e71fe5ba27691b363ff275c5203a1c1917cba6d05d926058f701fe809da

Linux only release (at this stage). UPDATE - Windows was released on 2023-11-20.

The New Stuff

Version 5 of Open-AudIT. Wow, what a ride. Underneath the skin, it is huge. We have upgraded the underlying framework and brought the code itself up to current best practices. As a result, we now install on current Redhat, Debian, and Ubuntu and we need a minimum of PHP 7.4. Hence, the following are the officially supported distributions: Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. We also deprecated the omkd daemon and associated Perl framework (for Open-AudIT, not the other FirstWave applications). So now there is a single interface and a single website for Open-AudIT. Obviously, this makes for less code. Which means fewer errors. And less work. All in all, I'm very happy with the result. Party popper

But that's all underneath - you don't care about that! You just want the new features. Well, to be honest, there aren't a lot. We have upgraded the front end to use Bootstrap 5. Community users will notice that the most. We have also moved on from the Tango icons set. Now in use is the Newaita Reborn set. Tango has been awesome, but after almost 20 years, it's time for a change! Surprised

If you download the package from FirstWave, you'll get the Enterprise functionality which includes the javascript library for charting. If you download, build, and install from Github you won't get the Enterprise functionality, nor the javascript charting library. Those pieces are not open source. Them's the breaks - a guy's gotta eat! Wink

OK, the nitty gritty. Detective

Important Caveats

We now only support Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. Upgraders please read all the documentation below.

For version 5.0.0, we do not have Okta or Crowd authentication in place. Even if you are using Okta or Crowd for authentication, you still have your users in Open-AudIT for authorisation. Just assign them a password in Open-AudIT and you can continue to use 5.0.0 until such time as Okta and/or Crowd are implemented.

SAN audit processing has not been implemented yet.

Upgraders

Upgrading from as far back as 2.3.3 (the last version 2.x release) is supported. Please make sure you read all the Open-AudIT Release Notes including this one, before you begin.

If you are upgrading from a version before 3.3.1, you will have to recreate any baselines you have, as well as any roles. The simplest way to recreate the Roles is to go to menu → Manage → Roles → List Roles. Then click the Default Items button. Then click the Reset button.

If you are upgrading (IE, you're running Ubuntu 20.04) when you first log in the header states that it is Open-AudIT Community and you do have a license, DON'T PANIC. It just needs a new request to consult the license file and all will be well. Just upgrade the database and continue on. You should see the header change with the next request.

If you're moving from an old to a new server, see Migrating Licenses below.

We require a minimum of version 7.4 for PHP. This is fine for the supported distributions as listed above, however, if you have installed a custom PHP it's on you to upgrade it.

This is a large upgrade. New installs will "just work", but upgraders should take the time and install it into a testing environment before migrating production instances.

Changes

system Becomes devices

The largest change - the 'system' table that holds all your device data (IP, name, manufacturer, model, et al) is now called the 'devices' table. Much more intuitive and something I've been meaning to do for years. For those upgrading - your queries, summaries, and widgets (et al) will be upgraded as best we can. I would suggest checking any self-created items to ensure they work as intended. Also for upgraders, we have implemented a 'view' in the database named 'system' which should function as the system table did before and enable a (relatively) painless transition. That view will not exist for new installs. Yes

And related to that, all collections that have default items (think groups, queries, roles, et al) now have the ability to "Reset to Default". Using that function will remove any existing items in the collection and import the new items as per v5.0.0.

Changed Collections

We have removed a few items that were surplus to needs and to be frank, creating unnecessary complexity. Buildings, Floors, Rooms, and Rows are all gone. Those attributes were used only by the Racks collection and the attributes are now stored directly in the Racks table. When you create a new rack you can select an existing building, floor, room, and row or create a new one. Your existing data will populate the racks table as you would expect. Like

The data for Baselines Results is now stored in the database, just like a regular collection. Yes

Removed URLs

All web requests now go to /open-audit/index.php/$collection. Previously we had that URL for Community and /omk/open-audit/$collection for Enterprise. The latter has now been removed. You will need to update any of your own links. Warning

As a result, we have updated the The Open-AudIT API page. Woman writing code

The included Response Section

The format of the JSON response for included has changed. Previously it was a single array of objects, each of which could be any type. Now we have included being an object, with each attribute being an array. Each included attribute is the $collection. So now we have included->orgs[{},{}]. This saves time enumerating the entire included array when you need a specific type of item. They're now all neatly grouped together. An example is at the bottom of this page. Warning

We have removed the /devices?sub_resource=$component URL and replaced it with /components?components.type=$component. If you're calling this URL, you should supply a type, i.e. - /components?components.type=bios. The components collection covers the following database tables: bios, certificate, disk, dns, file, ip, log, memory, module, monitor, motherboard, netstat, network, nmap, optical, pagefile, partition, policy, print_queue, processor, radio, route, san, scsi, server, server_item, service, share, software, software_key, sound, task, usb, user, user_group, variable, video, vm, windows. Electric light bulb

A couple of examples:

  • To retrieve all Bios entries in the database - /open-audit/index.php/components?components.type=bios
  • To retrieve all Software from a given machine (ID 2) - /open-audit/index.php/components?components.type=software&devices.id=2

Other Items

The DiscoveriesCollection template has been improved to make it render much faster. Previously if you had many discovery logs, generating the list of Discovery Issues could take a long time and even timeout on occasion. We have revised the logging so we can much more easily select any Discovery Issues and in addition have limited the number selected to 100. Yes

Any existing licenses for Professional, Enterprise, and Collectors are automatically imported. OK

The GUI has nice new shiny buttons. There is now an option (per user) to display the buttons with an icon and text, just an icon or just text. The icons are colored consistently. Blue for read-only, Green for read/write of data, and Red for removing data. Oh, and there are a couple of yellow/orange icons for warnings. This makes sense to me. Smile

As well, there is now a per-user option to use a 'compact' GUI. This makes the table rows (and associated buttons) smaller so more information fits on the screen at once. An example screenshot is below.

There is no more worryin