Linux md5sum: dad7e1debae0a6e840b38e3d3cba0b16

Linux sha256sum: 9b7f71775dcdc61250c772d20fd528396709f9db33e2112e76ca80e7f256e69f

Windows sha256sum: 37a2c4e81b103cf5b4833bebb618c5c41ff9b23a242d35b9f5481563c6824c80

Packages

Enterprise users can now add software packages to be tracked and reported on. A package has a type: ‘antivirus','approved','backup','banned','cloud','firewall','ignored','license','other'. We have provided a starting list and use this with queries and widgets to provide reporting. As usual you can find them under menu → Manage → Packages. Why didn’t I name it “Software” - because we already use that name in the database for the installed software on a PC, so “Packages” it is.

SNMP Discovery Improvements

We have done a lot of work making SNMP discoveries more robust. This includes extra guard clauses in functions, robustness against SNMP devices that timeout and do not respond mid-discovery. We have added more models and data retrieval. We now retrieve and store the WAPs attached to a Cisco 9800 Wireless Access Controller as well as other items (see below for more details).

We now also support SNMPv3 contexts. Just add these into the credentials entry and they should ‘just work’.

General Discovery Improvements

We now support discovering and auditing a Windows machines using SSH.

There is a new feature flag in the config (feature_powershell_audit) that enables the powershell audit script for Windows in discoveries. A word of warning, this will generate change logs on devices because some items aren’t retrieved with the exact same name as the VBScript does. These items are:

• Logs - overwrite

• Tasks - name

• Disk - size

• Partition - size

• Route - removed local routes

• Software - more was added with powershell

I very much encourage you to try using the PowerShell in discovery as this will be the way forward. Please do try it (maybe on a single machine, or disable change logs and set delete non-current log, task, disk, partition, route & software in the config). Any help and bug reports will only result in a better product for you going forward

Windows AntiVirus and Firewall

We now retrieve the details of any installed AntiVirus and Firewall from Windows clients (Windows 10 & 11). Unfortunately Windows Server does not offer these for retrieval, so for those we rely on the Packages info (as above). If you find your widget on the Windows Security Dashboard is incorrect for Windows Servers AntiVirus / Firewall, this is likely why. Just add an entry to packages and it should report correctly. I don’t know the name (and more importantly, the name as per add/remove programs) of every AntiVirus and Firewall package on the market. We have supplied quite a few, but as stated, if your particular software isn’t on the list you can add it. Oh - and send us the exact name so we can add it as well!

Windows Security Dashboard

Our new dashboard uses traffic light style widgets. These are now an additional type of widget you can create. A traffic light widget uses one, two or three queries - one each for red, yellow and green. The idea of the Windows Security Dashboard is to get the entire screen green. If it’s green, you’re good to go!

GUI

We have revised the Read and Execute templates. We have moved the actions you can take on the individual entry to the center of the panel header. We have left those actions that apply to the collection as a whole on the right side. This separation should provide a bit more clarity on what the action button applies to.

Detailed Changes

Note - these are taken from the Git Log. you can see these at Github here - https://github.com/Opmantek/open-audit