Open-AudIT Configuration

Open-AudIT Configuration

All settings apart from the database credentials should be accessible using the GUI. The GUI menu has entries for each major section and the Professional / Enterprise configuration options are separate from the Community options. The configuration options for Community are stored in the database. The configuration options for Professional / Enterprise are stored in a text file (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.


Common Settings to Consider Adjusting

The only attributes commonly set are those for email (see below). All other settings should likely be left as-is, unless a specific requirement is to be met.

Configuring Professional or Enterprise

In the config file is a section named authentication. You can verify users logging into Open-AudIT Enterprise using their Open-AudIT Community credentials if you set auth_method_1 to openaudit in this section. You can have up to three methods of authentication. openaudit then htaccess are the defaults.

To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration → Enterprise

You may need to restart the omkd daemon / service after making changes to these items.

The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.

The settings are common to all Opmantek commercial applications.


SectionNameOriginal Value
Possible ValuesDescription
openauditenterpriseoae_application_headingundef

Unused.
openauditenterpriseoae_baseline_match_casey
y, nWhen we match software in the baselines endpoint, should we match regardless of case in software.name
openauditenterpriseoae_cloud_serverhttps://cloud.open-audit.com
<url>Unused in on-premise installations.
openauditenterpriseoae_debug_level0
0. 1. 2. 3Log verbosity (larger is more verbosity).
openauditenterpriseoae_gui_refresh_time20
<integer>Unused.
openauditenterpriseoae_link/open-audit/
<absolute url>The standard link to Open-AudIT Community
openauditenterpriseoae_password

<password>Unused. The password for the Open-AudIT Enterprise user account.
openauditenterpriseoae_rss_url

https://community.opmantek.com/rss/OAE.xml


<url>The online address of the RSS feed.
openauditenterpriseoae_rss_usey
y, nShould we use the RSS feed on the dashboard.
openauditenterpriseoae_serverhttp://127.0.0.1/open-audit/
<url>The link to Open-AudIT for internal connections. Should always be the original value unless explicitly directed by Opmantek to be changed.
openauditenterpriseoae_type


Unused in on-premise installations.
openauditenterpriseoae_usernameopen-audit_enterprise
<username>The Open-AudIT Enterprise user (used internally).
openauditenterpriseoae_collector_connect_timeout10
<integer>Seconds to timeout waiting for the server when in Collector mode.
openauditenterpriseoae_collector_request_timeout240
<integer>Seconds to timeout waiting for the server when in Collector mode.
openauditenterpriseoae_collector_inactivity_timeout30
<integer>Seconds to timeout waiting for the server when in Collector mode.

Email

The email settings are used to email scheduled Queries and Reports. These should be changed to your required email server's settings.

To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> Email

You may need to restart the omkd daemon / service after making changes to these items.

The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.

The settings are common to all Opmantek commercial applications.


SectionNameOriginal Value
Possible ValuesDescription
emailmail_domainyourdomain.com
<domain>
emailmail_fromyourmailname@yourdomain.com
<email>
emailmail_passwordyour_password
<password>
emailmail_serversmtp.yourdomain.com
<fqdn>
emailmail_server_port25
<integer>
emailmail_subject_prefix[automatic]


emailmail_use_tlstrue
true, false
emailmail_useryour_user_account@your_domain.com
<username>


Authentication

In the config file is a section named authentication. You can verify users logging into Open-AudIT Enterprise using their Open-AudIT Community credentials if you set auth_method_1 to openaudit in this section. You can have up to three methods of authentication. openaudit then htaccess are the defaults. These should mostly be left as their defaults unless a specific requirement is to be met. To enable MS Active Directory and/or OpenLDAP, see the bottom of this page.

To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> Authentication

You may need to restart the omkd daemon / service after making changes to these items.

The file these settings are stored in is (Linux) /usr/local/omk/conf/opCommon.nmis and (Windows) c:\omk\conf\opCommon.nmis.

The settings are common to all Opmantek commercial applications.


SectionNameOriginal Value
Possible ValuesDescription
authenticationauth_crowd_password

<password>
authenticationauth_crowd_server

<ip>
authenticationauth_crowd_user

<username>
authenticationauth_expire_seconds3600
<integer>
authenticationauth_htpasswd_encryptcrypt
crypt, plaintext, apache-md5
authenticationauth_htpasswd_file<omk_conf>/users.dat
<relative filepath>
authenticationauth_lockout_after0
<integer>seconds, 0 for none.
authenticationauth_login_motdAuthentication required: default credentials are nmis/nm1888


authenticationauth_method_1openaudit
htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam
authenticationauth_method_2htpasswd
htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam
authenticationauth_method_3

htpasswd, openaudit, radias, tacacs, crowd, system, ldaps, ldap, ms-ldap, ms-ldaps, novell-ldap, connectwise, pam
authenticationauth_ms_ldap_attrsAMAccountName


authenticationauth_ms_ldap_baseCN=Users,DC=your_domain,DC=com
<ldap>
authenticationauth_ms_ldap_debugtrue
true, false
authenticationauth_ms_ldap_dn_accCN=Administrator,CN=Users,DC=your_domain,DC=com


authenticationauth_ms_ldap_dn_pswyour_administrator_password
<password>
authenticationauth_ms_ldap_groupCN=Users,DC=your_domain,DC=com
<ldap>
authenticationauth_ms_ldap_serveryour.ip.address.here
<ip>
authenticationauth_ms_ldaps_capathrequired


authenticationauth_ms_ldaps_serveryour.ip.address.here
<ip>
authenticationauth_ms_ldaps_verify



authenticationauth_sso_domain

<domain>


Configuring Community

Below are the default values and a description for the configuration of Open-AudIT. These can all be changed to work as you desire.

To change these using the GUI in Open-AudIT navigate to menu -> Admin -> Configuration -> All


NameOriginal Value
Possible ValuesDescription
access_token_count20
<integer>Allow this many access tokens to be stored in the cookie.
access_token_enabley
y, nShould we enable access tokens for CSRF mitigation.
blessed_subnets_usen
y, nShould we only accept data from the blessed subnets list.
collector_check_minutes5
5, 10, 15, 20, 30, 60The default check interval for collectors.
create_change_logy
y, nShould Open-AudIT create an entry in the change log table if a change is detected.
create_change_log_biosy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the bios table.
create_change_log_disky
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the disk table.
create_change_log_dnsy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the dns table.
create_change_log_filey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the file table.
create_change_log_ipy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the ip table.
create_change_log_logy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the log table.
create_change_log_memoryy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the memory table.
create_change_log_moduley
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the module table.
create_change_log_monitory
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the monitor table.
create_change_log_motherboady
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the motherboard table.
create_change_log_netstaty
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the netstat table.
create_change_log_netstat_dynamicn
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the netstat table and the port is 49152 or greater.
create_change_log_netstat_registeredn
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the netstat table and the port is in the range of 1024 to 49151.
create_change_log_netstat_well_knowny
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the netstat table and the port is 1023 or lower.
create_change_log_networky
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the network table.
create_change_log_nmapy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the nmap table.
create_change_log_opticaly
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the optical table.
create_change_log_pagefiley
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the pagefile table.
create_change_log_partitiony
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the partition table.
create_change_log_policyy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the policy table.
create_change_log_print_queuey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the print_queue table.
create_change_log_processory
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the processor table.
create_change_log_routey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the route table.
create_change_log_sany
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the san table.
create_change_log_scsiy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the scsi table.
create_change_log_servery
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the server table.
create_change_log_server_itemy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the server_item table.
create_change_log_servicey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the service table.
create_change_log_sharey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the share table.
create_change_log_softwarey
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the software table.
create_change_log_software_keyy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the software_key table.
create_change_log_soundy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the sound table.
create_change_log_tasky
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the task table.
create_change_log_usby
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the usb table.
create_change_log_usery
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the user table.
create_change_log_user_groupy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the user_group table.
create_change_log_variablen
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the variable table.
create_change_log_videoy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the video table.
create_change_log_vmy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the vm table.
create_change_log_windowsy
y, nShould Open-AudIT create an entry in the change log table if a change is detected in the windows table.
database_show_row_limit1000
<integer>The limit of rows to show, rather than download when exporting a database table.
decrypt_credentialsy
y, nWhen we display or export credentials, should we decrypt them.
default_network_addresshttp://localhost/open-audit/
<url>The URL used by external devices to talk to Open-AudIT.
delete_noncurrentn
y, nShould we delete all non-current data.
delete_noncurrent_biosn
y, nShould we delete non-current bios data.
delete_noncurrent_diskn
y, nShould we delete non-current disk data.
delete_noncurrent_dnsn
y, nShould we delete non-current dns data.
delete_noncurrent_filen
y, nShould we delete non-current file data.
delete_noncurrent_ipn
y, nShould we delete non-current ip data.
delete_noncurrent_logn
y, nShould we delete non-current log data.
delete_noncurrent_memoryn
y, nShould we delete non-current memory data.
delete_noncurrent_modulen
y, nShould we delete non-current module data.
delete_noncurrent_monitorn
y, nShould we delete non-current monitor data.
delete_noncurrent_motherboardn
y, nShould we delete non-current motherboard data.
delete_noncurrent_netstaty
y, nShould we delete non-current netstat data.
delete_noncurrent_networkn
y, nShould we delete non-current network data.
delete_noncurrent_nmapn
y, nShould we delete non-current nmap data.
delete_noncurrent_opticaln
y, nShould we delete non-current optical data.
delete_noncurrent_pagefilen
y, nShould we delete non-current pagefile data.
delete_noncurrent_partitionn
y, nShould we delete non-current partition data.
delete_noncurrent_policyn
y, nShould we delete non-current policy data.
delete_noncurrent_print_queuen
y, nShould we delete non-current print_queue data.
delete_noncurrent_processorn
y, nShould we delete non-current processor data.
delete_noncurrent_routen
y, nShould we delete non-current route data.
delete_noncurrent_sann
y, nShould we delete non-current san data.
delete_noncurrent_scsin
y, nShould we delete non-current scsi data.
delete_noncurrent_servern
y, nShould we delete non-current server data.
delete_noncurrent_server_itemn
y, nShould we delete non-current server_item data.
delete_noncurrent_servicen
y, nShould we delete non-current service data.
delete_noncurrent_sharen
y, nShould we delete non-current share data.
delete_noncurrent_softwaren
y, nShould we delete non-current software data.
delete_noncurrent_software_keyn
y, nShould we delete non-current software_key data.
delete_noncurrent_soundn
y, nShould we delete non-current sound data.
delete_noncurrent_taskn
y, nShould we delete non-current task data.
delete_noncurrent_usbn
y, nShould we delete non-current usb data.
delete_noncurrent_usern
y, nShould we delete non-current user data.
delete_noncurrent_user_groupn
y, nShould we delete non-current user_group data.
delete_noncurrent_variabley
y, nShould we delete non-current variable data.
delete_noncurrent_videon
y, nShould we delete non-current video data.
delete_noncurrent_vmn
y, nShould we delete non-current vm data.
delete_noncurrent_windowsn
y, nShould we delete non-current windows data.
devices_default_display_columns

system.id,system.icon,system.type,

system.name,system.ip,system.dns_fqdn,

system.identification,system.description,

system.manufacturer,system.os_family,system.status



When requesting a list of devices, display these columns.
devices_default_group_columns

system.id,system.icon,system.type,system.name,

system.ip,system.dns_fqdn,system.identification,

system.description,system.manufacturer,system.os_family,system.status



When requesting a group of devices, retrieve and display these columns.
devices_default_retrieve_columns

system.id,system.uuid,system.name,system.ip,system.hostname,

system.dns_hostname,system.domain,system.dns_domain,

system.dbus_identifier,system.fqdn,system.dns_fqdn,system.description,

system.type,system.icon,system.os_group,system.os_family,

system.os_name,system.os_version,system.manufacturer,system.model,

system.serial,system.form_factor,system.status,system.environment,

system.class,system.function,system.org_id,system.location_id,

system.snmp_oid,system.sysDescr,system.sysObjectID,system.sysUpTime,

system.sysContact,system.sysName,system.sysLocation,system.first_seen,

system.last_seen,system.last_seen_by,system.identification



When requesting a list of devices, provide these columns.
device_auto_deletey
y, nShould we delete the device data completely from the database when the device status is set to Deleted.
discovery_default_scan_option1
<integer>The default discovery options for Nmap.
discovery_ip_exclude

<ip>Populate this list with ip addresses to be excluded from discovery. IPs should be separated by a space.
discovery_limit20
<integer>The maximum number of concurrent discoveries we should run.
discovery_linux_script_directory/tmp/
<filepath>The directory the script is copied into on the target device.
discovery_linux_script_permissions700

The permissions set on the audit_linux.sh script when it is copied to the target device.
discovery_linux_use_sudoy
y, nWhen running discovery commands on a Linux target, should we use sudo.
discovery_override_nmapn
y, nOverride the detction of Nmap to enable discoveries.
discovery_route_retrieve_limit500
<integer>When discovering a device using SNMP, do not retrieve the route table if it contains more than this number of entries.
discovery_ssh_timeout300
<integer>Timeout duration (in seconds) when discovering a device via SSH.
discovery_sudo_path

<filepath>Optional hardcoded path to sudo executable. Comma seperated for multiple paths.
discovery_sunos_use_sudoy
y, nWhen running discovery commands on a SunOS target, should we use sudo.
discovery_use_dnsy
y, nShould we use DNS for looking up the hostname and domain.
discovery_use_ipmiy
y, nShould we use ipmitool for discovering management ports if ipmitool is installed.
discovery_use_vintage_servicen
y, nOn Windows, use the old way of running discovery with the Apache service account.
download_reportsn
y, nTells Open-AudIT to advise the browser to download as a file or display the csv, xml, json reports.
graph_days30
<integer>The number of days to report on for the Enterprise graphs.
gui_trim_characters25
<integer>When showing a table of information in the web GUI, replace characters greater than this with "...".
homepagegroups

Any links to the default page should be directed to this endpoint.
log_level5
1,2,3,4,5,6,7Tells Open-AudIT which severity of event (at least) should be logged.
log_retain_level_0180
<integer>Tells Open-AudIT how many days to keep logs with severity 0.
log_retain_level_1180
<integer>Tells Open-AudIT how many days to keep logs with severity 1.
log_retain_level_2180
<integer>Tells Open-AudIT how many days to keep logs with severity 2.
log_retain_level_3180
<integer>Tells Open-AudIT how many days to keep logs with severity 3.
log_retain_level_4180
<integer>Tells Open-AudIT how many days to keep logs with severity 4.
log_retain_level_590
<integer>Tells Open-AudIT how many days to keep logs with severity 5.
log_retain_level_630
<integer>Tells Open-AudIT how many days to keep logs with severity 6.
log_retain_level_77
<integer>Tells Open-AudIT how many days to keep logs with severity 7.
maps_api_key


The API key for Google Maps.
maps_url/omk/open-audit/map
<absolute url>The web server address of opMaps.
match_dbusn
y, nShould we match a device based on its dbus id.
match_dns_fqdnn
y, nShould we match a device based on its DNS fqdn.
match_dns_hostnamen
y, nShould we match a device based on its DNS hostname.
match_fqdny
y, nShould we match a device based on its fqdn.
match_hostnamey
y, nShould we match a device based only on its hostname.
match_hostname_dbusy
y, nShould we match a device based on its hostname and dbus id.
match_hostname_serialy
y, nShould we match a device based on its hostname and serial.
match_hostname_uuidy
y, nShould we match a device based on its hostname and UUID.
match_ipy
y, nShould we match a device based on its ip.
match_ip_no_datay
y, nShould we match a device based on its ip if we have an existing device with no data.
match_macy
y, nShould we match a device based on its mac address.
match_mac_vmwaren
y, nShould we match a device based mac address even if its a known likely duplicate from VMware.
match_serialy
y, nShould we match a device based on its serial number.
match_serial_typey
y, nShould we match a device based on its serial and type.
match_sysnamey
y, nShould we match a device based only on its SNMP sysName.
match_sysname_serialy
y, nShould we match a device based only on its SNMP sysName and serial.
match_uuidy
y, nShould we match a device based on its UUID.
nmisn
y, nEnable import / export to NMIS functions.
nmis_url

<absolute url>The web server address of NMIS.
oae_location

<filepath>The directory into which Open-AudIT Enterprise is installed, if not the default. Unused, do not change.
oae_url/omk/open-audit
<absolute url>The web server address of Open-AudIT Enterprise.
output_escape_csvy
y, nEscape CSV output so Excel will not attempt to run contents.
page_size1000
<integer>The default limit of rows to retrieve.
process_netstat_windows_dnsn
y, nShould we keep track of Windows netstat ports used by DNS above port 1000.
queue_limit20
<integer>The maximum number of concurrent device scans we should run.
rss_enabley
y, nEnable the RSS feed.
rss_url

https://community.opmantek.com/rss/OA.xml


<url>The RSS feed URL.


MS Active Directory & OpenLDAP settings

Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate and authorize a user and in addition, to create a user account in Open-AudIT using assigned roles and orgs based on LDAP group membership.

See our page on LDAP Servers for more details - LDAP_Servers