logo-open-audit

 

Open-AudIT is a network auditing application. It is based on the scripting languages of PHP, Bash and VBScript. Open-AudIT can tell what is on your network, how it is configured and if there have been any changes.

 

The entire application is written in php, bash and vbscript. These are all ‘scripting’ languages – no compiling and human readable source code. Making changes and customisations is both quick and easy.

 

Windows PCs can be queried for hardware, software, operating system settings, security settings, IIS settings, services, users & groups and much more. Linux systems can be queried for a similar amount of information. Network devices (printers, switches, routers, etc) can have data recorded such as IP-Address, MAC Address, open ports, serial number, etc, etc. Output is available in PDF, CSV and webpages. There are export options for Dia and Inkscape.

 

Open-AudIT can be configured to scan your network and devices automatically. A daily scan is recommended for systems, with network scans every couple of hours. That way, you can be assured of being notified if something changes (day to day) on a PC, or even sooner, if something “new” appears on your network.

 

Open-AudIT and NMIS – a great match. Open-AudIT can extract your NMIS device listing along with credentials scan your devices and place them into the Open-AudIT database. Conversely Open-AudIT can discover a subnet and export the device details back into NMIS.

 

 

 

 

 

Installing Dependency: 

 

check whether the below commands have correct value, otherwise correct it.
#HOSTNAME
#uname -n
#TIMEZONE
This should match a valid time zone for PHP. You can check which time zones PHP supports at http://www.php.net/manual/en/timezones.php

 

 

#cat /etc/sysconfig/clock | grep ZONE | cut -d”\”” -f2

 

 

 

You will need an external repo to install some items, so we’ll set that up now.

#rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

 

 

 
Install MySQL:

 

#yum -y install mysql mysql-server

#chkconfig –levels 235 mysqld on

#service mysqld start

 
When the mysqld service starts you will likely see a reminder about setting a database root password; if you do it immediately make sure that you note down the password for later. Alternatively you can leave the database without password until you configure Open-Audit.

 

 

 
Install Apache:
#yum -y install httpd

#chkconfig –levels 235 httpd on

#service httpd start

 

 

 
Install the other required packages:

#yum -y install nano php php-cli php-mysql php-ldap php-mbstring php-mcrypt php-snmp php-xml nmap zip curl wget sshpass screen samba-client

 

Screenshot from 2014-03-16 13:00:01

 

 
We also need to install winexe. It is not in repositiories, but available for most distributions via the SuSe Build Server. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using “yum install winexe” and you should be good to go.

 

Screenshot from 2014-03-16 13:02:48

 

 

 
Open-AudIT uses Nmap for discovery, sshpass for Linux auditing and screen / samba-client / winexe for Windows auditing.

Discovery will not work without these packages installed.

 

 

 

Configure IPTables:

#sed -i ‘s/\*filter$/*filter\n-A INPUT -m state –state NEW -p tcp –dport 443 -j ACCEPT/’ /etc/sysconfig/iptables
#sed -i ‘s/\*filter$/*filter\n-A INPUT -m state –state NEW -p tcp –dport 80 -j ACCEPT/’ /etc/sysconfig/iptables

 

 

Configure PHP (substituting $TIMEZONE from above).
#sed -i -e ‘s/memory_limit/;memory_limit/g’ /etc/php.ini

#echo “memory_limit = 512M” >> /etc/php.ini

#sed -i -e ‘s/max_execution_time/;max_execution_time/g’ /etc/php.ini

#echo “max_execution_time = 300” >> /etc/php.ini

#sed -i -e ‘s/max_input_time/;max_input_time/g’ /etc/php.ini

#echo “max_input_time = 600” >> /etc/php.ini

#sed -i -e ‘s/error_reporting/;error_reporting/g’ /etc/php.ini

#echo “error_reporting = E_ALL” >> /etc/php.ini

#sed -i -e ‘s/display_errors/;display_errors/g’ /etc/php.ini

#echo “display_errors = On” >> /etc/php.ini

#sed -i -e ‘s/upload_max_filesize/;upload_max_filesize/g’ /etc/php.ini

#echo “upload_max_filesize = 10M” >> /etc/php.ini

#sed -i -e ‘s/date.timezone/;date.timezone/g’ /etc/php.ini

#echo “date.timezone = $TIMEZONE” >> /etc/php.ini

 

 

Screenshot from 2014-03-16 13:03:22

 

 

 

Set the server name (substituting $HOSTNAME from above) and shell (used for scripts) for Apache and restart

#echo “ServerName $HOSTNAME” >> /etc/httpd/conf/httpd.conf

#chsh -s /bin/bash apache

#service httpd restart

 

 

 

Set the SUID for the nmap binary (so we can use the apache front end to run scripts which call nmap).

#chmod u+s /usr/bin/nmap

You should be able to determine the IP Address of your Open-AudIT server via the following command:

#ifconfig | grep -Eo ‘inet (addr:)?([0-9]*\.){3}[0-9]*’ | grep -Eo ‘([0-9]*\.){3}[0-9]*’ | grep -v ‘127.0.0.1’

 

 

 

 

Installing Open-Audit:

 

All local commands should be run as root.

Copy the Open-Audit tarball to the server (OAE-Linux-x86_64-1.0.5.tar.gz).
Change into the /usr/local directory.

 
#cd /usr/local
#tar xvf ~/OAE-Linux-x86_64-1.0.5.tar.gz

 

Fix the file ownership and permissions.

 

#cd /usr/local
#chown -R root:root omk
#chmod -R 700 omk
#chmod 755 omk/log
#chmod -R 770 open-audit
#chmod -R 777 open-audit/code_igniter/application/views/lang/
#chmod 770 open-audit/other/audit_*.sh
#chmod 660 open-audit/other/open-audit.log

#chown -R root:apache /usr/local/open-audit

 

 
Install the Daemon:
Copy the daemon startup script.

#cp /usr/local/omk/install/omkd.init.d /etc/init.d/omkd
#chkconfig –add omkd
#cd /usr/local/omk/install
#cp users.dat oae_reports.json opCommon.nmis opModules.nmis ../conf

 

Screenshot from 2014-03-16 13:06:25

 

 
Set the permissions to writeable.

#chmod -R 755 /usr/local/omk/conf
#useradd nmis
#service omkd start

 
Configure Apache

#cp /usr/local/omk/install/04omk-proxy.conf /etc/httpd/conf.d/
#service httpd restart

#cp -r /usr/local/open-audit/www/* /var/www/html/
#chown -R root:apache /var/www/html
#chmod -R 755 /var/www/html

 

 

If you are installing into a web root subdirectory, you will need to copy the files into a subdirectory. The below example is from the Opmantek virtual appliance.

 

#cp -Rf /usr/local/open-audit/www/* /var/www/html/open-audit/

Ensure index.php contains the correct locations for finding the OpenAudit files.

 

Screenshot from 2014-03-16 13:11:09

 

 

 
Configure MySQL:

 

The root password for MySQL needs to be set next; if you have used mysql_secure_installation or mysqladmin before to set the password, then you can skip this step.

In the command below replace the token PASSWORD (and only the all-uppercase token PASSWORD) with a suitable password of your choosing.

 

#mysql -u root -e “USE mysql; UPDATE user set Password = password(‘PASSWORD’) WHERE User = ‘root’; FLUSH PRIVILEGES;”

Now create the Open-AudIT database and the database user to be used by the application. Make sure you replace the token PASSWORD with the actual database password that you set.

#mysql -u root -pPASSWORD -e “CREATE DATABASE openaudit;”
#mysql -u root -pPASSWORD -e “CREATE USER openaudit@localhost IDENTIFIED BY ‘openauditpassword’;”
#mysql -u root -pPASSWORD -e “GRANT ALL PRIVILEGES ON openaudit.* TO openaudit@localhost IDENTIFIED BY ‘openauditpassword’;”
#mysql -u root -pPASSWORD -e “FLUSH PRIVILEGES;”

 

 

Screenshot from 2014-03-16 13:13:21

 

 

 
Insert the database schema

#mysql -u root -pPASSWORD openaudit < /usr/local/open-audit/other/openaudit_mysql.sql

 

Screenshot from 2014-03-16 13:15:12

 

 

Test the Website:

 

You should now be able to access the web page at http://192.168.31.1/index.php Assuming you can, proceed to the next section.

Enter Your License

Go to the URL http://<server>/omk/oae/

Enter the default credentials of nmis and nm1888.

 

Screenshot from 2014-03-16 13:15:45

 

 

Click the “View and enter licenses” button.

Click “Enter a license key”.

 

 

Screenshot from 2014-03-16 13:16:46

 

Paste your license key text into the text box and click “Add License”.

You should see a message at the top of the screen saying “Success: You have added a license for Open-AudIT Enterprise.”

 

Close the browser tab.

 

Click the “License Entered, Continue” button.

 

Accept the End User License Agreement.

 

You should now see the Open-AudIT Enterprise dashboard.
Log in to Open-AudIT Enterprise

Go to the URL http://IPADDRESS/omk/oae

 

Screenshot from 2014-03-16 13:17:34