“Any fool can make things bigger, more complex, and more violent. It takes a touch of genius-and a lot of courage-to move in the opposite direction.”
Albert Einstein.
Sunday, January 29, 2012
Thursday, January 26, 2012
Sunday, November 20, 2011
What would you like to see next in OAv2?
Go here and vote for your preferred feature.
If you don't see your feature, let me know!
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5796
If you don't see your feature, let me know!
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5796
Monday, September 26, 2011
OAv2 beta3 released
Go grab it.
To upgrade your database (for an existing beta1 or beta2 install), copy the OAv2 files over the old ones, then fire up OAv2 and go to Help -> about (as an Admin).
Then click the red upgrade text. Done.
Make sure you use the new audit script, too.
FWIW - I would backup your database before doing this and also copy your original OAv2 files somewhere else. That way, if the worst happens, you can always revert back...
Please submit some statistics (Help -> Statistics) so I have some idea of how many people are using OAv2 (and how many systems they are auditing with it). This submission cannot be linked back to your organisation.
Also - I am off camping with the family from tomorrow night (Tue, Brisbane time). I will have limited internet access and no access to debug issue's. I will check the forums, but fixes won't be forthcoming until next week. Apologies if this causes an inconvenience.
Thursday, July 14, 2011
Help wanted (vbscript)
I am hacking some VBScript to attempt to determine the user that installed a program.
If I can get it going, I can add this to OAv2.
The script is below.
I get an unhelpful error and haven't managed to get it going.
If anyone can help, it would be most appreciated.
You can save it as blah.vbs and run it with "cscript blah.vbs".
It should dump any software it finds an entry for in the App Log - title, who installed it and when.
It should only dump the first entry it finds. IE - if you have installed, removed and installed a given piece of software, it may well have multiple entries in the Application Event Log.
Again, any help much appreciated.
strComputer = "."
const HKEY_LOCAL_MACHINE = &H80000002
set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT Message, User, TimeGenerated FROM Win32_NTLogEvent where logfile = 'Application' and eventcode = '11707'",,48)
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE,strKeyPath,arrSubKeys
for each subkey In arrSubKeys
newpath = strKeyPath & "\" & subkey
newkey = "DisplayName"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
if strValue <> "" then
package_name = strValue
for each objItem in colItems
mess1 = split(objItem.Message, "--")
mess2 = split(mess1(0), " ", vbTextCompare)
mess3 = split(mess2(0), "Product:")
message_retrieved = trim(mess3(1))
if (not isNull(message_retrieved)) then
if (InStr(message_retrieved, package_name) = 1) then
package_installed_by = objItem.User
package_installed_on = WMIDateStringToDate(objItem.TimeGenerated)
wscript.echo package_name & " Installed By: " & package_installed_by & " On: " & package_installed_on
exit for
else
package_installed_by = ""
package_installed_on = ""
end if
end if
next
end if
next
function WMIDateStringToDate(dtmDate)
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
end function
If I can get it going, I can add this to OAv2.
The script is below.
I get an unhelpful error and haven't managed to get it going.
If anyone can help, it would be most appreciated.
You can save it as blah.vbs and run it with "cscript blah.vbs".
It should dump any software it finds an entry for in the App Log - title, who installed it and when.
It should only dump the first entry it finds. IE - if you have installed, removed and installed a given piece of software, it may well have multiple entries in the Application Event Log.
Again, any help much appreciated.
strComputer = "."
const HKEY_LOCAL_MACHINE = &H80000002
set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT Message, User, TimeGenerated FROM Win32_NTLogEvent where logfile = 'Application' and eventcode = '11707'",,48)
strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
oReg.EnumKey HKEY_LOCAL_MACHINE,strKeyPath,arrSubKeys
for each subkey In arrSubKeys
newpath = strKeyPath & "\" & subkey
newkey = "DisplayName"
oReg.GetStringValue HKEY_LOCAL_MACHINE, newpath, newkey, strValue
if strValue <> "" then
package_name = strValue
for each objItem in colItems
mess1 = split(objItem.Message, "--")
mess2 = split(mess1(0), " ", vbTextCompare)
mess3 = split(mess2(0), "Product:")
message_retrieved = trim(mess3(1))
if (not isNull(message_retrieved)) then
if (InStr(message_retrieved, package_name) = 1) then
package_installed_by = objItem.User
package_installed_on = WMIDateStringToDate(objItem.TimeGenerated)
wscript.echo package_name & " Installed By: " & package_installed_by & " On: " & package_installed_on
exit for
else
package_installed_by = ""
package_installed_on = ""
end if
end if
next
end if
next
function WMIDateStringToDate(dtmDate)
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
end function
Tuesday, June 7, 2011
OAv2 beta 1.1 released
Based on some feedback (ie, bugs), I've released beta 1.1.
Make sure you grab 1.1 and not beta 1 from https://launchpad.net/oav2/trunk/beta1.
42 downloads in 24 hours - and feedback/testing submitted.
Thanks to all who take the time to help.
Make sure you visit the forms at
http://www.open-audit.org/phpBB3/viewforum.php?f=20
Make sure you grab 1.1 and not beta 1 from https://launchpad.net/oav2/trunk/beta1.
42 downloads in 24 hours - and feedback/testing submitted.
Thanks to all who take the time to help.
Make sure you visit the forms at
http://www.open-audit.org/phpBB3/viewforum.php?f=20
Monday, June 6, 2011
Beta 1 of OAv2 released
Done, out, pushed, released... finally.
This is a bit of a warthog release - I haven't done anywhere near as much testing as I would have liked. Please report the bugs to the Open-AudIT.org forums.
Seeing as I have now classed this as "beta", I will (from now on) attempt to provide database schema upgrades as scripts. Eventually, I'd like to get an update system similar to Wordpress. Very easy for the user to do. Eventually.
What's new - well it's now available as an XAMPPLITE package. For the Windows users, download it, extract it to C:\ start the xampp-control.exe, start Apache and MySQL and you're done. You should be able to browse to the root of your machine in a browser and get the logon page.
There's also a "code only" release. for IIS, Linux, etc, etc users who just want the application.
Groups and Reports are now stored in OAv2/code_igniter/system/application/controllers/groups (and /reports) directories. Drop the XML definition in the directory and you can "activate" the group or report in the web interface. The other options (import, export, etc) still exist.
I've improved the audit script. SQL won't hang (on SQL Express, etc) auditing now. You can also supply credentials to the audit script for auditing system's not on your domain.
cscript audit_windows.vbs COMPUTERNAME strUser=USERNAME strPassword=PASSWORD
Nice and easy. You can also use the credentials in the "audit list" script. Just add them after the computer name (as above) and when it calls the "audit windows" script, all arguments are passed through.
I've cleaned up the theme-tango/tango-files directory. It's quite clean as far as the .css and .js files are concerned. JQuery has also been updated to the latest version.
Some big feature's since last time -
Creating an Organisation now creates a corresponding Group.
If you have "edit" rights, and Report that includes a System ID will show an extra column. You can select multiple systems and edit their details together. Like when you acknowledge an Alert - only now for all the manually settable item's on a System, itself. One example use would be viewing the Systems in an automatically created network (subnet) group. You could set ALL the owner fields to a particular entity. Very quick and easy, versus editing each system by individually.
I also mean to create an individual audit script when you create an Organisation. All it would do is also set the Org_ID tag in the script - therefore automatically assigning any system audited by that particular script to an Organisation and it's corresponding Group. That's very much on the list...
There are a few other improvements... download it and try them out !
https://launchpad.net/oav2/trunk/beta1
This is a bit of a warthog release - I haven't done anywhere near as much testing as I would have liked. Please report the bugs to the Open-AudIT.org forums.
Seeing as I have now classed this as "beta", I will (from now on) attempt to provide database schema upgrades as scripts. Eventually, I'd like to get an update system similar to Wordpress. Very easy for the user to do. Eventually.
What's new - well it's now available as an XAMPPLITE package. For the Windows users, download it, extract it to C:\ start the xampp-control.exe, start Apache and MySQL and you're done. You should be able to browse to the root of your machine in a browser and get the logon page.
There's also a "code only" release. for IIS, Linux, etc, etc users who just want the application.
Groups and Reports are now stored in OAv2/code_igniter/system/application/controllers/groups (and /reports) directories. Drop the XML definition in the directory and you can "activate" the group or report in the web interface. The other options (import, export, etc) still exist.
I've improved the audit script. SQL won't hang (on SQL Express, etc) auditing now. You can also supply credentials to the audit script for auditing system's not on your domain.
cscript audit_windows.vbs COMPUTERNAME strUser=USERNAME strPassword=PASSWORD
Nice and easy. You can also use the credentials in the "audit list" script. Just add them after the computer name (as above) and when it calls the "audit windows" script, all arguments are passed through.
I've cleaned up the theme-tango/tango-files directory. It's quite clean as far as the .css and .js files are concerned. JQuery has also been updated to the latest version.
Some big feature's since last time -
Creating an Organisation now creates a corresponding Group.
If you have "edit" rights, and Report that includes a System ID will show an extra column. You can select multiple systems and edit their details together. Like when you acknowledge an Alert - only now for all the manually settable item's on a System, itself. One example use would be viewing the Systems in an automatically created network (subnet) group. You could set ALL the owner fields to a particular entity. Very quick and easy, versus editing each system by individually.
I also mean to create an individual audit script when you create an Organisation. All it would do is also set the Org_ID tag in the script - therefore automatically assigning any system audited by that particular script to an Organisation and it's corresponding Group. That's very much on the list...
There are a few other improvements... download it and try them out !
https://launchpad.net/oav2/trunk/beta1
Subscribe to:
Posts (Atom)
Posts
