SlideShare uma empresa Scribd logo
1 de 24
Open Audit
    The Automation of Network Inventory




UCCSC 2009                       Noah Spahn - UCSB
Presentation Outline




UCCSC 2009                      Noah Spahn - UCSB
Necessity of Inventory Systems

• Ignorance is not a valid excuse for
  Network Administrators
• Sample Questions:
  o   Which systems are near the end of their warranty?
  o   Which Towers contain model #*** video card?
  o   Which IPs are in use and where?
  o   How many licenses are left for X software?
  o   Which systems don't have the MS security patch that
      was released yesterday?



                                                the problem 
Problems of Inventory Systems

• Manual entry is Error Prone
  o   Especially in complex systems


• Budget restrictions
  o   Economic drought means cheaper solutions are that much more favorable




                                                                       the problem 
Manual Entry = Errors

Excel Spreadsheets
Benefits
- query by column
- MS ‘familiarity’
Disadvantages
- manual entry
- MS knowledge required
- possible to overwrite data
- file naming conventions & storage
- MS advanced function can be
dangerous




                                      the problem 
Origin of Open-Audit

• Open Source
  http://winventory.sourceforge.net/
• Mark Unwin had written a script to audit
  computers on a network, saw the need to
  extend it (to have a query-able web
  interface). In 2005 the project was
  originally released via the GPL
   (http://www.gnu.org/copyleft/gpl.html)
• wmi, vbscript, mysql & php

                                    background
Free Software License
• Open-AudIT is licensed under the terms of the GNU
  General Public License Version 2 as published by the
  Free Software Foundation. This gives you legal
  permission to copy, distribute and/or modify Open-AudIT
  under certain conditions. Read the 'LICENSE' file in the
  Open-AudIT distribution or read the online version of the
  license for more details.

• Open-AudIT is provided AS IS with NO WARRANTY OF
  ANY KIND, INCLUDING THE WARRANTY OF DESIGN,
  MERCHANTABILITY, AND FITNESS FOR A
  PARTICULAR PURPOSE.


                                                  background
No Warranty???
Consider the notion put forth by Carla Schroder (editor of
Linux Today), that it is our duty to support Open Source
Software ('editors note: you get what you pay for ').

By using the software and contributing to it's development
(via forums or writing code), we add to it's value and
usability.




                                                   background
Open-Audit is FREE

• FreeAsInBeer and FreeAsInSpeech
• Under the creative commons license:
 http://creativecommons.org/licenses/by-sa/2.5/
• There is a good size user group and active
  forum




                                                  benefits
What do you get for free?




                            benefits
Open-Audit = Automation
            Overview
            Open Audit audits the hardware
            and software it discovers on your
            computers, and posts its findings
            to a MySQL database. From there
            the data is presented in a clean
            and readable form via a set of PHP
            web pages. 
                       A.Hull (Moderator, 
                                         Open-Audit forum )
                                                         s 




                                      the solution 
Automation = No typing errors!




                           the solution 
Free: Automated data collecting

•   Hardware
•   Software
•   Operating System Settings
•   Security Settings
•   Users and Groups
•   Disk Usage Graphs
•   Audit History



                                benefits
Free: Data Reports
•   Operating System Type
•   IE Versions
•   Firefox Versions
•   Memory Sizes
•   Processor Types and Speeds
•   Hard Disk sizes
•   Software Keys
•   Detected Network Servers
•   Newly Detected Software
•   Low Disk Space
•   Systems not audited for xxx days
•   Export to Inkscape, Dia, PDF


                                       benefits
What's the catch?




                    benefits
Not Free: Cost of ownership
 Requirements:               Beneficial components:
  •   Web server             •   Apache (recommended)
  •   PHP                    •   Windows Domain
  •   MySQL                  •   Domain Admin account
  •   Secured installation   •   Secured LAN




                                                  the catch
Not Free: Knowledge and Skills
Q: We are a windows shop
A: XAMPP is an easy to install Apache
distribution containing MySQL, PHP and Perl. 



Q: No knowledge of PHP/MySQL
A: No configuration, easy to install Open
Audit. Must possess basic sysadmin
troubleshooting and problem solving skills.
After all, it is a tool, not an employee.




                                                the catch
How Open-Audit works




                       mechanics
How Open-Audit works
Roles of Components:
• Application resides on Web Sever
• Domain Admin account to remote audit machines

If there is no Domain admin account:
• Local machine can have a scheduled job to regularly
  audit and send results to the server




                                                   mechanics
Server installation: Mac (osX 10.4)
Up and running in minutes (overview):
•   Turn on web sharing
•   Install MySQL (DMG available from project site)
•   Install PHP (Entropy PHP 5.2.9-7.pkg is an easy solution)
•   Optional SQL GUI
•   Create a database and user
•   Subversion installation (Follow instructions from WikiHow )
•   Check Out Open-Audit from repository
•   Follow web based installation guide
     o http://server-address/open-audit/




                                                                  mechanics
Server installation: Linux (Centos)
  Up and running in minutes (overview):
   •   yum install httpd subversion mysql php php-mysql php-common
   •   create database and user
   •   svn co https://open-audit.svn..../trunk /var/www/open-audit/
   •   /etc/init.d/httpd start
   •   /etc/init.d/mysqld start
   •   Follow web install instructions




                                                                      mechanics
Server installation: windows
Up and running in minutes (overview):
•   Download and install XAMPP & tortoisesvn
•   Create database and user
•   Grab a copy of Open-Audit from svn repository 
•   Follow web based installation guide
     o http://server-address/open-audit/




                                                     mechanics
Client installation
** note:
 • No client installation is needed if all computers are on a domain and
    you have domain admin account


Overview:
 • Scheduled task to run .cmd file on network share
    o network share has the audit.config file which points
      to the server
 • Windows audit with vbs script
 • Unix audit with shell script




                                                                    mechanics
Open-Audit : quick tour




                          tour

Mais conteúdo relacionado

Mais procurados

Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360Scott Sutherland
 
Free OpManager training Part 2 Monitoring Server Performance- season#3
Free OpManager training Part 2 Monitoring Server Performance- season#3Free OpManager training Part 2 Monitoring Server Performance- season#3
Free OpManager training Part 2 Monitoring Server Performance- season#3ManageEngine, Zoho Corporation
 
Free OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network MapsFree OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network MapsManageEngine, Zoho Corporation
 
Season 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationSeason 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationManageEngine, Zoho Corporation
 
Configlets, compliance, RBAC & reports - Network Configuration Manager
Configlets, compliance, RBAC & reports - Network Configuration ManagerConfiglets, compliance, RBAC & reports - Network Configuration Manager
Configlets, compliance, RBAC & reports - Network Configuration ManagerManageEngine, Zoho Corporation
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationManageEngine, Zoho Corporation
 
[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training]  Part 4- Network fault-management & IT automation[Free OpManager training]  Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automationManageEngine, Zoho Corporation
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training ManageEngine, Zoho Corporation
 
Transparent proxy - SIP - 2014 - NCC LAB
Transparent proxy - SIP - 2014 - NCC LABTransparent proxy - SIP - 2014 - NCC LAB
Transparent proxy - SIP - 2014 - NCC LABBenith T
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and ITSite24x7
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.ManageEngine, Zoho Corporation
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightManageEngine, Zoho Corporation
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security productsNCC Group
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnclaveSecurity
 

Mais procurados (20)

6421 b Module-14
6421 b Module-146421 b Module-14
6421 b Module-14
 
Free OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoringFree OpManager training_ Part 2-server monitoring
Free OpManager training_ Part 2-server monitoring
 
Attack all the layers secure 360
Attack all the layers secure 360Attack all the layers secure 360
Attack all the layers secure 360
 
Network and server performance monitoring training
Network and server performance monitoring trainingNetwork and server performance monitoring training
Network and server performance monitoring training
 
6421 b Module-09
6421 b Module-096421 b Module-09
6421 b Module-09
 
Free OpManager training Part 2 Monitoring Server Performance- season#3
Free OpManager training Part 2 Monitoring Server Performance- season#3Free OpManager training Part 2 Monitoring Server Performance- season#3
Free OpManager training Part 2 Monitoring Server Performance- season#3
 
Free OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network MapsFree OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network Maps
 
Season 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classificationSeason 4 [Free OpManager training] Part1- Discovery and classification
Season 4 [Free OpManager training] Part1- Discovery and classification
 
Configlets, compliance, RBAC & reports - Network Configuration Manager
Configlets, compliance, RBAC & reports - Network Configuration ManagerConfiglets, compliance, RBAC & reports - Network Configuration Manager
Configlets, compliance, RBAC & reports - Network Configuration Manager
 
Free OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classificationFree OpManager training_Part 1- Discovery & classification
Free OpManager training_Part 1- Discovery & classification
 
[Free OpManager training] Part 4- Network fault-management & IT automation
[Free OpManager training]  Part 4- Network fault-management & IT automation[Free OpManager training]  Part 4- Network fault-management & IT automation
[Free OpManager training] Part 4- Network fault-management & IT automation
 
Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training Monitoring network performance- Part 3_Free OpManager training
Monitoring network performance- Part 3_Free OpManager training
 
Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)Copy of learn_the_art_of_firewall_security(1)
Copy of learn_the_art_of_firewall_security(1)
 
Transparent proxy - SIP - 2014 - NCC LAB
Transparent proxy - SIP - 2014 - NCC LABTransparent proxy - SIP - 2014 - NCC LAB
Transparent proxy - SIP - 2014 - NCC LAB
 
[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT[old] Network Performance Monitoring for DevOps and IT
[old] Network Performance Monitoring for DevOps and IT
 
OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.OpManager training - Device discovery and classification.
OpManager training - Device discovery and classification.
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
 
802 11 3
802 11 3802 11 3
802 11 3
 
07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products07182013 Hacking Appliances: Ironic exploits in security products
07182013 Hacking Appliances: Ironic exploits in security products
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security Assessments
 

Destaque

SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDThreat Stack
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxGiuseppe Paterno'
 
How To Train Your Python
How To Train Your PythonHow To Train Your Python
How To Train Your PythonJordi Riera
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockThreat Stack
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
 
Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014Micah Hoffman
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisObserveIT
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionOlivier DASINI
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Pythonpycontw
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
 
Handling of compromised Linux systems
Handling of compromised Linux systemsHandling of compromised Linux systems
Handling of compromised Linux systemsMichael Boelen
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration TestersNikhil Mittal
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationWill Schroeder
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 

Destaque (20)

SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
 
Protecting confidential files using SE-Linux
Protecting confidential files using SE-LinuxProtecting confidential files using SE-Linux
Protecting confidential files using SE-Linux
 
Audit
AuditAudit
Audit
 
How To Train Your Python
How To Train Your PythonHow To Train Your Python
How To Train Your Python
 
Linux audit framework
Linux audit frameworkLinux audit framework
Linux audit framework
 
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete CheslockBringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
Bringing Infosec Into The Devops Tribe: Q&A With Gene Kim and Pete Cheslock
 
Dealing with Linux Malware
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux Malware
 
Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014Everyone Matters In Infosec 2014
Everyone Matters In Infosec 2014
 
Whitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and SolarisWhitepaper: User Audit Options for Linux and Solaris
Whitepaper: User Audit Options for Linux and Solaris
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
MySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise EditionMySQL Day Paris 2016 - MySQL Enterprise Edition
MySQL Day Paris 2016 - MySQL Enterprise Edition
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
 
Network Security and Analysis with Python
Network Security and Analysis with PythonNetwork Security and Analysis with Python
Network Security and Analysis with Python
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 
Handling of compromised Linux systems
Handling of compromised Linux systemsHandling of compromised Linux systems
Handling of compromised Linux systems
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
PowerShell for Penetration Testers
PowerShell for Penetration TestersPowerShell for Penetration Testers
PowerShell for Penetration Testers
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege Escalation
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 

Semelhante a Open Audit

Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Michael Dobe, Ph.D.
 
Continuous Integration for OpenVMS with Jenkins
Continuous Integration for OpenVMS with JenkinsContinuous Integration for OpenVMS with Jenkins
Continuous Integration for OpenVMS with Jenkinsecubemarketing
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementSharkrit JOBBO
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and dockerFabio Fumarola
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...OpenWhisk
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarArun Kumar
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeDenis Gundarev
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...PranavPatil822557
 
IBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudIBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudAndrew Coleman
 
SRV312 DevOps on AWS: Building Systems to Deliver Faster
SRV312 DevOps on AWS: Building Systems to Deliver FasterSRV312 DevOps on AWS: Building Systems to Deliver Faster
SRV312 DevOps on AWS: Building Systems to Deliver FasterAmazon Web Services
 
Packaging tool options
Packaging tool optionsPackaging tool options
Packaging tool optionsLen Bass
 
DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoAmazon Web Services
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point   automation-opensourcetestingtools_matrix-1Microsoft power point   automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point   automation-opensourcetestingtools_matrix-1Microsoft power point   automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1tactqa
 
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...WASdev Community
 
InfoSec 2011: Crash Course Open Source Cloud Computing
InfoSec 2011: Crash Course Open Source Cloud ComputingInfoSec 2011: Crash Course Open Source Cloud Computing
InfoSec 2011: Crash Course Open Source Cloud ComputingMark Hinkle
 

Semelhante a Open Audit (20)

Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)Apache Street Smarts Presentation (SANS 99)
Apache Street Smarts Presentation (SANS 99)
 
Continuous Integration for OpenVMS with Jenkins
Continuous Integration for OpenVMS with JenkinsContinuous Integration for OpenVMS with Jenkins
Continuous Integration for OpenVMS with Jenkins
 
Windows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server ManagementWindows 2012 R2 Multi Server Management
Windows 2012 R2 Multi Server Management
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumar
 
Cloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumarCloudexpowest opensourcecloudcomputing-1by arun kumar
Cloudexpowest opensourcecloudcomputing-1by arun kumar
 
Application Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternativeApplication Streaming is dead. A smart way to choose an alternative
Application Streaming is dead. A smart way to choose an alternative
 
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
Machine Learning , Analytics & Cyber Security the Next Level Threat Analytics...
 
IBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the CloudIBM InterConnect 2015 - IIB in the Cloud
IBM InterConnect 2015 - IIB in the Cloud
 
Jineesh
JineeshJineesh
Jineesh
 
SRV312 DevOps on AWS: Building Systems to Deliver Faster
SRV312 DevOps on AWS: Building Systems to Deliver FasterSRV312 DevOps on AWS: Building Systems to Deliver Faster
SRV312 DevOps on AWS: Building Systems to Deliver Faster
 
Versioning for Developers
Versioning for DevelopersVersioning for Developers
Versioning for Developers
 
Packaging tool options
Packaging tool optionsPackaging tool options
Packaging tool options
 
DevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San FranciscoDevOps on AWS: DevOps Day San Francisco
DevOps on AWS: DevOps Day San Francisco
 
Developer Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdfDeveloper Tools at AWS 2018.pdf
Developer Tools at AWS 2018.pdf
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point   automation-opensourcetestingtools_matrix-1Microsoft power point   automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1
 
Microsoft power point automation-opensourcetestingtools_matrix-1
Microsoft power point   automation-opensourcetestingtools_matrix-1Microsoft power point   automation-opensourcetestingtools_matrix-1
Microsoft power point automation-opensourcetestingtools_matrix-1
 
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
AAI-2016 WebSphere Application Server Installation and Maintenance in the Ent...
 
InfoSec 2011: Crash Course Open Source Cloud Computing
InfoSec 2011: Crash Course Open Source Cloud ComputingInfoSec 2011: Crash Course Open Source Cloud Computing
InfoSec 2011: Crash Course Open Source Cloud Computing
 

Open Audit

  • 1. Open Audit The Automation of Network Inventory UCCSC 2009 Noah Spahn - UCSB
  • 3. Necessity of Inventory Systems • Ignorance is not a valid excuse for Network Administrators • Sample Questions: o Which systems are near the end of their warranty? o Which Towers contain model #*** video card? o Which IPs are in use and where? o How many licenses are left for X software? o Which systems don't have the MS security patch that was released yesterday? the problem 
  • 4. Problems of Inventory Systems • Manual entry is Error Prone o Especially in complex systems • Budget restrictions o Economic drought means cheaper solutions are that much more favorable the problem 
  • 5. Manual Entry = Errors Excel Spreadsheets Benefits - query by column - MS ‘familiarity’ Disadvantages - manual entry - MS knowledge required - possible to overwrite data - file naming conventions & storage - MS advanced function can be dangerous the problem 
  • 6. Origin of Open-Audit • Open Source http://winventory.sourceforge.net/ • Mark Unwin had written a script to audit computers on a network, saw the need to extend it (to have a query-able web interface). In 2005 the project was originally released via the GPL (http://www.gnu.org/copyleft/gpl.html) • wmi, vbscript, mysql & php background
  • 7. Free Software License • Open-AudIT is licensed under the terms of the GNU General Public License Version 2 as published by the Free Software Foundation. This gives you legal permission to copy, distribute and/or modify Open-AudIT under certain conditions. Read the 'LICENSE' file in the Open-AudIT distribution or read the online version of the license for more details. • Open-AudIT is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. background
  • 8. No Warranty??? Consider the notion put forth by Carla Schroder (editor of Linux Today), that it is our duty to support Open Source Software ('editors note: you get what you pay for '). By using the software and contributing to it's development (via forums or writing code), we add to it's value and usability. background
  • 9. Open-Audit is FREE • FreeAsInBeer and FreeAsInSpeech • Under the creative commons license: http://creativecommons.org/licenses/by-sa/2.5/ • There is a good size user group and active forum benefits
  • 10. What do you get for free? benefits
  • 11. Open-Audit = Automation Overview Open Audit audits the hardware and software it discovers on your computers, and posts its findings to a MySQL database. From there the data is presented in a clean and readable form via a set of PHP web pages.  A.Hull (Moderator,  Open-Audit forum ) s  the solution 
  • 12. Automation = No typing errors! the solution 
  • 13. Free: Automated data collecting • Hardware • Software • Operating System Settings • Security Settings • Users and Groups • Disk Usage Graphs • Audit History benefits
  • 14. Free: Data Reports • Operating System Type • IE Versions • Firefox Versions • Memory Sizes • Processor Types and Speeds • Hard Disk sizes • Software Keys • Detected Network Servers • Newly Detected Software • Low Disk Space • Systems not audited for xxx days • Export to Inkscape, Dia, PDF benefits
  • 15. What's the catch? benefits
  • 16. Not Free: Cost of ownership Requirements: Beneficial components: • Web server • Apache (recommended) • PHP • Windows Domain • MySQL • Domain Admin account • Secured installation • Secured LAN the catch
  • 17. Not Free: Knowledge and Skills Q: We are a windows shop A: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl.  Q: No knowledge of PHP/MySQL A: No configuration, easy to install Open Audit. Must possess basic sysadmin troubleshooting and problem solving skills. After all, it is a tool, not an employee. the catch
  • 18. How Open-Audit works mechanics
  • 19. How Open-Audit works Roles of Components: • Application resides on Web Sever • Domain Admin account to remote audit machines If there is no Domain admin account: • Local machine can have a scheduled job to regularly audit and send results to the server mechanics
  • 20. Server installation: Mac (osX 10.4) Up and running in minutes (overview): • Turn on web sharing • Install MySQL (DMG available from project site) • Install PHP (Entropy PHP 5.2.9-7.pkg is an easy solution) • Optional SQL GUI • Create a database and user • Subversion installation (Follow instructions from WikiHow ) • Check Out Open-Audit from repository • Follow web based installation guide o http://server-address/open-audit/ mechanics
  • 21. Server installation: Linux (Centos) Up and running in minutes (overview): • yum install httpd subversion mysql php php-mysql php-common • create database and user • svn co https://open-audit.svn..../trunk /var/www/open-audit/ • /etc/init.d/httpd start • /etc/init.d/mysqld start • Follow web install instructions mechanics
  • 22. Server installation: windows Up and running in minutes (overview): • Download and install XAMPP & tortoisesvn • Create database and user • Grab a copy of Open-Audit from svn repository  • Follow web based installation guide o http://server-address/open-audit/ mechanics
  • 23. Client installation ** note: • No client installation is needed if all computers are on a domain and you have domain admin account Overview: • Scheduled task to run .cmd file on network share o network share has the audit.config file which points to the server • Windows audit with vbs script • Unix audit with shell script mechanics
  • 24. Open-Audit : quick tour tour