Difference between revisions of "Setting up A Network Monitoring and Inventory System"

From Alpine Linux
Jump to: navigation, search
m (updated example script path)
m (Added See also: Inotifyd)
 
(16 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
{{Draft|This page started out as a fun project, but then it wasn't fully completed due to time constraints.  Following it will result in having a server that can run a ping sweep of a given subnet, submit the results of the sweep to OpenAudit so that the Windows machines will be audited automatically, then parse the results and add found computers to different Nagios hostgroups in NagioSQL based on certain software that they have installed, such as Microsoft Exchange or Lotus Domino.  Unfortunately, the final code for OpenAudit + Nagios integration, the part that exports the data from the NagioSQL database to the nagios config files then issues a SIGHUP to Nagios so the changes take effect, hasn't been implemented yet.  Once it has been, this page will be updated.}}
 +
 
 +
== Goal ==
 +
 
 +
Basic concept is to combine the above apps/utilities to create an easy to set up and low upkeep monitoring system that also tracks inventory thanks to OpenAudit.  Redundant entries in configs will be kept to a minimum (hopefully).  New devices should be auto-added to monitoring systems, along with associated services (for example, a Windows server running MS Exchange might have basic services such as CPU load, HD free space, running services and Exchange queues monitored, whereas a router running on Alpine Linux would might need the routing table, throughput, and opennhrp monitored).  Also, software licensing should be monitored so that Windows boxes do not exceed purchased licenses.
  
{{Draft}}
+
Once finished, the scripts to tie OpenAudit and the monitoring components will be called AMAAPS (Automatic Monitoring And Auditing Populating System) (WIP available at http://github.com/jbilyk/AMAAPS)
  
This guide will set up (list subject to change):
+
To accomplish the above, this guide will set up (list subject to change):
 
* Lighttpd
 
* Lighttpd
* Nagios - apk is working
+
* Nagios
**Nagconfig?
+
*NagiosQL
**NagiosQL - need to test (http://www.nagiosql.org/about-nagiosql.html, http://www.nagiosql.org/faq/31-general-documentation/71-nagiosql3-documentation.html)
+
* [[Setting up Cacti|Cacti]]
* Cacti - basic functionality working in apk
+
* [[Setting up Smokeping|Smokeping]]
* [[Setting up Smokeping|Smokeping]] - need to tie in with OpenAudit - auto add routers, switches, public DNS server
+
* OpenAudit
* OpenAudit - need apk
 
* SNMPTT - follow http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
 
 
* MySQL DB and associated scripts to tie these together
 
* MySQL DB and associated scripts to tie these together
  
Line 17: Line 19:
 
* You have a knowledge of your network setup (at least know which subnets exist)
 
* You have a knowledge of your network setup (at least know which subnets exist)
 
* Your network allows ICMP ping packets to every device that you want discovered and automatically added to the system
 
* Your network allows ICMP ping packets to every device that you want discovered and automatically added to the system
* Your firewalls (whether on your networking devices or end-user devices) allow traffic back to the server that is being set up, and if it is a Windows host, allows WMI queries in
+
* Your firewalls (whether on your networking devices or end-user devices) allow traffic back to the server that is being set up, and if it is a Windows host, allows RPC calls in especially if running the audits on Win7 Pro machines, double-check local firewall settings for traffic to/from OpenAudit computer (will allow audits to happen properly when triggered via the OpenAudit computer).
* If you are auditing a Windows domain, you have access to an account that has local administrator privileges on every computer (on Win XP a user with Power User privileges may be enough).  If running the audits on Win7 Pro machines, double-check local firewall that it allows RPC traffic to/from OpenAudit computer (will allow audits to happen properly when triggered via the OpenAudit computer).
+
* If you are auditing a Windows domain, you have access to an account that has local administrator privileges on every computer (on Win XP a user with Power User privileges may be enough).
  
== Goal ==
+
== Steps ==
 +
 
 +
===Install lighttpd===
 +
 
 +
{{:Setting Up Lighttpd With FastCGI}}
  
Basic concept is to combine the above apps/utilities to create an easy to set up and low upkeep monitoring system that also tracks inventory thanks to OpenAudit.  Redundant entries in configs will be kept to a minimum (hopefully).  New devices should be auto-added to monitoring systems, along with associated services (for example, a Windows server running MS Exchange might have basic services such as CPU load, HD free space, running services and Exchange queues monitored, whereas a router running on Alpine Linux would might need the routing table, throughput, and opennhrp monitored).  Also, software licensing should be monitored so that Windows boxes do not exceed purchased licenses.
+
===Configure MySQL===
  
== Steps ==
+
{{Cmd|<nowiki>/usr/bin/mysql_install_db --user=mysql
 +
/etc/init.d/mysql start && rc-update add mysql default
 +
/usr/bin/mysqladmin -u root password 'password'</nowiki>}}
  
Install lighttpd, PHP and MySql
 
apk add lighttpd mysql mysql-client php-mysql php-mysqli php php-xml php-json php-gettext php-gd curl php-curl php-mcrypt
 
Edit lighttpd.conf'''
 
nano +46 /etc/lighttpd/lighttpd.conf
 
Uncomment lines:
 
uncoment    include "mod_fastcgi.conf", save and exit
 
Starting http service and adding to boot'''
 
/etc/init.d/lighttpd start && rc-update add lighttpd default
 
Configure MySQL
 
/usr/bin/mysql_install_db --user=mysql
 
/etc/init.d/mysql start && rc-update add mysql default
 
/usr/bin/mysqladmin -u root password 'password'
 
 
Install Nagios, nagios-plugins and Nagiosql and other needed packages
 
Install Nagios, nagios-plugins and Nagiosql and other needed packages
apk add nagios nagios-web nagios-plugins nagiosql php-mysqli php-mysql
+
{{Cmd|apk add nagios nagios-web nagios-plugins nagiosql php-mysqli php-mysql}}
 +
 
 
Create soft-link for nagiosql virtual host'
 
Create soft-link for nagiosql virtual host'
ln -s /usr/share/webapps/nagiosql /var/www/localhost/htdocs/nagiosql
+
{{Cmd|ln -s /usr/share/webapps/nagiosql /var/www/localhost/htdocs/nagiosql}}
 +
 
 
Change permissions for nagiosql
 
Change permissions for nagiosql
chown lighttpd:lighttpd /usr/share/webapps/nagiosql/configs
+
{{Cmd|chown lighttpd:lighttpd /usr/share/webapps/nagiosql/config}}
 +
 
 
Browse to http://localhost/nagiosql and follow the setup instructions.
 
Browse to http://localhost/nagiosql and follow the setup instructions.
Create folder /usr/share/webapps/openaudit and link to virtual host folder
+
Create folder ''/usr/share/webapps/openaudit'' and link to virtual host folder
mkdir /usr/share/webapps/openaudit
+
 
chown lighttpd:lighttpd /usr/share/webapps/openaudit
+
{{Cmd|mkdir /usr/share/webapps/openaudit
ln -s /usr/share/webapps/openaudit /var/www/localhost/htdocs/openaudit
+
chown lighttpd:lighttpd /usr/share/webapps/openaudit
 +
ln -s /usr/share/webapps/openaudit /var/www/localhost/htdocs/openaudit</nowiki>}}
 +
 
 
Download openaudit from http://downloads.sourceforge.net/open-audit/openauditrelease-09.12.23-SVN1233.zip and extract to /usr/share/webapps/openaudit.<br />
 
Download openaudit from http://downloads.sourceforge.net/open-audit/openauditrelease-09.12.23-SVN1233.zip and extract to /usr/share/webapps/openaudit.<br />
 +
 
On a Windows server, create scheduled tasks to run ping-sweep-main.bat, lookup-main.bat and insert-hosts-main.bat on a regular basis.  Since the insert-hosts-main.bat file runs RPC calls against other Windows servers, at the moment this section needs to run on a Windows server...<br />
 
On a Windows server, create scheduled tasks to run ping-sweep-main.bat, lookup-main.bat and insert-hosts-main.bat on a regular basis.  Since the insert-hosts-main.bat file runs RPC calls against other Windows servers, at the moment this section needs to run on a Windows server...<br />
Back on the Alpine monitoring server, start preparation of nagiosql for the Nagios paths used in Alpine Linux:
+
<br />
echo "update db_nagiosql_v3.tbl_domain set binaryfile = '/usr/sbin/nagios';" | mysql --user=root -p
+
To be continued...<br />
  echo "update db_nagiosql_v3.tbl_domain set importdir = '/etc/nagios/';" | mysql --user=root -p
+
 
echo "update db_nagiosql_v3.tbl_domain set basedir = '/etc/nagios/';" | mysql --user=root -p
+
AMAAPS now has code to add Windows hosts that were found using OpenAudit into NagioSQL host table. Also will now add Exchange servers, SQL servers, and Lotus Domino servers to the proper hostgroups.
echo "update db_nagiosql_v3.tbl_domain set hostconfig = '/etc/nagios/';" | mysql --user=root -p
+
 
echo "update db_nagiosql_v3.tbl_domain set serviceconfig = '/etc/nagios/';" | mysql --user=root -p
+
NOW: Finish NagioSQL config so that it has:
echo "update db_nagiosql_v3.tbl_domain set backupdir = '/etc/nagiosql/';" | mysql --user=root -p
+
* semi-sensible defaults (hostgroup setup, check commands, etc) and
echo "update db_nagiosql_v3.tbl_domain set hostbackup = '/etc/nagiosql/';" | mysql --user=root -p
+
* a triggered reload of Nagios config when it's changed
echo "update db_nagiosql_v3.tbl_domain set servicebackup = '/etc/nagiosql/';" | mysql --user=root -p
+
 
 +
== Notes ==
  
== Progress Log ==
 
Set up Alpine server with Lighttpd 1.4.28-r0, PHP 5.3.3-r2 and MySQL 5.1.50-r0 with OpenAudit 09.12.23.  Windows box can be audited with results returned to Alpine.<br />
 
Set up test cacti system and made sure the basics work with the new aport.<br />
 
 
SNMPTT receives snmp traps properly and sends them on to Nagios but they aren't parsed in any way yet.<br />
 
SNMPTT receives snmp traps properly and sends them on to Nagios but they aren't parsed in any way yet.<br />
Installed Nagiosql, need to investigate potential usage + OpenAudit integration.<br />
+
 
Got nmap results into OpenAudit.  Needed a change in admin_nmap_input.php line 48 ("Interesting ports on" -> "Nmap scan report for"), for which a bug report was filed upstream.
+
Got nmap results into OpenAudit.  Needed a change in admin_nmap_input.php line 48 ("Interesting ports on" -> "Nmap scan report for"), for which a bug report was filed upstream.<br />
 +
 
 
Got pingable/resolvable hosts automatically added into OpenAudit:
 
Got pingable/resolvable hosts automatically added into OpenAudit:
 
* When auto-adding using scripts below, Windows versions 2000 (Pro and Server), XP Pro, 2003 (inc R2)(Std/Ent)(x86/x64) were detected.  Windows 7 Pro only detected when the local firewall was set to allow RPC traffic through
 
* When auto-adding using scripts below, Windows versions 2000 (Pro and Server), XP Pro, 2003 (inc R2)(Std/Ent)(x86/x64) were detected.  Windows 7 Pro only detected when the local firewall was set to allow RPC traffic through
 
* Some printers (HP LJ3300, LJ8100) were detected whereas other models weren't
 
* Some printers (HP LJ3300, LJ8100) were detected whereas other models weren't
 
* No networking devices (switches/routers) were added
 
* No networking devices (switches/routers) were added
 
== Operational Concept ==
 
 
Nmap -> OpenAudit
 
 
# Scheduled nmap ping sweep of subnets (one at a time)
 
# Check if hosts have been audited recently
 
# If not, trigger an nmap OS detection
 
# If Windows, trigger a remote audit
 
# If other device type, do ___ to audit
 
 
OpenAudit -> Nagios (or Cacti, or Smokeping)
 
  
 
# Schedule a query of Windows Servers from OpenAudit + installed software
 
# Schedule a query of Windows Servers from OpenAudit + installed software
Line 88: Line 77:
 
# If it doesn't, add host monitoring + base services
 
# If it doesn't, add host monitoring + base services
 
# For each MS software (such as Exchange, SQL, DPM), add services
 
# For each MS software (such as Exchange, SQL, DPM), add services
 
+
# Query core switch via LLDP to find out where devices are and set up dependencies automatically
For bonus points:
+
# SNMPTT integration to Nagios (setup based on device info in OpenAudit) - follow http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
 
 
# Query LLDP to find out where device is and set up dependencies automatically
 
# SNMPTT integration to Nagios (setup based on device info in OpenAudit)
 
  
 
== Random scripts ==
 
== Random scripts ==
  
Since part of implementation runs on Windows, a set of scripts that can run on both Windows and Alpine Linux are being put together.
+
Since part of implementation runs on Windows (due to running a VBScript from OpenAudit to collect Windows server/workstation info via RPC), a set of scripts that run on Windows are listed below.
  
host-detect.sh: a one-line linux command to replace all of the ping-sweep* and lookup* batch files.
 
 
Ping-sweep*.bat: does an nmap ping sweep of each subnet in subnet.txt and writes all hosts that are up to a file
 
Ping-sweep*.bat: does an nmap ping sweep of each subnet in subnet.txt and writes all hosts that are up to a file
 
lookup*.bat: does a A record DNS lookup for each host that's pingable and writes results to a file
 
lookup*.bat: does a A record DNS lookup for each host that's pingable and writes results to a file
 
insert-hosts*: for each resolvable host, downloads the vbscript to insert the host information into openaudit (uses WMI to get hardware, OS and software info)
 
insert-hosts*: for each resolvable host, downloads the vbscript to insert the host information into openaudit (uses WMI to get hardware, OS and software info)
 
host-detect.sh (replaces all batch files below)
 
#!/bin/sh
 
for IPADDRESS in `nmap -sP 10.14.8-39.0-255 | grep "Nmap scan report for" | awk -F ' ' '{print $NF}' | sed s/\(// | sed s/\)//`;do nslookup $IPADDRESS | grep "name =" | awk -F '=' '{print $2}';done
 
  
 
ping-sweep-main.bat
 
ping-sweep-main.bat
Line 170: Line 151:
  
 
  select system_uuid,system_name,net_ip_address,system_os_name from openaudit.system where system_os_name like '%Microsoft%Server%';
 
  select system_uuid,system_name,net_ip_address,system_os_name from openaudit.system where system_os_name like '%Microsoft%Server%';
 +
 +
exchangeservers hostgroup:<br />
 +
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'exchangeservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;<br />
 +
sqlservers hostgroup:<br />
 +
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'sqlservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;<br />
 +
lotusnotesservers hostgroup:<br />
 +
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'lotusnotesservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;<br />
 +
windowsservers hostgroup:<br />
 +
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'windowsservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;<br />
 +
<br />
 +
OpenAudit queries:<br />
 +
Exchange:<br />
 +
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%icrosoft%xchange' and software.software_uuid = system.system_uuid;<br />
 +
SQL:<br />
 +
select distinct system.system_name,system.net_ip_address from system,software where software.software_name like '%icrosoft%SQL%erver%200%' and system.system_os_name like '%erver%' and software.software_uuid = system.system_uuid;<br />
 +
Lotus Domino:<br />
 +
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%otus%omino%' and software.software_uuid = system.system_uuid;<br />
 +
Windows:<br />
 +
select distinct system.system_name,system.net_ip_address from system where system.system_os_name like '%microsoft%server%';<br />
 +
 +
== See also ==
 +
* [[Inotifyd]]: For monitoring directory or file changes or for post processing.
 +
 +
[[Category:Networking]]
 +
[[Category:Monitoring]]
 +
[[Category:SQL]]

Latest revision as of 05:35, 17 September 2017

Underconstruction clock icon gray.svg
This material is work-in-progress ...

This page started out as a fun project, but then it wasn't fully completed due to time constraints. Following it will result in having a server that can run a ping sweep of a given subnet, submit the results of the sweep to OpenAudit so that the Windows machines will be audited automatically, then parse the results and add found computers to different Nagios hostgroups in NagioSQL based on certain software that they have installed, such as Microsoft Exchange or Lotus Domino. Unfortunately, the final code for OpenAudit + Nagios integration, the part that exports the data from the NagioSQL database to the nagios config files then issues a SIGHUP to Nagios so the changes take effect, hasn't been implemented yet. Once it has been, this page will be updated.
(Last edited by John3-16 on 17 Sep 2017.)

Goal

Basic concept is to combine the above apps/utilities to create an easy to set up and low upkeep monitoring system that also tracks inventory thanks to OpenAudit. Redundant entries in configs will be kept to a minimum (hopefully). New devices should be auto-added to monitoring systems, along with associated services (for example, a Windows server running MS Exchange might have basic services such as CPU load, HD free space, running services and Exchange queues monitored, whereas a router running on Alpine Linux would might need the routing table, throughput, and opennhrp monitored). Also, software licensing should be monitored so that Windows boxes do not exceed purchased licenses.

Once finished, the scripts to tie OpenAudit and the monitoring components will be called AMAAPS (Automatic Monitoring And Auditing Populating System) (WIP available at http://github.com/jbilyk/AMAAPS)

To accomplish the above, this guide will set up (list subject to change):

  • Lighttpd
  • Nagios
  • NagiosQL
  • Cacti
  • Smokeping
  • OpenAudit
  • MySQL DB and associated scripts to tie these together

This guide will assume:

  • You have a knowledge of your network setup (at least know which subnets exist)
  • Your network allows ICMP ping packets to every device that you want discovered and automatically added to the system
  • Your firewalls (whether on your networking devices or end-user devices) allow traffic back to the server that is being set up, and if it is a Windows host, allows RPC calls in especially if running the audits on Win7 Pro machines, double-check local firewall settings for traffic to/from OpenAudit computer (will allow audits to happen properly when triggered via the OpenAudit computer).
  • If you are auditing a Windows domain, you have access to an account that has local administrator privileges on every computer (on Win XP a user with Power User privileges may be enough).

Steps

Install lighttpd

For installing the additional packages first activate community packages:

vi /etc/apk/repositories

Uncomment the following:

http://pkg.example.com/alpine/v3.11/community

Update the packagelist:

apk update

Install the additional packages:

apk add lighttpd php7-common php7-iconv php7-json php7-gd php7-curl php7-xml php7-mysqli php7-imap php7-cgi fcgi php7-pdo php7-pdo_mysql php7-soap php7-xmlrpc php7-posix php7-mcrypt php7-gettext php7-ldap php7-ctype php7-dom

Configure Lighttpd

Edit lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

Uncomment line:

include "mod_fastcgi.conf"


Edit mod_fastcgi.conf

vi /etc/lighttpd/mod_fastcgi.conf

Edit the section:

/usr/bin/php-cgi

To:

/usr/bin/php-cgi7

Start lighttpd service and add to needed runlevel

rc-service lighttpd start && rc-update add lighttpd default

Configure MySQL

/usr/bin/mysql_install_db --user=mysql /etc/init.d/mysql start && rc-update add mysql default /usr/bin/mysqladmin -u root password 'password'

Install Nagios, nagios-plugins and Nagiosql and other needed packages

apk add nagios nagios-web nagios-plugins nagiosql php-mysqli php-mysql

Create soft-link for nagiosql virtual host'

ln -s /usr/share/webapps/nagiosql /var/www/localhost/htdocs/nagiosql

Change permissions for nagiosql

chown lighttpd:lighttpd /usr/share/webapps/nagiosql/config

Browse to http://localhost/nagiosql and follow the setup instructions. Create folder /usr/share/webapps/openaudit and link to virtual host folder

mkdir /usr/share/webapps/openaudit chown lighttpd:lighttpd /usr/share/webapps/openaudit ln -s /usr/share/webapps/openaudit /var/www/localhost/htdocs/openaudit</nowiki>

Download openaudit from http://downloads.sourceforge.net/open-audit/openauditrelease-09.12.23-SVN1233.zip and extract to /usr/share/webapps/openaudit.

On a Windows server, create scheduled tasks to run ping-sweep-main.bat, lookup-main.bat and insert-hosts-main.bat on a regular basis. Since the insert-hosts-main.bat file runs RPC calls against other Windows servers, at the moment this section needs to run on a Windows server...

To be continued...

AMAAPS now has code to add Windows hosts that were found using OpenAudit into NagioSQL host table. Also will now add Exchange servers, SQL servers, and Lotus Domino servers to the proper hostgroups.

NOW: Finish NagioSQL config so that it has:

  • semi-sensible defaults (hostgroup setup, check commands, etc) and
  • a triggered reload of Nagios config when it's changed

Notes

SNMPTT receives snmp traps properly and sends them on to Nagios but they aren't parsed in any way yet.

Got nmap results into OpenAudit. Needed a change in admin_nmap_input.php line 48 ("Interesting ports on" -> "Nmap scan report for"), for which a bug report was filed upstream.

Got pingable/resolvable hosts automatically added into OpenAudit:

  • When auto-adding using scripts below, Windows versions 2000 (Pro and Server), XP Pro, 2003 (inc R2)(Std/Ent)(x86/x64) were detected. Windows 7 Pro only detected when the local firewall was set to allow RPC traffic through
  • Some printers (HP LJ3300, LJ8100) were detected whereas other models weren't
  • No networking devices (switches/routers) were added
  1. Schedule a query of Windows Servers from OpenAudit + installed software
  2. Check that nagiosql has each server in it
  3. If it doesn't, add host monitoring + base services
  4. For each MS software (such as Exchange, SQL, DPM), add services
  5. Query core switch via LLDP to find out where devices are and set up dependencies automatically
  6. SNMPTT integration to Nagios (setup based on device info in OpenAudit) - follow http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios

Random scripts

Since part of implementation runs on Windows (due to running a VBScript from OpenAudit to collect Windows server/workstation info via RPC), a set of scripts that run on Windows are listed below.

Ping-sweep*.bat: does an nmap ping sweep of each subnet in subnet.txt and writes all hosts that are up to a file lookup*.bat: does a A record DNS lookup for each host that's pingable and writes results to a file insert-hosts*: for each resolvable host, downloads the vbscript to insert the host information into openaudit (uses WMI to get hardware, OS and software info)

ping-sweep-main.bat

cd C:\Program Files\WAMP\www\openaudit\scripts\scans
for /F %%i in (subnets.txt) do ping-sweep-backend.bat %%i

ping-sweep-backend.bat

@echo off
cd C:\Program Files\WAMP\www\openaudit\scripts\scans
del %1.ip.txt
nmap -sP %1 | "C:\program files\utilities\bin\grep" "Nmap scan report for" | "C:\Program Files\Utilities\bin\awk" -F " " "{print $NF}" | "C:\Program Files\Utilities\bin\awk" -F "(" "{print $NF}" | "C:\Program Files\Utilities\bin\awk" -F ")" "{print $1}" >> %1.ip.txt

lookup-main.bat

cd C:\Program Files\WAMP\www\openaudit\scripts\scans
for /F %%i in (subnets.txt) do lookup-subnet.bat %%i

lookup-subnet.bat

@echo off
cd C:\Program Files\WAMP\www\openaudit\scripts\scans
del %1.host.txt
for /F %%i in (%1.ip.txt) do @lookup-backend.bat %%i >> %1.host.txt

lookup-backend.bat

@nslookup %1 | "C:\program files\utilities\bin\grep" "Name:  " | "C:\program files\utilities\bin\awk" -F " " "{print $2}"

insert-hosts-main.bat

@echo off
cd C:\Program Files\WAMP\www\openaudit\scripts\scans
for /F %%i in (subnets.txt) do insert-hosts-subnet.bat %%i

insert-hosts-subnet.bat

@echo off
cd C:\Program Files\WAMP\www\openaudit\scripts\scans
for /F %%i in (%1.host.txt) do @insert-hosts-parse.bat %%i

insert-hosts-parse.bat

@echo off
cd C:\Program Files\WAMP\www\openaudit\scripts\scans
echo %1 | "C:\Program Files\Utilities\bin\awk.exe" -F "." "{print $1}" > temp-out-insert.txt
for /F %%A in (temp-out-insert.txt) do @insert-hosts-backend.bat %%A
del temp-out-insert.txt

insert-hosts-backend.bat

cd C:\Program Files\WAMP\www\openaudit\scripts\scans
"C:\Program Files\Utilities\bin\wget.exe" "http://camgmt01/openaudit/launch_local_audit.php?domain=example.org&application=cmd&ext=vbs&hostname=%1&" -O %1.vbs
cscript %1.vbs
del %1.vbs

subnet.txt (snippet)

10.14.8.0-255
10.14.9.0-255

To grab all Windows servers using MySQL:

select system_uuid,system_name,net_ip_address,system_os_name from openaudit.system where system_os_name like '%Microsoft%Server%';

exchangeservers hostgroup:
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'exchangeservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;
sqlservers hostgroup:
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'sqlservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;
lotusnotesservers hostgroup:
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'lotusnotesservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;
windowsservers hostgroup:
select distinct tbl_host.host_name,tbl_host.address from tbl_host,tbl_lnkHostgroupToHost,tbl_hostgroup where tbl_hostgroup.hostgroup_name = 'windowsservers' and tbl_lnkHostgroupToHost.idMaster = tbl_hostgroup.id and tbl_lnkHostgroupToHost.idSlave = tbl_host.id;

OpenAudit queries:
Exchange:
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%icrosoft%xchange' and software.software_uuid = system.system_uuid;
SQL:
select distinct system.system_name,system.net_ip_address from system,software where software.software_name like '%icrosoft%SQL%erver%200%' and system.system_os_name like '%erver%' and software.software_uuid = system.system_uuid;
Lotus Domino:
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%otus%omino%' and software.software_uuid = system.system_uuid;
Windows:
select distinct system.system_name,system.net_ip_address from system where system.system_os_name like '%microsoft%server%';

See also

  • Inotifyd: For monitoring directory or file changes or for post processing.