From ce3e24582fddd6b8e77bc10b001f547d98b202d5 Mon Sep 17 00:00:00 2001 From: Mark Unwin Date: Mon, 8 Jul 2024 17:09:02 +1000 Subject: [PATCH] Fix the help pages for devices and components. --- app/Views/collectionHelp.php | 89 ++++++++++++++++++----------------- app/Views/help/components.php | 64 +++++++++++++++++++++++++ app/Views/help/devices.php | 45 ++++++++++++++++++ 3 files changed, 156 insertions(+), 42 deletions(-) create mode 100644 app/Views/help/components.php create mode 100644 app/Views/help/devices.php diff --git a/app/Views/collectionHelp.php b/app/Views/collectionHelp.php index e64461d03..34a1ae954 100644 --- a/app/Views/collectionHelp.php +++ b/app/Views/collectionHelp.php @@ -52,6 +52,7 @@ + collection !== 'components') { ?>

An entry can be created using the web interface if the current user logged in has a role that contains the collection ?>::create permission.

Go to menu: -> -> Create . Also can be created from the Attributes View, using the "Create" button.

@@ -78,49 +79,53 @@

-
- - - - - - - - - - - - - - - attributes->columns as $column) { ?> - - - - - - - - +
*
name ?>type ?>default ?>max_length ?>primary_key ?>values)) { - (str_replace("','", "', '", $column->values)); - } ?> - name, $dictionary->attributes->create)) { ?> - +
+ + + + + + + + + + + + + + + attributes->columns as $column) { ?> + + + + + + + + + columns->{$column->name})) { ?> + columns->{$column->name})) { ?> + + + + + + + + - - columns->{$column->name})) { ?> - - - - - - - -
*
name ?>type ?>default ?>max_length ?>primary_key ?>values)) { + (str_replace("','", "', '", $column->values)); + } ?> + name, $dictionary->attributes->create)) { ?> + + + columns->{$column->name} ?>
columns->{$column->name}) ?>
columns->{$column->name} ?>
columns->{$column->name}) ?>
-
-


*  -

- +
+
+


*  -

+ diff --git a/app/Views/help/components.php b/app/Views/help/components.php new file mode 100644 index 000000000..13b9d18c6 --- /dev/null +++ b/app/Views/help/components.php @@ -0,0 +1,64 @@ +Open-AudIT has a powerful change detection engine. Any device attributes that are added, removed or changed will be detected and stored. These changes can be reported upon and the relevant data confirmed as to what was expected from your company change and release process.
+
+When a device is audited, attributes are divided into sections which correspond to tables in the database.
+
+Each device (computer, router, printer, et al) has an entry in the devices table. Each entry in the devices table has an id column. This value is unique - it is an auto-incrementing id.
+
+When the audit result is processed, each item in each section has its audit result compared to what is in the database.
+
+For each section, if the key columns (see below table) contain the identical values, it is considered already installed and has its last_seen attribute updated. No change_log entry is created.
+
+If any of the key columns do not match, it is considered a new attribute and is inserted. A change_log entry is created if the device had other attributes already present in the table.
+
+At the completion of the audit processing, any database items that have not been updated (or inserted) are considered to not be present. The current attribute for this item is set to 'n' and a change_log entry is generated.
+
+So, we can determine if something is currently installed - the current column is 'y'.
+
+We can determine when something was initially detected - the 'first_seen'.
+
+We can determine if something was installed after the initial audit - first seen will be different in the component and device tables.
+
+We can determine if something is not currently installed, but previously was - current = 'n'.
+
+We can determine the last time we detected an item - last_seen.
+
+At any given point, we can determine what was on a system - by using the audit_log table and selecting the relevant components based on first_seen and last_seen.
+
+Each section and its matching key columns are below.
+
+NOTE - There are some exceptions as detailed below.
+
+*1 - For network cards, if the computer is a VMware Esx machine it also uses the net_index and connection columns.
+
+*2 - For partitions, f the computer is an AIX machine, we use the partition name.

"; + +$components = array('bios', 'certificate', 'disk', 'dns', 'executable', 'file', 'log', 'memory', 'module', 'monitor', 'motherboard', 'netstat', 'network', 'nmap', 'ip', 'optical', 'pagefile', 'partition', 'policy', 'print_queue', 'processor', 'radio', 'route', 'san', 'scsi', 'server', 'server_item', 'service', 'share', 'software', 'software_key', 'sound', 'task', 'usb', 'user', 'user_group', 'variable', 'video', 'vm', 'windows'); +$table = ''; +foreach ($components as $component) { + $table .= '' . $component . ''; + $columns = match_columns($component); + foreach ($columns as $column) { + $table .= '' . $column . ''; + } + $table .= "\n"; +} + +$body = '

+ + + + + + + + + + + ' . $table . ' + +
TableAttribute #1Attribute #2Attribute #3Attribute #4Attribute #5
+
'; diff --git a/app/Views/help/devices.php b/app/Views/help/devices.php new file mode 100644 index 000000000..55b62d795 --- /dev/null +++ b/app/Views/help/devices.php @@ -0,0 +1,45 @@ +Devices and their configuration are what Open-AudIT is all about.

+
+

Match Process

+

When Open-AudIT receives data about a device, either by discovering the device during an audit run or by the user importing the device, it must determine if this discovered device matches a device that already exists within its database, or if it is a new device that should be added. Open-AudIT uses a series of twelve property matches to determine this. The Match Rules work as OR comparisons, not AND. This means the first rule that matches a field in the discovered device to one in the dB resolves as an existing device. All Matching Rules have to fail in order for a device to be new and result in a new record being created.

+
+

Duplicate Devices / Missing Devices

+

It is important to note that when Open-AudIT determines a match any properties set to \'y\' must match exactly (and not be blank) in order for Open-AudIT to determine that the discovered device matches a device already in the database. If none of the properties marked \'y\' match, then a new device entry will be created, which could result in duplicate device entries. In situations where properties are duplicated, for example a dbus_id is copied during a VM clone, then an existing device may incorrectly get overwritten/updated rather then a new entry being created resulting in missing devices.

+
+

Devices will not be matched if their status is set to "deleted". Any other status will allow a match to occur.

+
+

Matching Linux Devices

+

When matching a Linux based device, we prefer to use the Dbus id concatenated with the hostname. We can also use other options as per the below table, but we can retrieve the Dbus ID without root. To retrieve the UUID (from the motherboard), we need to run dmidecode, which does require root. Unfortunately, when you clone an ESXi guest, the Dbus ID does not get recreated - hence our concatenating this with the hostname. There is a good article linked here that details the why\'s of hardware IDs. http://0pointer.de/blog/projects/ids.html.

+
+

Match Order

+

The logic for device matching is contained in the devices_helper.php file, which on a Linux install can be found here: /usr/local/open-audit/app/Helpers
+
+Matching is conducted in the following order:
+

    +
  1. Match the Opmantek UUID (not configurable)
    2. +
  2. Match the Google Cloud ID (not configurable)
    3. +
  3. match_hostname_uuid
    4. +
  4. match_hostname_dbus
    5. +
  5. match_hostname_serial
    6. +
  6. match_dbus
    7. +
  7. match_dns_fqdn
    8. +
  8. match_dns_hostname
    9. +
  9. match_fqdn
    10. +
  10. match_serial_type
    11. +
  11. match_serial
    12. +
  12. match_sysname_serial
    13. +
  13. match_sysname
    14. +
  14. match_mac (ip table)
    15. +
  15. match_mac (network table)
    16. +
  16. match_mac (addresses)
    17. +
  17. match_ip
    18. +
  18. match_hostname
    19. +
  19. match_ip_no_data
    20. +

+'; + +$body = '
';