Open-AudIT 4.0.0

Open-AudIT 4.0.0

As at October 2020, we have released a new version of Open-AudIT using version 4.0.0.

Why the major version bump?

Well our underlying build infrastructure and libraries have changed in an incompatible way.

This new version is not able to be installed with older Opmantek applications that are designed to talk to NMIS8, hence the major version number increase to 4.0.0.

Wait – my applications won’t work, what?

Unfortunately this is a breaking change. If you are using other Opmantek applications on the same server, you will need to upgrade them all at the same time, including upgrading to NMIS9.

New License Required (perpetual license only)

A new license will be required if you have a perpetual license. Subscription licenses are unaffected. Contact Opmantek if you require a new license.

Application wise, what has changed for me?

Not much really. Most of the changes are behind the scenes. Having said that, there are a few minor front end changes, as detailed in the Release Notes for Open-AudIT v4.0.0.

We have disabled Open-AudIT – NMIS integration for the moment. This is one component that we have to rework in order to be compatible. This is coming ASAP. We have implemented the ability to import and export to and from NMIS as below (all available using the GUI, see Manage → Devices → Import from NMIS). What we don’t have is the ability to sync between NMIS and Open-AudIT.

Community

Auto Import from NMIS 8 using locally loaded and parsed Nodes.nmis (Linux only) and also uploading a Nodes.nmis file (Windows and Linux).
Auto Import from NMIS 9 on Linux using the local command line (Linux only).
Manual export to NMIS 8 – you select the devices and it’ll give you a CSV and instructions to import. (Windows and Linux).

Professional / Enterprise

Auto Import from NMIS 8 using locally loaded and parsed Nodes.nmis (Linux only).
Auto Import from NMIS 9 on Linux using the local command line (Linux only).

Should I upgrade?

No, but maybe you should migrate. That will depend on if you are using NMIS on the same machine (hence Windows users will be unaffected). If you’re not using NMIS (or any other Opmantek applications) on the same server, migrate away! If you are using NMIS on the same server as Open-AudIT, to get to version 4.0.0 you will need to be running NMIS9 and any associated and migrated Opmantek products (opCharts, opReports, et al). If you migrate any Opmantek applications for NMIS9, you will need to migrate them all. We do encourage users to migrate to version 4.x as soon as you can (bearing in mind the NMIS9 requirements).

How do I migrate (and why is this different to an upgrade)?

Our installer will not allow you to upgrade from 3.x to 4.x on Linux. This is in part because when you change to 4.x, you must uplift all other Opmantek applications and we want to make sure you knowingly choose to do so. So, how do you do this? It’s actually very easy. Stop the OMKD daemon, move the /usr/local/omk folder out of the way, and start the 4.x installer. NOTE – If you have NMIS 8 installed, but only Open-AudIT, DO NOT UPGRADE, it will break. Again – NMIS 9 only (at least for now).


# Stop the daemon
sudo systemctl stop omkd

# Move the old install out of the way (do *not* delete it)
sudo mv /usr/local/omk /usr/local/omk.old

# Run the installer
sudo ./tmp/OAE-Linux-x86_64-release_4.0.0.run

# Copy the original configuration files back
sudo cp -r /usr/local/omk.old/conf/* /usr/local/omk/conf/

# Convert those original files to JSON
sudo /usr/local/omk/bin/opcommon-cli.exe act=convert_json_dir dir="/usr/local/omk/conf/"

# Restart the OMKD daemon so it uses the newly converted files
sudo systemctl restart omkd

After doing the above, if Open-AudIT doesn’t acknowledge you have a license, copy the encrypted string from /usr/local/omk.old/conf/opLicense.nmis and paste into the text field at /omk/opLicense (use the Enter a License Key button).

On Windows, there is nothing to do, just run the installer.

What about Windows users?

Windows users are essentially unaffected. Opmantek does not release or support any other products for Windows. Our plan is to get a Windows release out ASAP. This will also be version 4.0.0.

What will happen to us version 3.x users?

We plan to focus development going forward on the 4.x series, so that’s where major new features will be introduced. We won’t completely forget version 3.x users though. Any important bug fixes, minor GUI improvements or security issues will be back-ported.

Is Open-AudIT Community affected?

Basically, no. Professional and Enterprise build their feature sets on top of Community. There have been a couple of very minor changes to Community that don’t affect users (ie, we check and parse an additional config file from Enterprise because that changed). Minor stuff like that. As a result, when you install Professional or Enterprise you will see version 4.0.0 in the title bar, however if you change to the Community GUI you’ll see version 3.5.1. Both the version 4.x and 3.x streams of Professional and Enterprise use the same version of Community (as said, currently 3.5.1). Eventually (when we discontinue support for the 3.x series of Professional / Enterprise) we will increase the Community version to match the 4.x series.

Open-AudIT V4.0.0 New Release

Open-AudIT V4.0.0 New Release

Open-AudIT 4.0.0 is here. For more information about why we have gone to 4.0.0, please see my blog post Open-AudIT 4.0.0.

WARNING – See blog post above about migrating as you cannot upgrade to Open-AudIT 4.0.0 (hint, it’s easy).

A new license will be required if you have a perpetual license. Subscription licenses are unaffected (but may need to be manually copied, see blog post). Contact Opmantek if you require a new license.

Please note (as detailed in the blog post):

  • NMIS9 Syncing has not been implemented for this release.
  • This release is not compatible with older versions of Opmantek products, that were designed for NMIS8.

Open-AudIT Community will (for now) remain at version 3.5.1.

Open-AudIT Professional and Enterprise build on top of Community, so their major version has been increased, as explained in the blog post. So if you install version 4.0.0 and switch to the Community GUI you will see version 3.5.1 there. DON’T PANIC, this is intentional (smile)Linux SHA256: 7e035e6af2260d7fc6a93fdcd6d1ba1193ce09ae7f704031c552daa3c3ff194b

Linux md5sum: 7c5318948aa9c1733396d2f63e27f5ea

There are no major changes for 4.0.0 from a users perspective. The minor changes and fixes are detailed below.

Version Type Collection Description
Professional Bug Tasks Menu link to scheduled reports needed reformatting (user now required to provide quotes when using the IN keyword).
Professional Bug Tasks Add ‘required’ indicator to attributes on tasks_create form.
Professional Bug LDAP Servers Add ‘required’ indicator to ldap_servers::create template for ‘secure’ attribute.
Professional Improvement Attributes Add icons to attributes::read template for devices and locations.
Professional Improvement Users Only show Cloud text to Cloud users on users_read template.
Professional Task Integrations Remove ‘integrations’ from menu for initial ABI4 release.
Professional Task Configuration Change nmis_url in database config to NMIS9 URL.
Professional Improvement Discoveries Add links to individual discovery scan options in help text on discoveries::create template.
Professional Improvement Roles Add roles.ad_group to roles::collection template.
Professional Improvement Users Add error message to auth_log when user in htpasswd, but not OAC.
Professional Improvement Discoveries Add hover text to discoveries_read left side menu.
Professional Improvement NMIS Provide same functionality for OAP/E as per OAC – Import Devices from NMIS8 and NMIS9.
Professional Bug Baselines, Roles Add baselines endpoint to roles::read and roles::create templates.
Community Bug Networks Bad SQL (still worked on Ubuntu 18.04) in networks::collection.
Community Improvement All Allow for URL Encoded HTML Entities in $id when searching to match name -> id.
Community Improvement Configuration Allow for config.json UUID retrieval.
Community Improvement Users Language selector added zh-tw. Merge pull request #6 from jasoncheng7115/patch-2
Community Task NMIS Ensure we can import nodes from NMIS 9 (as well as NMIS 8).

Open-AudIT 4.0.0

[E-Book] Meeting Regulatory Audit Requirements with Opmantek

This guide could mean the difference between a profitable year and (potentially) huge fines or even unemployment. No need to fear, Opmantek’s Senior System Engineer is here to take you through ‘How to Meet Regulatory Audit Requirements & Get Compliant’ now.

Key Points Discussed:

  • Who do these regulations apply to?
  • What do these regulations mean to you?
  • How do you easily implement and monitor using Opmantek’s auditing solutions? Which include:
    • Topology Diagrams
    • Performance and Fault Monitoring
    • Syslog and Application Log Monitoring
    • Device Configuration Change Monitoring.

Get the E-Book

How the COVID-19 pandemic is fast-tracking digital transformation in telehealth

How the COVID-19 pandemic is fast-tracking digital transformation in telehealth

What is Telehealth

Telehealth is a system that allows patients to receive high-quality healthcare services from the comfort of their own homes via the use of telecommunication technology. Telehealth services normally consist of a smart hub that allows patients to enter their personal health data, including vital signs, either manually or automatically via the use of various medical devices, such as blood glucose monitors, pulse oximeters and blood pressure readers. The data collected is then sent to either a non-clinical or clinical monitoring service that monitors the patient’s health or alerts the appropriate health provider.

 

Who benefits from Telehealth services?

A Telehealth system is particularly useful for patients with long-term health conditions, patients who live in remote areas, or for patients who are self-isolating during the current coronavirus pandemic. Telehealth technology can improve patient access to specialist healthcare services while eliminating the need to travel for medical advice, therefore allowing patients to remain more independent, self-manage their conditions and limit the strain on GP and primary health services. Telehealth systems can also offer education and peer support services to health professionals while providing patients with mentoring and coaching services via a series of questions and answers.

 

How COVID-19 has fast-tracked the healthcare system

Before the coronavirus outbreak, there was a degree of progress in Telehealth technology, but the pandemic has lead to renewed evidence of the value of Telehealth, as public health officials are encouraging healthcare providers to expand their Telehealth services to smartphones and other tools to make them more accessible. 

Telehealth technology is helping to reduce the strain on public health services by virtually communicating with patients and triaging them, reducing widespread panic by assuring patients that they do not possess any of the coronavirus symptoms and are not required to visit already overcrowded hospitals. Telehealth technology also has the benefit of limiting human contact and preventing the spread of the virus.

New tools and technologies in Telehealth services such as live video consultations are proving to be a huge asset to healthcare providers to connect patients with doctors while remaining isolated. Other services such as instant messaging for therapy services, secure emails for ongoing communications and informed telephone consultations are also proving to be useful. 

Other promising tools include the use of chatbots and symptom trackers to interact with patients and refer them for in-patient care, as their technology is designed to evolve as more information is gathered about the coronavirus. Medical tricorders and home monitoring is another promising approach to at-home patient care. Currently used in the management of certain chronic health conditions, remote patient monitoring uses consumer devices such as smart TVs and smartwatches to provide remote examinations.

The COVID-19 pandemic has created renewed awareness of the benefits of Telehealth services and is bringing them to the frontline of patient care, which is expected to reshape the future of public health services.

 

How Opmantek can improve healthcare efficiency

Opmantek’s Network Management Information System (NMIS) is designed to monitor the performance of an organisation’s data network. It can be used to monitor device health and bandwidth. It can be used to resolve issues before they become problems and provide valuable information for planning infrastructure changes.

With the renewed awareness of the benefits of Telehealth, an efficient and patient-driven online healthcare system is becoming essential. Opmantek’s Network Information Management System can streamline digital outputs for hospitals and make them more efficient to improve patient care. Adding Opmantek’s commercial software provides additional insights and automation capabilities through to performing traffic analysis better enabling bandwidth management. And for a truely large scale operation the distributed polling capabilities to improve scalability.

 

opFlow

Opmantek’s opFlow, is designed to gather network insights to analyse the network. For instance it can with location of attack vectors and pick up on network errors so that they can be resolved quickly, leading to reduced downtime for everyone including hospital networks.

For more information about how Opmantek’s products can help you set your business or healthcare organisation on the path to digital transformation, get in touch with our team of experts today.

Open-AudIT V4.0.0 New Release

Open-AudIT V3.3.0 New Release

Hi All,

Release 3.3.0 of Open-AudIT has some amazing new features, read on for the details. The release notes are available as usual, here – Release Notes for Open-AudIT v3.3.0.

Configurable Device Columns

From 3.3.0 onward, when you view the list of devices (Manage → Devices → List Devices), you’ll notice a small additional control on the upper right. Click it and you’ll see a list of available columns you can display. Click a column name and it will appear. Click a bold column name and it will disappear. If you want that set of columns as your default, click “Save as Default” and every time you view the device list, those will be your default columns. You can also click “Reset to Default” (if your columns are different) to reset them. The default list of columns is in the configuration under the name devices_default_display_columns. If you are seeing a n unacceptable slow down viewing the page, you might wish to limit the retrieved (but not displayed) columns. This is also in the configuration under the name devices_default_retrieve_columns. See the screenshot below.

devices collection 01 - 700

Device Components

Also on the Devices list page, you’ll notice a bar at the very top with a drop down arrow on the right. Click the arrow and you’ll see a list of component types. Click one to see a list of all those items. Be aware this list may be very large so we restrict it to the first “database_show_row_limit” (configuration item) entries. Increase that number to see more. At this stage we have not implemented a GUI for paging, but it is available using the API (or adding to the URL), by specifying limit and offset. So a valid URL might be (for instance) http://SERVER/omk/open-audit/devices?sub_resource=software&limit=200&offset=100. See the API documentation for more information – The Open-AudIT API. The following pages allow you to click links to see this specific entries details, all those entries on a device or the device details itself.

devices collection 02 - 700
devices collection 03 - 700

Comparing Your Database Schema

There is a new entry under menu → Admin → Database called Schema Compare. Running that will show you the schema as it is in your running database and compare it to the schema as shipped with Open-AudIT. If there are any differences, just post them to Questions and we can help you out. For supported customers, just log a support request and we’ll assist ASAP.

Change Log Improvements

Time has been spent to minimize false positive Change Logs being generated. As well as that, we have added two buttons on the Device Details screen (under the left side Actions menu) to remove Change Logs and remove Audit Logs. Using these may help improve database performance where these records are not required. Don’t forget you can always clear the entire tables using menu → Admin → Database → List Tables, clicking either table and hitting the Delete button. And don’t forget about our new configuration items for keeping non-current items and creating change logs. More information on these can be found – here.

Deleting Devices

There is now a configuration item named device_auto_delete. If set to ‘y’ (it is set to ‘n’ by default) when you change a device’s status (either individually or using Bulk Edit) you will get a regular warning “Are you sure?” and if you answer yes, the device and all it’s details will be completely removed from the database. Not just flagged with a status of deleted.

New Discovery Process and Improvements

With the coming release of Open-AudIT 3.3.0 we have implemented a new discovery process that scales even better than previously. Even faster discovery times!

The Discovery Queue

With 3.3.0 we have changed to using the discovery queue, not on a per discovery basis as previously, but on a per IP basis. From 3.3.0 onwards, when you click “Execute Discovery”, the following happens behind the scenes:

  • The server starts a script that calls /util/queue and instantly returns to the web user (or the API user). It starts the shell script and does not wait for a response before returning.
  • The user then continues on using the web/API as per normal.
  • The shell script calls util/queue – this endpoint only accepts requests from localhost. The resulting function does the following:
    1. Check the config for the queue limit. If this has been reached, exit. If it has not been reached, continue.
    2. Pop an item from the queue (locking the queue table as it does so). The item is read from the database, then deleted. If no queue items exist, exit.
    3. Spawn another script to request util/queue.
    4. Execute the item – which on the first time is always “run discovery on subnet”.
    5. When finished, return to #1.

There are (currently) two types of queue entries. The overall discovery entry, and an entry for each IP to be scanned. The second entry is created by the first. So we run the initial discovery, and for each IP we need to scan (that responds, if that option is chosen), we create another entry to scan that device.

We no longer use the discover_subnet.sh or discover_subnet.vbs scripts at all. We now call Nmap directly from within the Open-AudIT code, which frees us up to have one and only one routine (versus a bash and vbscript). It also makes it easier to code – PHP has much easier to use text parsing than bash and vbscript (in my opinion).

Because of the above, we have created a new configuration item called “discovery_limit” and set it to 20 by default. This means when a discovery is run, it will spawn up to 20 processing instances in parallel. Because of this parallel processing of target IPs, discovery is $discovery_limit times faster. Well, not quite, but you get what I mean. The old way ran a discovery and for each target, sequentially, started a scan. Several scans were run at once, but it was still waiting for an Nmap scan, before handing off to PHP to complete the rest. The new way completes the initial scan and loads all resulting devices into the queue to be processed in parallel. At the end of the day, it’s just so much faster.

Sudo SSH Key and Password

Previously we only had support for an SSH Key that used a password, but where that password was also used for sudo. That is obviously not optimal, so as at 3.3.0 you can add a specific ssh key password and a sudo password.

Additional Nmap Option

We have also added a new option to discovery scan options – open|filtered. Previously we used the “filtered” column to check for open|filtered. This change aligns the discovery scan options with Nmap return strings.

Auditing Time Reduction When Using sudo

When auditing a device using sudo, we no longer have to wait for the configuration item discovery_ssh_timeout (previously 300 seconds) to timeout. We now check every 2 seconds for our response and when received, proceed. This has made another large difference to audit times when using sudo.

Windows Users Apache Service

As well as this, there has been a change targeted specifically to Windows Open-AudIT Servers. Because of the issue’s we have run into using the default service account, you will now get a big warning stating you should change the service account to a “real” account. This is because by default the service account cannot access network resources. IE – copy the audit script to thew target and run it. The “old” way of running the script on the Open-AudIT server itself and specifying the target still works and is enabled by a config item – discovery_use_vintage_service, which is set to ‘n’ by default. One reason for this is that the discovery script contains sections that do not and can not work remotely. Think starting an executable. That won’t work as WMI can target the remote machine, but running an executable from the audit script would run it where the script is running – the Open-AudIT server.

The Default Network Address

Because of our new way of running discovery, we no longer need to set the Default Network Address. The scripts are run on the target devices and create a file (as opposed to submit_online=y). That file is then copied to the server and processed, rather than submitted using the URL (that was created from the default_network_address). The only reason to set the Default Network Address for Discovery is if you’re using discovery_use_vintage_service. The now normal use of this is only for the “Audit My PC” functionality.

Auto Delete our Audit Script

Now when discovery runs, the audit script deletes itself on the target, hence we leave nothing present on the target device.

No More “New” Devices Where We Have No Information

We have added a new configuration option called match_ip_no_data. If we discover a device and that IP is already in the database and we have no audit data about that device, assume it is the same device, so do not create another (usually duplicate) device.

SNMP Route Retrieval

We now retrieve the first (configuration item discovery_route_retrieve_limit) routes from a device when using SNMP.

And there’s even more improvements. Make sure you read the Release Notes for Open-AudIT v3.3.0 to stay across it all.

Happy Auditing,
Mark.