Domain Auditor
News (as of March 25, 2006):
The .40 release is nearly ready. New
features include the ability to report on group memebership,
the ability to either display reports on screen or send them
via email. The final pieces being worked on are the ability
to run all reports on a scheduled basis and have them emailed
to an email address (definable on a per report basis). Once
scheduled reports are done I will need to update the documentation
and update the installation procedures to handle both new
installs or upgrades. The new release should be out on Sourceforge
by March 31st (date slipped due to work heating up).
This
tool was written to audit and track accounts within a domain.
This tool uses LDAP queries to a definable Active Directory
server to find various definable classes of accounts. Initially
it will operate interactively, but capabilities may be added
in the future to automate functions (i.e. generate reports
on a scheduled basis). The installation script handles most
installation chores, so setup is very straightforward. The
tool is beta status at this time, but is in being used to
generate SOX reports for my employer.
Apache,
mySQL, PHP. Written and tested on Linux by should work on
other operating systems. Uses PHP_LDAP and PHP_MYSQL.
Free
to use, modify and distribute under the terms of the GNU
GPL
This function will display a list of defined reports, when
invoked it will generate a list of accounts from AD (via LDAP
queries) the results returned will depend on what you have
defined for the filter for any particular report class under
Sysadmin
This function will allow you to changes the system settings
for LDAP server and port, base DN, Bind DN, username and password,
and the database settings (mySQL only at this time). You may
also add the report class definitions and their matching LDAP
filters within this module
This screen is used to define users for the system and their
rights. Usernames are used as the primary value, and entered
values are validated via LDAP queries
The system logs all changes to the information stored and
this page will allow you to review the data from these logs
The goal of this tool is to provide a
framework under which reporting and tracking of pooled or
generic accounts in an Active Directory domain becomes manageable.
This is accomplished by entering meaningful data in an organized
fashion to fields in Active Directory, primarily structured
data entered into the Description field. Data is entered into
the Description field as:
Account Class :
owner name (SAMaccountName) : Description/Purpose
The account classes you enter should also
be defined under the sysadmin module with the matching LDAP
query that will return only those accounts that match. In
this fashion listings may be obtained that show the owners
of these accounts. More details on how to use Domain Auditor
can be found in the README
file.
Screenshots can be found here
Download avaialble from the project
page on Sourceforge
Download the tarball and place it in your web
root (/var/www/html or other directory depending on your distribution)
Extract the files using the command tar -zxcf
domainauditor-x.xx
Rename the directory from auditor-x.xx to auditor
using the command mv auditor-x.xx auditor
Set permissions so that ID your web server runs
under has permissions to the files using the command chmod
-R apache:apache auditor (your web server may run as a different
ID such as nobody)
Point your browser to http://yourhost.yourdomain.com/auditor
and follow the instructions.
Use the Sourceforge
Project Forums to get support. If you download
and use the package please drop a note in one of the forums
to let me know how it is working out for you. I'm very interested
in feedback on how it works and areas for improvement.
Project hosting provided by Sourceforge
|