seigafuse.com

Overview

This tool was written to audit and track accounts within a domain. This tool uses LDAP queries to a definable Active Directory server to find various definable classes of accounts. Initially it will operate interactively, but capabilities may be added in the future to automate functions (i.e. generate reports on a scheduled basis). The installation script handles most installation chores, so setup is very straightforward. The tool is beta status at this time, but is in being used to generate SOX reports for my employer.

Technology

Apache, mySQL, PHP. Written and tested on Linux by should work on other operating systems. Uses PHP_LDAP and PHP_MYSQL.

Licensing

Free to use, modify and distribute under the terms of the GNU GPL

Features

• Reports – This function will display a list of defined reports, when invoked it will generate a list of accounts from AD (via LDAP queries) the results returned will depend on what you have defined for the filter for any particular report class under Sysadmin

• Sys Admin – This function will allow you to changes the system settings for LDAP server and port, base DN, Bind DN, username and password, and the database settings (mySQL only at this time). You may also add the report class definitions and their matching LDAP filters within this module

• User Admin – This screen is used to define users for the system and their rights. Usernames are used as the primary value, and entered values are validated via LDAP queries

• Audit Logs – The system logs all changes to the information stored and this page will allow you to review the data from these logs

Theory of Operation

The goal of this tool is to provide a framework under which reporting and tracking of pooled or generic accounts in an Active Directory domain becomes manageable. This is accomplished by entering meaningful data in an organized fashion to fields in Active Directory, primarily structured data entered into the Description field. Data is entered into the Description field as:

Account Class : owner name (SAMaccountName) : Description/Purpose

The account classes you enter should also be defined under the sysadmin module with the matching LDAP query that will return only those accounts that match. In this fashion listings may be obtained that show the owners of these accounts. More details on how to use Domain Auditor can be found in the README file.

Screenshots can be found here

Downloads

Download avaialble here

Installation

Download the tarball and place it in your web root (/var/www/html or other directory depending on your distribution)

Extract the files using the command tar -zxcf domainauditor-x.xx

Rename the directory from auditor-x.xx to auditor using the command mv auditor-x.xx auditor

Set permissions so that ID your web server runs under has permissions to the files using the command chmod -R apache:apache auditor (your web server may run as a different ID such as nobody)

Point your browser to http://yourhost.yourdomain.com/auditor and follow the instructions.

Feedback and Support

If you have any comments, suggestions, a problem to report or a suggestion on how to improve Domain Auditor just leave a comment on this page.

Useful LDAP filters