Introduction

Contents 1 Introduction to Auditor Professional 1.1 Key Benefits of Auditor Professional 2 Evolution of Auditor 3 Changes in Auditor Professional 5.0 at a Glance 3.1 Auditor Professional 5.0 Upgrade Requirements 3.2 New in Auditor Professional 5.0 4 Collections: Behind the Scenes 5 Collections: Module Requirements 6 Collections: Target Machine Requirements 6.1 Active Directory 6.2 Cisco 6.3 Citrix 6.4 Domino 6.5 MS Exchange 6.6 IIS 6.7 Novell NetWare 6.8 Oracle 6.9 MS SQL 6.10 Unix/Linux 6.11 MS Windows 6.12 VMware

Introduction to Auditor Professional

Gain complete control of your IT infrastructure with powerful, flexible, cross-platform configuration reporting and change management.

By automating configuration data collection, reporting, and change tracking, Ecora mitigates IT risks and reduces the time and labor costs associated with system changes, security, recovery, and IT compliance. Now you can account for the state of your IT infrastructure at any moment and have a degree of knowledge and security unmatched by labor-intensive manual approaches.

Key Benefits of Auditor Professional

• Cross-platform configuration data repository: Ecora Enterprise Auditor collects critical configuration data from Windows, Unix, Linux, NetWare, Cisco, MS-SQL Server, Exchange, IIS, AD, Citrix, Oracle, SAN/NAS, and Lotus Domino platforms into a Microsoft SQL database (or MSDE), creating a cross-platform configuration repository. These data can be used for auditing, reporting, disaster recovery, change identification and tracking, and more.

• Single console: Imagine being able to manage configuration data for all your platforms from a single console! Ecora Enterprise Auditor supports snap-in modules for the platforms you want to manage in one intuitive interface.

• Hundreds of useful reports right out-of-the box: Ecora Enterprise Auditor provides hundreds of built-in database reports that quickly provide solutions to many of the IT challenges you face every day. The built-in reports automatically provide data for disaster recovery documentation, regulatory compliance requirements, change tracking, security assessments, and more.

• Enterprise Scalability: The cross-platform configuration repository efficiently handles critical configuration data from thousands of servers, workstations, and network devices running your IT infrastructure. The SQL Server database instantly generates reports on configuration data and delivers the answers you need - fast!

• Flexible and customizable reporting: Enterprise Auditor offers a simple drag-and-drop interface for creating customized Fact Finding Reports (FFR) that let you choose only the data you need. For example, a single cross-platform report can contain data from Windows 2000 servers, Microsoft Exchange servers, and Sun Solaris or HP-UX systems, as well as other platforms. All reports can be run interactively or scheduled to run during off-hours or on a recurring basis.

• Consolidated Change Reporting: Want to be able to identify and track all changes that took place across all critical platforms in a single report? Now you can. View the “before and after” information for every change or observe and closely track every change that took place in any given time period. Especially useful for identifying unauthorized changes that can compromise security, create performance issues, and cause downtime.

• Alerting & Notification: Enterprise Auditor can proactively alert you to important information, such as changes to critical security settings and other important events that need your immediate attention, wherever you happen to be. Enterprise Auditor sends alerts by email, SNMP traps, or NT event logs.

• Auto-Archiving: This dynamic feature enables you to easily manage the wealth of configuration data and reports generated by the software. Automatically save only what you need; move, copy, or delete aging configuration data at specified intervals.

• Agent-free architecture: Ecora software installs on an administrative desktop and works remotely without introducing agents to servers and workstations in your environment. This means less risk of destabilizing servers, immediate deployment, and, most importantly, low total cost of ownership and immediate value out-of the-box.

Evolution of Auditor

Data is collected and put in a proprietary format and saved in a file called repo.dat.bz2. (This acts like a zip file.) Document, Change and Baseline reports are generated by using the contents of the repo.dat.bz2. After Auditor instituted the use of a database, the contents of the repo.dat.bz2 files are now transferred into the database. The Fact Finding Reports (FFR) and Consolidated Change Log Reports (CCL) are created using data found in the database.

Changes in Auditor Professional 5.0 at a Glance

Auditor Professional 5.0 Upgrade Requirements

Auditor Professional 5.0 could be applied as an upgrade to Auditor Professional version 4.1 SP1 or later.

New in Auditor Professional 5.0

• The long wait for the FALSE positives in Change Reports is over. This issue has been fixed.
• Use Reports button works properly when the report contains WMI classes/attributes, defaulted to localhost root\cimv2 namespace thus both the collections and canned hardware related reports were fixed.
• Fixed an important issue when the collections were hanging after the "Writting the dataset into the CMDB database".
• Fixed Solaris zones that have the same host ID and caused the collection to fail.
• Fixed the Unable to enumerate DB2 instances error in DB2 module.
• Fixed a bug when cells were used between "Windows\Universal Users and Groups\Other Universal Groups" and "Windows\Universal Users and Groups\Other Universal Groups\Universal Group Members" locations, If "Group Type", "Group attributes" or "Group Trustee SID Type" atribute is selected
• Several fixes for the Shares reports under the Windows module
• Fixed several bugs in Ecora WMC Service, still WMC support for 64 bit is scheduled for 5.1.
• Report showing domain only. Correct behavior for displaying correct information in the Windows module. FFRs were fixed also.
• Improved parallel collections speed

Collections: Behind the Scenes

Ecora Auditor Professional uses a variety of ways to collect its data. Remote registry reads, LDAP, WMI calls and WIN32 calls are needed for all Microsoft apps. For Unix type machines, Auditor uses 200 – 300 ‘out of the box’ commands to retrieve the necessary data. Auditor has the ability to collect additional data using ‘custom methods’. Refer to Data Collection Options to see additional information on how data is collected.

Collections: Module Requirements

Certain modules of Enterprise Auditor require additional software to be installed on the server/workstation running Auditor.

• Active Directory: For initial Domain Controller discovery:
  • If NetBIOS is enabled, the computer with the Auditor software installed may be a member of any domain (as long as the user has permissions to the Active Directory Domain Controller).
  • If NetBIOS is disabled on the Domain Controller or the computer with Auditor software installed, then:
    • Computer with Auditor software installed MUST be a member of the Active Directory domain.
    • Then DNS settings on the computer with Auditor software installed MUST point to a DNS server within the Active Directory domain; otherwise a “Domain Disable” message will result, which indicates that the Auditor software can not find a DC in the Active Directory domain.
• Cisco: No additional requirements needed.
• Citrix: No additional requirements needed.
• Domino: Lotus R4.6 or R5x Notes client (you will be prompted for a Notes client password). Lotus Notes program directory in the path statement.
• MS Exchange: Exchange System Manager needs to be installed on the host machine.
• IIS (Internet Information Services): IIS common files must be installed.
• Novell Netware: Novell Netware client.
• Oracle Database: Oracle client version 8.0 or 9i with Oracle Networking components installed. Oracle 10g compatible
• MS SQL: No additional requirements needed.
• Unix/Linux: No additional requirements needed.
• MS Windows: No additional requirements needed.
• VMware: VmCOM Scriptiong API.

Collections: Target Machine Requirements

Active Directory

• Active Directory 2000, 2003
• Remote Registry Service enabled
• RPC Service
• Server Service enabled
• NetBIOS (over TCP/IP) protocol support or AD
• Domain Administrator rights for domains containing reported systems

Cisco

• Cisco IOS version 11.x or higher
• RPC Service
• Routers & Layer 3 Switching Devices/Modules (RSM, RSFC, MSFC) running Cisco IOS version 11.x or higher
• Access to Privileged EXEC Mode or a security level with access to the following commands: show version, show running-config, and show startup-config on all devices to be documented

Citrix

• Citrix MetaFrame XP SP2 or higher
• Remote Registry Service enabled
• RPC Service
• Server Service enabled
• View-only administrator rights

Domino

• Read Access to the Domino Directory (Address Book)
• Remote Registry Service enabled
• RPC Service
• Server Service enabled

MS Exchange

• Exchange 5.5, Exchange 2000, Exchange 2003
• Remote Registry Service enabled
• RPC Service
• Server Service enabled
• NetBIOS (over TCP/IP) protocol support

IIS

• IIS 4, 5, 6
• Remote Registry Service enabled
• RPC Service
• Server Service enabled
• NetBIOS (over TCP/IP) protocol support
• Operator rights to the IIS servers reported

Novell NetWare

• Console Operator access
• Supervisor rights to the portion of the NDS tree to report
• RPC Service
• Server Service enabled

Oracle

• Oracle instances (7.3.x, 8.0.x, 8i, 9i) running on any operation system (Oracle 10g compatible)
• Database user account with SELECT_ANY_DICTIONARY privilege for 7-8i, with SELECT_ANY_DIRECTORY and SELECT_ANY_TABLE privilege for 9i, with SELECT_CATALOG_ROLE for 10g.
• Remote Registry Service enabled
• RPC Service
• Server Service enabled

Note: If you have to edit your path statement, restart the client machine before attempting to document.

MS SQL

• MS-SQL server 2000 or later
• Read rights on SQL servers
• serveradmin role for the user running Ecora Auditor Professional
• Remote Registry Service enabled
• RPC Service
• Server Service enabled

Unix/Linux

• Solaris (2.5.1-9), HPUX (10.20, 11, 11i), Linux (7.0 or higher), AIX (4.3 or higher), Red Hat Enterprise Linux 2.1, 3.0, 4.0 (AS/EW/WS)
• Shell-level access to each target system using a standard user account
• The user account startup must be non-interactive. No user input required to get to a standard shell command line
• When the user account on the target system is a member of group ‘sys’ more configuration data can be reported
• When the ‘root’ password is provided, the user account is used t make the initial connection and we issue a /bin/su to become root. If root password is not provided only the data available to the user account can be reported.
• Each target system must support SSH (preferred) or telnet communications

MS Windows

• NT 4.0 SP4 or higher, Windows 2000, XP, 2003
• Remote Registry Service enabled
• RPC Service
• Server Service enabled
• File & Print sharing for Microsoft Networks protocol enabled
• NetBIOS (over TCP/IP) protocol support or AD
• To collect and report Domain AND System level information completely in one report
• Client for Microsoft Networks
• RPC Service
• Domain (or Enterprise) Administrator rights for all the domains containing systems you want to document

Note: To report on machines in Workgroups, you must have an administrator account on all machines to be reported that MATCHES the login/password of the domain admin account of the domain on which machine where the software is installed.

VMware

• Remote Registry Service enabled (VMware GSX Server for Windows)
• VMware VmCOM Scripting API
• RPC Service (VMware GSX Server for Windows)