Habitat Local Administrators group Monitor (LAGM)

Detailed descriptions and imagery explaining each tool available inside Habitat. Feel free to post feature requests under each tools forum post if you would like to see something added or changed in the tools.
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

That's a pretty good start to it but it took just a wee bit more coding to get the data out and in to Automate.

But there she blows!!!

Now have Ubuntu, Redhat, CentOS, SUSE and Fedora admins now able to be seen. Should be available in build 1.0.0.38 when released.

Capture.PNG
Capture.PNG (39.56 KiB) Viewed 20157 times

JvdMaat
Posts: 42
Joined: Wed Feb 21, 2018 1:31 am
6

Re: Habitat Local Administrators group Monitor (LAGM)

Post by JvdMaat »

Hey, one of our account managers has started using this to report back to customers, and he noticed that for two Macs, where there was data listed last time he ran the report, today the entry was cleared.
(ie, a few days ago it said Admin, root and username were a member, but today it's not listing any entries)

I re-ran the scan on the system (since it was online), which re-populated it.

What could cause that? There are also a few machines that are offline, and do not have this issue where the data is cleared.
On this one system I re-ran it, I have absolutely no Command history. So no idea when it last ran, or what the return value was.
The Script view shows it ran on the 29th at 11:26, and the View Log shows the users:
[ ('32','8446','root',NOW()),
('32','8446','username',NOW()),
('32','8446','admin',NOW()) ]

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

any time it clears I suspect that it attempted a scan and failed or was passed nothing during run. More likely it was passed nothing since no data exists.

Monitor this and when you see it have a look at the last go of the script to see what it was outputting.. Post back here what you find.

bmcfarlane
Posts: 18
Joined: Wed Jun 26, 2019 9:19 pm
4

Re: Habitat Local Administrators group Monitor (LAGM)

Post by bmcfarlane »

Just checking on when the alarming and the ability to set and restore back the approved list of administrators will be working again in this tool?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

Its on the list, so soon.

Had to take a few week diversion to work on the new Avast Business Plugin for the Avast team. And of course CCleaner is now part of Avast and they needed a new API setup for the CW marketplace.

I apologize for not being on top of this more. Will get to work on it.

bmcfarlane
Posts: 18
Joined: Wed Jun 26, 2019 9:19 pm
4

Re: Habitat Local Administrators group Monitor (LAGM)

Post by bmcfarlane »

Thanks! Glad to hear you are staying busy and we appreciate what you do!

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Local Administrators group Monitor (LAGM)

Post by Cubert »

bmcfarlane wrote: Tue Aug 11, 2020 4:00 pm Thanks! Glad to hear you are staying busy and we appreciate what you do!

In build 1.0.0.51 we will re-enable the add and remove scanners functions. It may take a version or 2 to get it fully functional as we made some changes to how this works from how the old ADMON worked.

pbrsum
Posts: 3
Joined: Thu Jul 02, 2020 4:15 pm
3

Re: Habitat Local Administrators group Monitor (LAGM)

Post by pbrsum »

Hi Guys,

I have the LAGM plug installed. It is scanning my DC and populating some results in the in the domaini admins group, but it is not displaying the full list of accounts in that security group.

I am having the same result on a workstation local admin group. It does not list all of the accounts in the local admin group.

Any suggestions on how to get it to work? I have rescanned the computers and checked Monitor additions to admin groups

vjcsteve
Posts: 10
Joined: Tue Apr 07, 2020 8:41 pm
3

Re: Habitat Local Administrators group Monitor (LAGM)

Post by vjcsteve »

I enabled ticket creation for changes and am generating a lot of tickets for AD security groups, like Domain Admins, being added and removed depending on whether the user is working on their laptop in the office or remotely. I read through the forum but didn't see a fix for this scenario. Is there a way to keep these systems from generating tickets if they're not connected to the network?
Attachments
Habitat LAGM laptops.png
Habitat LAGM laptops.png (16.52 KiB) Viewed 14092 times

vjcsteve
Posts: 10
Joined: Tue Apr 07, 2020 8:41 pm
3

Re: Habitat Local Administrators group Monitor (LAGM)

Post by vjcsteve »

I had to turn off the monitoring of additions and removals after 90+ alerts were generated for the two companies I was testing over the past 12 days. Way too much noise. Any thoughts on a resolution for laptops that come in and out of the office?

Post Reply

Return to “Habitat Documentation Forum”