COMRaider supports a series of distributed auditing features including:
- ability to track and display audited clsid's
- share notes between auditors
- upload interesting fuzz files to central server w/all error info
- search, sort, generate stats on audit logs
To setup the distributed auditing feature for a team in a network environment you will have to install a database server. For the purpose of this document we will assume the use of the free MySql server as available from MySql.com.
The first thing you will have to do is install and setup the database server somewhere on your network. Please refer to the vendor documentation for setup instructions and security implications. It might also be worth adding a dedicated user for everyone to share for access to the comraider database.
The next thing you will have to do, is to create a new database called 'comraider' for our distributed data. Once this is done, you will have to perform an ODBC export of the tables in [app path]\Comraider.mdb to the database server. This will upload all of the tables from our local blank database and create the table structure we need on the main server.
Each client which wishs to connect to the distributed server will need to have the MySql ODBC drivers installed so that COMRaider can connect to the database server. These are readily available for free from the MySql.com site.
Once the database server, table structure, and client drivers are in place, you can now configure COMRaider to connect to the distributed server. With the ODBC drivers installed, you now have to setup a System DSN for COMRaider to use.
- Goto your control panel -> administrator tool -> Data Sources
- Goto the System DSN tab, and click on the button to create a new System DSN
- Select MySql for the database type and hit next
- Create a new DSN named "COMRaider", Enter the IP, username, password, and select the "comraider" database
- Click "Test DSN" to make sure it all works as expected
Now that the system DSN is setup, we can enable the distributed audit mode in COMRaider. On the main form click on the View hyperlink to access the Options menu. This will bring up the options form:
The Username field should be filled out. This will be a display only property used to identify who uploaded what. It is not a login name. All database security is handled by the system DSN.
Click on the "Test DSN Connection" hyperlink and it will test the database connection. If successful, it will enable the check box for Distributed Auditing. Once the checkbox becomes active, check it and now you will be in distributed mode.
In distributed mode many more features become available to you. All of the menu items under the main View menu will be enabled as well as the Download Shared Fuzz Files option on the load file form. Additionally more menu items and form elements will appear on the various forms making up COMRaider.
If you are traveling on the road and away from the central server, or only working on your own, you can use the local access database to store your distributed audit information. To set this up, setup your dsn to point to the comraider.mdb in the applications home directory.
Once you get back to the lab, set your comraider dsn to point back to the central server, and use the "Upload Offline Audits" menu item to have all of your locally stored data uploaded to the main server.