kaud — Offline Audit utility

In some cases you might want to gather a hardware and software audit for a computer which does not have a network connection to KeyServer. Or, for a computer which is online, you might want to perform a one time “clientless” audit without actually installing KeyAccess. Both of these objectives can be accomplished using the kaud utility. The kaud utility allows you to save audit data to a file, then upload the data in this file to KeyServer, or save it for future upload from a different computer. You can find the OS-specific versions of kaud in each platform's Installers/Misc folder in the K2 image archive.

Clientless audit

If a computer has a network connection and can reach KeyServer, you can use kaud to do a clientless audit, without installing the KeyAccess client. The easiest way to do this is to rename the kaud using the pattern kaud@keyserver.example.org.exe. Then this executable can be launched without any command line parameters (e.g. by double clicking) and it will scan, then upload to keyserver.example.org.

Command line options

There are various command line options available to kaud. For a computer that cannot reach KeyServer, you will generally run it once to perform a scan and save to a file, then run it a second time from a second computer to upload the data in this file to KeyServer.

kaud scan -o /path/to/directory
An audit is performed, and the results are saved in a file. This will create a file in /path/to/directory, with the name "filename.dat", where "filename" is the computer ID.
kaud upload -h keyserver.domain.org filename.dat [filename2.dat ...]
One or more .dat files produced using kaud scan will be uploaded to the KeyServer at keyserver.domain.org.
kaud scan-upload -h keyserver.domain.org
This is equivalent to doing a scan, followed by an immediate upload using the file that was produced. This is useful for a one-time, or “clientless” audit of a computer which can reach KeyServer. In this case the audit file is put in the temp directory.
-m
Audit hardware only, no executables. Can only be used with the scan or scan-upload options.

Further Considerations

Note that in order to upload data, kaud must connect to KeyServer. Since a password cannot be provided to kaud, you should ensure that you either do not use Client Authentication, you have guest access turned on, or that any authentication requirements are computer based but do not require a user password. There are some subtleties when kaud scans a computer where KeyAccess is not installed:

One simple approach then is to put kaud (for various platforms) on a USB drive. Then take the drive to each off-net computer and double-click the right kaud for that platform. Once you have gathered the audits you need, take the drive to a computer that is on the network and do something like "kaud upload -h keyserver.domain.org file1.dat" for each dat file (note that on mac or linux you can use "*.dat" to send all .dat files, but on Windows all files will have to be listed).

If you would like to collect "Last Used" times for each program installed on these computers, you should be sure to install KeyAccess on these computers. Even though it will not be able to reach KeyServer directly, it will keep track of Last Used times so that kaud can collect them.

Since kaud is a command line program it can be run on a schedule. There are a few scenarios where this might be useful. For example, since kaud generates a full audit each time it runs, it could take up to 20 minutes for the audit to complete. Instead of waiting at each computer for the audit to finish, if kaud is scheduled to run an audit periodically, someone can go to the offline computers and gather the most recent audit files (instead of running kaud manually). Similarly, perhaps there is a group of computers that share a server, but are quarantined from the rest of the network (and from KeyServer). These computers could periodically run kaud and store the offline audit on the server. Then gathering the files is easy, and they can be uploaded to KeyServer from a computer that is on the KeyServer network.

There are some advanced options that allow you to change (override) the computer ID and user name associated with the audit data. Run kaud help to see how to use these options, but be careful with the ID, or contact Sassafras for help.