in Code, Debian, Linux, Security, Servers, Ubuntu

Debian/Ubuntu wmi-client package with OpenVAS libwmiclient1 patches

The other day I wanted to build some updated OpenVAS packages and realized I now needed libwmiclient1 for local Windows checks which wasn’t readily available anywhere. The old wmi-client package that used to be in debian was pulled due to the forked/branched nature of the source code as well as the idea that something better could be implemented with the upcoming Samba4 release. That didn’t seem to pan out in the end but OpenVAS still needs to use aspects of it to build libwmiclient1 for WMI support. I suppose monitoring applications like Nagios, Cacti, Zabbix, etc are all likely feeling the loss of wmic as well so I figure why not try to fill both gaps? Anyways, here are the packages we created for Orvant, OpenVAS or anybody else who wants or needs it.

Orvant Packages

Debian 6.0 (Squeeze) AMD64

Debian 6.0 (Squeeze) i386

Ubuntu 10.10 (Maverick) AMD64

Ubuntu 10.10 (Maverick) i386

Source Package

Using the WMI client package (libwmiclient1 is only useful for OpenVAS):

user@computer:$ wmic -U <user>%<pass> //10.1.1.100 "select CommandLine,Handle,Name,ProcessId from Win32_Process"

CLASS: Win32_Process
CommandLine|Handle|Name|ProcessId
“C:\Windows\system32\cmd.exe” |3512|cmd.exe|3512
C:\Windows\Explorer.EXE|2740|explorer.exe|2740
C:\Windows\system32\lsass.exe|436|lsass.exe|436
  • Constantin

    Hi Mike,

    first thanks for the binarys, but im hanging at the moment on one step, maybe you can give me a hint.

    I would like to start a simple batch file, or execute a cmd command, and get back the result as possible. I found “winexe” within the wmi pakage wich is doing alomst that what i want.

    One Problem, when executing:
    root:/tmp$ winexe -U ‘DOMAIN\user%Password’ //servername “ipconfig /all”
    [winexe/winexe.c:120:on_ctrl_pipe_error()] ERROR: Failed to install service winexesvc – NT code 0x00000424

    As i was looking on this, the service file was already copied to the server, but like it says in the shell, the service could not be created.

    I found a first hint @
    http://community.zenoss.org/thread/8968

    Maybe you have an idea how ti fix this ?

    Thanks!

  • Constantin

    Note – i’ve found a modified Version – attached in the last post:
    http://community.zenoss.org/message/36212

    With that, its working fine.

  • mike

    No problem Constantin, thanks for following up with the solution for that. I’ll go look into the zenoss stuff to see if I can find where that came from.

  • It was found in my test that libwmiclient has issues on 64 bit architecture…probably lib vs lib64…you might want to verify it…

  • Pingback: Monitor Windows Server via WMI from Ubuntu Linux | Phuket Information Technology Blog()

  • Hey, this is also the way Pandora FMS get’s the WMI information from remote windows machine.

  • Paul N

    It seems that the Debian i386 binaries are actually 64-bit binaries:

    root@mybox:/home/pnijjar/download# dpkg -i wmi-client_1.3.14-3_i386.deb
    Selecting previously deselected package wmi-client.
    (Reading database … 49819 files and directories currently installed.)
    Unpacking wmi-client (from wmi-client_1.3.14-3_i386.deb) …
    Setting up wmi-client (1.3.14-3) …
    Processing triggers for python-support …
    root@mybox:/home/pnijjar/download#

    root@mybox:/home/pnijjar/download# file /usr/bin/wmic
    /usr/bin/wmic: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
    root@mybox:/home/pnijjar/download# wmic

    bash: /usr/bin/wmic: cannot execute binary file
    root@mybox:/home/pnijjar/download#

    root@mybox:/home/pnijjar/download# uname -a
    Linux mybox 2.6.32-5-686 #1 SMP Mon Mar 26 05:20:33 UTC 2012 i686 GNU/Linux

  • Oops, you’re right. Those were some old ones that I tried to build on a 64bit machine. Try the links again and you should get working 32bit packages.

  • MrBlablaologe

    Hi Mike,

    thank you for that great package. I wrote a little php script to manage some Windows Terminal Servers. To access WMI of the Terminal Servers, I need a Windows Web Server. Not to depend on M$ in this case, I wanted to try your package. Unfortunately there is no documentation.
    If I want to use standard queries, everything works fine. But what about other namespaces? When I try to connect to other namespaces, eg for terminalservices or registry, I get errors. I think it could be a security issue like impersonationlevel or authenicationlevel. Is there any doc describing “–use-security-mechanisms” and the other parameters?
    Thank you for your help.