Archive

Archive for the ‘Security’ Category

Securing your system

Quick post of a script worth using. If your openerp-server is running on a Linux server, this server should be secured. Linux is a more secure server than Windows, but still is vulnerable to attacks. If you are new to the security field in Linux, there is a tool you should try, Bastille Unix. If you are using an

Ubuntu distribution, you can install this tool with the following command:

# sudo apt-get install bastille

After running the command bastille, you will see a wizard like window interface which will guide you through the different steps of hardening your system. These steps involve setting file permissions, disabling FTP, Firewall, Printing, disabling unnecesary services and accounts. Not only this is a very good tutorial on Linux security, but also a tool for hardening your system.

Be aware that your security obligations do not end here, this is just a very good first step.

Cheers,

Automated actions in OpenERP

December 28, 2011 Leave a comment

In OpenERP, as in any other ERP or system, you need to perform certain tasks regularly. Tasks such as performing a backup, calculating ABC categories, running the MRP planner, etc. How do you get this done in OpenERP? It’s quite easy and you don’t need your server administrator to get this done. Scheduling tasks in OpenERP is done via the Scheduled Actions in the Administration > Configuration > Scheduler menu.
Scheduled Actions view
In this section, you will be able to create new actions. So click on the New button in the view.

After clicking New you will see a form that allows you to enter information in two tabs, an Information tab and a Technical tab. In the first tab you will be able to enter the name of the action, whether it is active or not, and how regularly it is executed. In the technical tab, and you might need a programmer help for this, you have to enter the name of the object that will run the action; along with the function to schedule and its arguments. This is the tricky part of scheduling an action, since you need to get into the details of how the system works and you will need your programmer to dig into the object code. But it is worth it, once you understand how this works, you will be able to get many things accomplished.

OpenERP module of the day: base_crypt (or encrypting your user password in OpenERP)

February 22, 2011 2 comments
Category:WikiProject Cryptography participants

Image via Wikipedia

This is a quick post. I found this base module which is quite useful and I wanted to share it with you. The module is base_crypt and it encrypts user passwords in the OpenERP database. By  default OpenERP stores user passwords in the res_users table, they are stored in plain text in the password field. base_crypt module encrypts all passwords with the MD5 algorithm. Below is the link for downloading the module:

http://doc.openerp.com/v5.0/technical_guide/base_crypt.html

IMHO, this module should be part of core since it is a good security practice to store passwords in encrypted form. In some places it is mandated by law. It is also a nice module to look at, checking its code is fun.

Cheers!

Server security in OpenERP

CD cover for Debian GNU/Linux version 4, code ...

Image via Wikipedia

Sooner or later you have to address security in your OpenERP installation. For many reasons, the sooner you do that the better it is. The later you address security in OpenERP, the more money you lose (in those cases you start working on security after you had the problem, which means you are losing money).

What is the cost of not taking care of security? When you have security problems, your company is stopped (employees can not print invoices, customers can not place their sales orders, sales reps can not make their calls, you can not procure your supplies, and the list goes on and on). So put a number to those days. That is the value of security.

How do you start? The first thing to keep in mind is your server.  No matter what the application you are running in your server, whether it is a website or OpenERP, you have to secure the server. Most of the people I met run their OpenERP systems in Debian and Ubuntu (two popular Linux distributions). Some people do so in their own servers, some people host their systems in a VPS (such as Linode). Either way, again, you have to secure your server.

I will concentrate on Debian and Ubuntu (otherwise this is going to be a very long post). I will not cover Windows and will not get into the OpenERP security system. I will leave that for later. This is not a Linux security course, this post is intended to give you pointers to places where you can start working on the security of your system. Also, this does not cover Postgresql security.

First thing you have to do is to secure your server against intrusion. If your server is connected to the internet, your server is a target. Plain and simple as that.  How do you get started? This is a link to a great introduction on Linux security:

http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/

If you are using a Debian or Ubuntu distribution, you should read the Securing Debian Manual. And if you are running Ubuntu, don’t forget to check the Ubuntu Security Documentation (you should complement it with the Debian security manual).

Those are some pointers to places where you can get information on how to get started on securing your Linux server. Securing it against intrusion is extremely important, and should be one of your first items in your agenda. Again, if your server is connected to the Internet, your server is a target. And most of us can not afford to stop operations because our server was attacked by hackers.

Cheers!

Follow

Get every new post delivered to your Inbox.