Securing your system

Quick post of a script worth using. If your openerp-server is running on a Linux server, this server should be secured. Linux is a more secure server than Windows, but still is vulnerable to attacks. If you are new to the security field in Linux, there is a tool you should try, Bastille Unix. If you are using an

Ubuntu distribution, you can install this tool with the following command:

# sudo apt-get install bastille

After running the command bastille, you will see a wizard like window interface which will guide you through the different steps of hardening your system. These steps involve setting file permissions, disabling FTP, Firewall, Printing, disabling unnecesary services and accounts. Not only this is a very good tutorial on Linux security, but also a tool for hardening your system.

Be aware that your security obligations do not end here, this is just a very good first step.

Cheers,

Related articles

• Canonical Brings Ubuntu To Televisions (tarpon.wordpress.com)
• Debian Linux Named Most Popular Distro for Web Servers (pcworld.com)

How to debug your OpenERP modules

Debugging your OpenERP modules is quite straightforward, as long as you know basic Python programming. Just insert the following line in your

Image via Wikipedia

module:

import pdb;pdb.set_trace()

Then restart your openerp-server with the –debug option

# openerp-server –debug

Then monitor your server console. You will see your server stop and show you a command line prompt where you will be able to debug your program.
You will find further information in the Python documentation website.

Related articles

• Alan Bell: ERPpeek, a tool for browsing OpenERP data from the command line (theopensourcerer.com)

Managing your openerp processes with Supervisor

Reading a book on system administration with Python I found Supervisor, which is a tool that allows you manage your programs. I found it easy to

Image via Wikipedia

install and learn, and in minutes I had it running in my system. After reading the documentation, which took me minutes, I was able to configure its configuration file, restart the daemon and have openerp-server and openerp-web running automatically in my computer.

Below is am example of how to modify the supervisord.conf file in order to start openerp-server and openerp-web

[program:openerp-server]
command=/usr/local/bin/openerp-server
user=gustavo

[program:openerp-web]
command=/usr/local/bin/openerp-web

Why I like it? Because this tool allows me to manage my process and it does not take me long to do that. It can also be controlled by other Python programs, which might be handy in some projects.

Cheers!

Time-outs and the openerp-web client

Sometimes you need to change the time-out setting of your openerp-web client application. There might be many reasons for this, among them the need to submit long  processes or views that take minutes to retrieve the desired data. Doing this is no big deal with the GTK client, but gets tricky  when it comes to the web client since you get a time-out error message after two minutes of inactivity.

How do you solve this? It’s easy. In OpenERP v5 you need to locate the file tiny_sock.py. In that file, search for the file that reads:

self.sock.settimeout(120)

In my web client, that happens to be the line 49. Then you change the parameter of the settimeout function to the number of seconds you desire. Then restart your web client.

With OpenERP v6 is pretty much the same story, now you do not need to modify the source code. You only need to change the openerp-web.cfg configuration file. In that file, you will find the following entry in the OpenERP Server section:

openerp.server.timeout = 450

Then you have to restart your web client application.
That’s all you need to do in order to change your timeout settings in your OpenERP Web Application.

Cheers!

Related articles

• Improved Role & Responsiblity model in OpenERP 6.1 (mantavya.wordpress.com)

openerp-server 5.0 and Python 2.7

Image by Kordite via Flickr

After upgrading Ubuntu to 11.04 I found the nasty surprise that openerp-server 5.0 could not create a new database because it threw the following error message:

ValueError: opcode JUMP_IF_FALSE_OR_POP not allowed (u’auto_picking and test_auto_picking()’)

After doing some quick research with Google, I found the following bug that is already fixed in openerp-server v6:

https://bugs.launchpad.net/openobject-server/+bug/673773

Since upgrading to openerp v6 at this time is not an option for me, I only needed to make a slight change to make openerp-server work with Python 2.6. I already had python 2.6 installed in my Ubuntu system, which I could check with the following command:

gustavo@gustavo-laptop:/usr/bin$ python2.6
Python 2.6.6 (r266:84292, Mar 25 2011, 19:36:32)
[GCC 4.5.2] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>>

Then I changed the openerp-server command at my /usr/local/bin directory. I only needed to change the

exec /usr/bin/python ./openerp-server.py $@

line to

exec /usr/bin/python2.6 ./openerp-server.py $@

And that is all I needed to do to get my system back to work

Cheers!

Related Articles

• New release of OpenERP All-in-one installer & updater for Ubuntu (openerpappliance.com)
• How to Install OpenERP v6 on Ubuntu server 10.10 (adilmukarram.wordpress.com)

Server security in OpenERP

Image via Wikipedia

Sooner or later you have to address security in your OpenERP installation. For many reasons, the sooner you do that the better it is. The later you address security in OpenERP, the more money you lose (in those cases you start working on security after you had the problem, which means you are losing money).

What is the cost of not taking care of security? When you have security problems, your company is stopped (employees can not print invoices, customers can not place their sales orders, sales reps can not make their calls, you can not procure your supplies, and the list goes on and on). So put a number to those days. That is the value of security.

How do you start? The first thing to keep in mind is your server.  No matter what the application you are running in your server, whether it is a website or OpenERP, you have to secure the server. Most of the people I met run their OpenERP systems in Debian and Ubuntu (two popular Linux distributions). Some people do so in their own servers, some people host their systems in a VPS (such as Linode). Either way, again, you have to secure your server.

I will concentrate on Debian and Ubuntu (otherwise this is going to be a very long post). I will not cover Windows and will not get into the OpenERP security system. I will leave that for later. This is not a Linux security course, this post is intended to give you pointers to places where you can start working on the security of your system. Also, this does not cover Postgresql security.

First thing you have to do is to secure your server against intrusion. If your server is connected to the internet, your server is a target. Plain and simple as that.  How do you get started? This is a link to a great introduction on Linux security:

http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/

If you are using a Debian or Ubuntu distribution, you should read the Securing Debian Manual. And if you are running Ubuntu, don’t forget to check the Ubuntu Security Documentation (you should complement it with the Debian security manual).

Those are some pointers to places where you can get information on how to get started on securing your Linux server. Securing it against intrusion is extremely important, and should be one of your first items in your agenda. Again, if your server is connected to the Internet, your server is a target. And most of us can not afford to stop operations because our server was attacked by hackers.

Cheers!

Related Articles

• Official Ubuntu Server Book (i-programmer.info)