Ocs-Inventory, how to control al de computers with free software

OcsInventory-NG is a free software to inventory computers. The second version was released past month. Unfortunately, the debian/ubuntu repositories haven’t been updated from a long time ago, so you have to compile it for your linux/unix computer if you want the last version. Of course it is a multiplataform system, as everybody could expect for a massive inventory software. So you can install it very easily in your windows PCs without compiling anything.

This software use a client-server architecture. The client is known as agent. You must install an agent in each computer to inventory it. All the information(software and hardware) will be reported to a server, where you will administer all the computers through a web interface.

To install the software in a windows network you can use the domain controller. To know how, you can look for it in google, there are guides of how to install a software using it. Also the Ocs people provide a program to install it massively but you will need to have a unified administer password for all the computers.

After you inventoried any computer, you will be able to saw all it’s hardware and software. One of the biggest point of this software is that it allow the massive installation of new software in the inventoried computers. Of course there is a filter system that allow us to install or uninstall any software in desired computers. You can filter them by tag, operating system, softwre installed/uninstalled, updates received, hardware, network configuration…. All this information is reported to the server.

If you are interested in this software, it’s important to analyze all the features, like SNMP inventory or IPDiscover, that will give us the possibility to inventory that devices in which it’s impossible to install an agent.  If you want some information, that by default, is not extracted from the computers OcsInventory have a plugin system that allow users to develop their own scripts to get what you want about the computers.

This software is licensed under GPL2. Normally it’s cheap to use free software, but in this case it’s very cheap compared with non-free software that make you to pay for the number of computers you will inventory, so for big companies it could be a hugh amount of money. The development team have benefit for support. But I’m sure they do integration because the development of any software in hundreds of computers of different operating systems is always a headache. Unfortunately, for them, the past year one of the developers left the team to create a new fork called FusionInventory. So now there are alternatives in free software for massive inventory. If you are the creator of a GPL software you must know that this type of thing will happens, but as equal as fusioninventory could copy ocsinventory development, ocsinventory could copy fusioninventory, so they can take advantage from it. Also being the creator of a software mean that you have it’s copyright, so ocinventory could change it’s license when they want(with the exception of the community developments), but fusioninventory must keep the code under GPL license forever.

Here you can see a comparison between both of them, but it is made by fusioninventory people, so it could not be objective: http://forge.fusioninventory.org/projects/fusioninventory/wiki/Features.

To explore you have a demo interface here, where you can explore features and configurations:

http://demo.ocsinventory-ng.org/

If you want to learn more:

http://www.ocsinventory-ng.org/en/

http://fusioninventory.org/wordpress/

Android

Android is a mobile operating system created by Android Inc. It is based on Linux kernel. It’s development started in 2003 and in 2005 the company were acquired by Google. Google accelerate it’s development, but we waited until 2008 to view the first device with this software.

Why google, a search engine, want to release a operating system?.It’s easy to explain. The target of google services(google, gmail, picasa, youtube…) are the publicity. The use them to get information from the user to create customized ads. Android is only a new way to get information and to advertise.

Why is good android? In my opinion, android is the unique real competence to Iphone. This force to apple to improve their device faster, also apple force android to innovate every time. Of course I prefer Android, a free system that allow as to do more thing, to customize the devices and to install other ROMS. Also a lot of manufactures offer a big number of device with very different prices.

Why android could be better? Their development is closed. This mean that there isn’t a development community, so if you want to develop a new feature you can’t or it depends of the strategy of google. Of course you can develop applications, it’s part of the marketing strategy of google,, but you cannot change Android system. Thank you to alternative ROMs we can install other versions with new features but this is a manual process in which you can loose the guarrantee of your device. Other problem of Android are the multiple versions. From 2 years ago they have release about 7 versions.  It seems that Android is a beta version. Of course the update of the software depends of the operators. For developers this mean that an application developed for android will not work in every devices, depending of its version and its characteristics.

Android have a potential that IOS don’t have, because it is free and there are a lot of companies behind it(not only google work in it’s development). They have to work hard, to unify compatibilities and to increment its functionalities. Now the development and innovation in mobiles are very fast, it remember me to the 90’s when you bought a PC and a year later it was old and you need to buy a new one to run current programs and games. Now it’s the same with mobiles, if you want to use the latest application, probably it’s impossible to run in a device with more than one year. Today the dual core mobiles are arriving to the shops, next year will be quadcore ones with graphic acceleration. I expect in 5 years the hardware will be stabilized, with more homogeneous devices and standards operating systems.

Regardless I hope that PC operating system will adapt an interface form mobiles. Debian and Ubuntu have started projects to release smartphones version. Imagine a mobile with all the repository of Debian. There isn’t any current OS that can compete with this, but companies are not interested in this, because it is difficult to create a “market” for a Debian system, so they will not have the benefits that they have now.

We will see changes constantly the next years, it will be amazing.

MySql definition of free database

Every developer of free software and most of the other developers too know MySql. MySql is the most famous database system. MySql first release was in 1995 and it was developed by MySQL AB, but in 2008 MySQL AB was acquired by Sun. Sun kept the business model so it continued to be free.

MySql is a dual-license software. This mean that you can acquire it choosing one of two licenses. One is free, the GPL. So you can use it for free and you have the source code of it. The other one is a commercial one.  This second license allows you to integrate MySql in a private software and sell it. Remember that GPL don’t allow this.

Why is the most famous?

• Because it is free.
• It is multiplataform.
• There are APIs for most important languages.
• A lot of third-party software have been developed around it.
• There are a lot of documentation.

Also it is used in LAMP systems. LAMP(Linux Apache Mysql Php) is the perfect combination of free technologies for webs. All that technologies are free and they hava a total integration. There are a lot of webs applications, cms, blogs…that are perfectly integrated with LAMP.

I recommend it to everybody.  It’s important to remark that it is a relational database. Also you can use it as a non-relational database, but if you need a better performance with non-relational you must take a look to mongodb and cassandra(developed by facebook), both of them are free.

The current situation of MySql is undefined. Oracle, which develop one of the most important database systems, bought Sun in 2010. So Oracle could stop it support when they want eliminating its competitor. I thought there must be laws to avoid companies to buy their competitor….

Thanks to the license GPL there are forks that will continue the development of this software. If you want to look for it you have tree important forks: Drizzle, MariaDB and Percona Server.

OSSIM (Open Source Security Information Management)

¿What is OSSIM?

OSSIM, as the logo says, is a software being developed by a spanish company called Alienvault. Actually is the one of the best open source SIEM( Security Information and Event Management).

OSSIM is a integrated in a Debian distro. It is a combines some Open Source tools and  integrated them to create a great one. The tools included in OSSIM are these

• Arpwatch – used for MAC anomaly detection.
• P0f – used for passive OS detection and OS change analysis.
• Pads – used for service anomaly detection.
• Openvas – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
• Snort – the IDS, also used for cross correlation with nessus.
• Tcptrack – used for session data information which can prove useful for attack correlation.
• Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
• Nagios – fed from the host asset database, it monitors host and service availability information.
• Osiris – a great HIDS.
• OCS-NG – cross-platform inventory solution.
• OSSEC – integrity, rootkit, registry detection, and more.

With all off these tools we can acquire information from the network, the servers, and the desktop computers of an entire company.

OSSIM is oriented to monitor the network. Thanks to snort it can sniff all the network traffic analyzing it and comparing it with data base of signatures. All the information analyzed by snort will create “events” in OSSIM. This events are suspicious traffic, it could be something dangerous or not. So we need more information to decide if we have to waste our time with it. This is the reason we need more tools. For example, snort can detect an attempt to access illegally to a windows service, but if the target is a Linux we can forget the event.

Other functionality OSSIM provide us is the logs collector. We can send to a OSSIM logs of all platforms machines. To do this OSSIM use syslog, so it is very easy to configure a UNIX-like. For Windows machine could do the same installing a software like SNARE or OSSEC. Thanks to some plugins OSSIM can understand all the log and create an event, that are the same as the snort ones.

Other important information OSSIM can collect came from inventory programs. To gain a reliable information we can install a osc-inventory or OSSEC in each machine. Also we can do the inventory manually.

Also there are other integrated tools like Nagios to monitor services, Ntop to Netflows…

With all this information, and events, using a punctuation system, OSSIM can create alarms. To do this we have the directives that OSSIM. With this directives we can relate different events detecting behavior patterns. The directives are provided by OSSIM but could be customized. Also we can associate actions to the alarms or events, like sending email or running a programs. This is so powerful.

All this can be management by the framework. They use a web interface using apache and Mysql. Throw it we can show and costume some real-time graphics. We can scheduler a vulnerability scanning, with Openvas, and create reports of all the information collected by OSSIM.

Firsts versions of OSSIM were licensed under BSD. That allow to the developers and software to change from one company to other. But the actual version is licensed under GPL. Why did OSSIM decided to change the license? Provably to try to get some feedback from the users. Unfortunately that is very difficult. First because if somebody change the code, creating a modified one, only have to give the code to whom they distribute the binary code, and second because they have don’t have a developer community. Perhaps in a future when it could be more used, somebody could create it or do a fork.

But not all in OSSIM is open source. Their business model is open-core. This mean that the sell a professional Version. These are the differences:

	Open Source	Professional SIEM
Support	Community	7×24
Quality Assurance	Community	Professional Q&A
Security	Not audited	Audited
Performance	Moderate	30 x Open Source, Assured
SIEM Intelligence	Logical Correlation Simple Taxonomy	Cross Correlation Rich Taxonomy
Logger	N/A	Unlimited Forensic Storage
Reports	< 25 + Jasper	> 200 + Web Wizard
Scalability/HA	N/A	HA, Distributed ,Multitenant, Unlimited
Compliance	High Level Reports	High and Low Taxonomy-based
Updates	None	Daily rules and reports
User Management	Individual, simple controls	Templates and Granular Controls

So you can use an open source version or a professional version that is pre-installed and you ask for support including the integration. Also the updates are included, thanks to this the company can unify all the OSSIM versions of the customers. Other source of incoming are the courses and certifications.

I couldn’t find which is the license for the Pro version, so we can understand it is privative software. With this privative version they avoid other companys to competition with them with them using the best version. Thanks to LGPL license of the Linux libraries it is possible.

What they keep an open source version. To start it is a Marketing strategy, because they publish their software as Open Source, but if you buy it you will have a privative one. Other benefit is that a anybody can try it for free, and if you like it and need some support you can pay for the professional version. The Open-Core model is better than an privative one, but is not totally Open Source. We can read some critics in this link:

http://www.opensource.org/blog/OpenCore

This post is not a tutorial, only an introduction to what OSSIM is. OSSIM is not a software for a home network, anyway you can try it at home. Keep in mind it is an advanced tools, so, do not try it if you are a beginner.

Ossim Web: http://www.alienvault.com

 

	Open Source	Professional SIEM
Support	Community	7×24
Quality Assurance	Community	Professional Q&A
Security	Not audited	Audited
Performance	Moderate	30 x Open Source, Assured
SIEM Intelligence	Logical Correlation Simple Taxonomy	Cross Correlation Rich Taxonomy
Logger	N/A	Unlimited Forensic Storage
Reports	< 25 + Jasper	> 200 + Web Wizard
Scalability/HA	N/A	HA, Distributed ,Multitenant, Unlimited
Compliance	High Level Reports	High and Low Taxonomy-based
Updates	None	Daily rules and reports
User Management	Individual, simple controls	Templates and Granular Controls

 

QBO, robots will be free

If you have been looking some robots with some network functionalities, like gmail, voip, remote music player, you will know Tux droid and Nabaztag, two small and cute pets(Tux Droid and Nabaztag):

 

If you have being looking for a robots that could  this ones are more interesting. The include webcam, and WIFI(rovio and spykee):

Spykee and Tux Droid are open source robots, so they are good selections.

If you want to create your own robot, what will you demand??

A mobile robot with cameras, sensors, wifi, bluetooth and with a Linux Distribution installed???? any thing else??

So here it cames, the QBO Robot:

If you want to know more about it you can go to their blog:

Blog

It’s not yet for sale. But you can download an iso with the alfa version os the QBO linux distribution, that is based on Ubuntu 10.04, a LTS version. The potential of a robot with all the Debian repository is incredible. We will can do everything we want.

Talking about the economic aspect. The business model of the company (thecorpora) is to provide a hardware. The success of it depends entirely af the software development strategy, because it could add incredible applications for it. In this case, we don’t know how it will be, but on my opinion they must try to create a very big community that could work alone. If there are a lot of people interested on it and developing they will not need to control the development, and spin-out it. Of course at first the company will need to help and create a stable community.  They work could be only to make the hardware and improve it.

Also, in the legal aspect the have an advantage. In europe the software patents are not allowed, but they can patent all the robot that include the software. Will they make use of the patent? I don’t know.

Good luck to thecorpora team. I expect to buy it as soon as I can.

Nessus and Openvas

I’m a defender of the free software. And there are each time more free software, and a lot of companies open their source code. But sometimes the thing are different. And this is the case.

Nessus is a vulnerability scanning software. Until 2005 it was distributed under GPL license. But the with Nessus3 this changes. Thy give it for free or paying for a professional feed, but no more source code.

Why this happens? Their reasons were this:

…A number of companies are using the source code against us, by selling or renting appliances, thus exploiting a loophole in the GPL…

…Virtually nobody has ever contributed anything to improve the scanning engine over the last six years…

We can understand this in different ways. They decide that there wasn’t space for free software in security world, at least if you want to make money with it. I think the problem wasn’t that. Simply they didn’t “sold” the product/service as it was needed.

Actually there is a GPL fork of Nessus, called Openvas. OpenVas is development thanked to some companies that provide feeds and development, and OpenVas is GPLv2. So Nesssus didn’t do it well if they thought they couldn’t make money with open source.

We have to know that the Open Source, usually is developed by companies and that companies want to make money with it. As every business sometimes it gose good, others not.  It’s not a problem of the development, it’s a problem of the bussiness model.

http://www.openvas.org/professional-services.html

http://greenbone.net/

http://www.nessus.org/