Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Unknown clients in the inventory

Here is the translation of your message into English:


Hello,

We installed a new agent (2.10.1) a few weeks ago to replace an older version. Since then, we have noticed reports of unknown clients that are not part of our inventory.

The data is consistent, with a model, serial number, hostname, IP, CPU, etc.

A specific point to note, these clients all share common characteristics:

  • Hostname with 6 characters
  • IP consistently coming from Microsoft
  • RAM: 1024 MB
  • CPU: Intel XEON E5-2673 v4
  • OS: Windows 10 Enterprise
  • UUID: 11111111-2222-3333-4444-555555555555
  • Each of these clients has connected only once so far

We have considered possibilities like VMs, RDP, VPN, but so far, no correlation has been found.

Do you have any explanations or ideas regarding these connections?

Best regards,

in OCS Inventory NG server for Unix by (230 points)

7 Answers

0 votes

Have you opened ocs-inventory for the whole world?

by (24.5k points)
0 votes

yes ocs is open on the internet but 'protected' by certificate

by (230 points)
0 votes
Whaouh, a certificate is a protection for OCS ! Are you sure ?

(It's really very simple to get the certificate provided by the server and ... this is the certificate cacert.pem needed by agent with SSL_enabled=1 ! Definitively this is not a security !! Anyone could easily pollute your inventory. Begin you could start to filter using geography to your country ?)
by (20.1k points)
edited by
0 votes
that's what I was afraid of

and how do you secure effectively?

is there any documentation available for this?
by (230 points)
+1 vote
by (24.5k points)
edited by
0 votes
Thanks Sokatra for remember usage of authentification for agents.

IMHO, usage of certificate (SSL_enabled=1) is very poor, because you could get easily the certificate of any HTTPS server. But protection of account/password is also easy to setup for server and for agent. (If a guy have access to a computer, he could also copy ocsinventory.ini and continue to pollute your inventory ...)

Please consider when you deploy a change in ocsinventory.ini (using package) to change ALSO the url (and keep old url on server): the same server could be reached with different url corresponding to different ocsinventory.ini settings. So agent with old .ini could reach server as agents with new .ini settings. This is easy using virtualhost and different nameserver ... (I do this also when I change the agent version ...)

(Also, virtualhost could avoid to publish on internet /ocsreports !! Consider adjust you Apache conf files ...)
by (20.1k points)
edited by
0 votes
Thank you cquesh , i know that password authentication with ocs-inventory clients isn't really secure, but one of the best actual options to prevent inventory pollution.

I think there should be an option in ocs-inventory server where for example only local network clients would be allowed to enter the server the first time.

Also client certificates are possible if ocs-onventory will support them in the future, but i think that is very complex.

Perhaps you know other methods.

Kind regards
by (24.5k points)
 
Powered by Question2Answer
...