GLPI is NOT affected by the Log4j vulnerability CVE-2021-44228

 

 

A newly revealed critical vulnerability impacting Apache Log4j was disclosed and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By exploiting this vulnerability, a remote attacker could take control of the affected system.

We would like to assure all users that GLPI core and its plugins, being written in PHP and not using Log4j, are not affected by the Log4Shell vulnerability.

Exploiting this vulnerability requires a Java Virtual Machine and the org.apache.logging.log4j.core.lookup.JndiLookup Java class in a vulnerable version. None of them are included or used in GLPI distributions.

We can also confirm that:

  • GLPI Android Agent (writen in Java), doesn’t use Log4j library, and thus is not affected by the Log4Shell vulnerability
  • GLPI Agent (writen in Perl), is not affected by the Log4Shell vulnerability

Warning: this does not prevent layers/tools potentially upstream of GLPI (reverse-proxy, firewall, etc.), or connected to GLPI, which we are not aware of in your context, from being potentially impacted.

For example, if you have a Metabase server connected to GLPI you should note that Metabase (<0.41.4) is affected by Log4j vulnerability, and you should update it ASAP!

Documentation:

Manage rack with GLPI.

Starting from the GLPI version 9.3 version rack management feature was integrated to the system’s core. Improvements in its design were also made, giving a more realistic touch to the items when assembled, giving us the possibility of having something similar to the following image:

Assembled rack in the GLPI’s rack management module.

Like every other thing in GLPI, the racks are basically configuration items that can be added and managed inside the system.

The biggest difference, in this case, is that the management goes further and allows us to have the graphic vision of how the configuration item is developing.

Although having the true and graphic vision of the configuration item’s representation isn’t mandatory in any standard, the possibility attracts users who likes to know how the services are being delivered and also facilitates the decision making for analysts and managers

What’s a rack?

Racks are structures, normally made of steel to accommodate IT equipment such as servers, switches, cable panels, among others.

They have an importance both from the aesthetic point of view, making everything more beautiful and organized, as well as safety-wise, making IT assets inaccessible to people with access to the same environment as the rack.

Why use a rack?

Racks are used to help organize and also protect the physical structure of the IT components, whether it’s assets (equipment) or liabilities (structured cables).

It can also have distinct purposes in a organization, or even mixed, depending on each necessity and capacity:

  • Hold network servers;
  • Telecom equipment;
  • Network assets such as switches, routers, wifi controllers, among others;
  • Telephony equipment;
  • Structured cabling;
  • Or even a mixture of some of these items or all of them at once.

In bigger organizations, it is common to have multiple racks, one designed for each function.

  • Telecom racks;
  • Server racks;

Since they have a bigger footprint, purchasing power and infrastructure’s complexity level, they segregate their resources in order to elevate the safety and management levels.

These are the two most popular types of racks in the market:
  • Floor rack: Rack with feet to be installed on the floor;
  • Wall rack: Rack without feet to be installed on a wall by its inferior part with the use of fastening screws and bushings.

Of course, there are other types of racks such as two-door floor rack, with side doors, and many more characteristics. But it’s up to each organization to know to what level to spend resources to manage the asset’s characteristics.

To create rack types on GLPI, you must proceed as follows:

Step 1: Access “Setup > Dropdowns > Types”

Step 2: In the session “Types”, look for “Rack types” and click in its link

Step 3: Click on “ Add a new item” and register your new rack type.

What assets do can you place on racks?

Beyond the network and server assets, the racks also tend to accommodate accessories, which are called liabilities.

The most used and, consequently, most known liabilities are:

  • Patch panel;
  • Cable guide;
  • Blind cover;
  • Tray.

> Patch panel

Cable panels or Patch panel as they are popularly known in the technical niche, are panels used for the arrival of structures cabling, having connection sockets in the RJ45 standard to provide the connection of Terminal Points (which arrive via structured cabling) to other network devices inside and outside the rack.

For the interconnection of the devices, whether assets or liabilities, small cables of variable sizes are used, which are known as Patch Cords, as the images above and below represent:

> Cable guide

The cable guides help us organize the patch cords inside the racks, so that the rack doesn’t look like “drained noodles”, a very common term for when the cables are loose and unorganized.

> Blind cover

The blind cover has the goal to block the view of the rack’s interior. It is an interesting item to keep the rack beautiful and organized.

> Tray

Usually, we have assets such as small routers, carrier modems or devices such as midia converters that we need to put in the rack for safety and even convenience reasons.

The fact is that these devices don’t have 19’’ of width and so they can’t be conventionally fixated on the rack. Therefore, we need a special resource to keep them organized.

This resource is the tray.

There are various types of trays:

  • Fixed: after the installation, movement isn’t allowed;
  • Slider: they have lateral slides/tracks, allowing movement to the outside of the rack.

It’s also common to buy trays that occupy only half of the rack’s depth, enough to serve us for specific use and a limited amount of equipment.

Creating network devices on GLPI.

Starting from GLPI 9.5 version it is possible to create network devices in the system. To do so, please, follow the instructions:

Step 1: Access path “Assets > network devices”

Step 2: Click on “Add item”

Step 3: Register the network

Commonly used assets on racks:

What we’ve seen so far were just configuration items of the liability type. Now, we will quickly see the main assets:

  • Switch
  • Server
  • Firewall
  • UPS

> Network switch

Switches allow the interconnection of lots of devices via network, such as computers, routers, servers and others that use network connectors. We won’t get into types of network connectors in this article. It’s already going further than I thought it would earlier today.

> Server

Regarding servers, the market supply is as diverse as possible. We have cabinets of various models. But what interests us in this moment are the following:

  • Rack server: appropriate cabinet to use on racks
  • Micro server: a small server developed by HP for micro organizations.

About the rack servers, what we can add is that they have several sizes, both in height (measured in U, as we’ve already seen) and depth (it’s necessary to check if the rack also has enough depth). In some rare cases, the server itself doesn’t have 19’’ of height, but comes with mounting accessories that allow its use and correct fixation in the racks.

> Firewall

Firewalls are items found commonly on racks. That’s exactly where they tend to operate: the edge of the networks!

Today, we’ve been finding a range of firewalls on the market varying in manufacturers, models, sizes or even type:

  • Physical:

Box bought with the manufacturer;

Software installed in server hardware.

  • Logical:

Running it in a virtual machine inside the server.

What interests us here is only the physical, sold in a standard cabinet from the manufacturer and most of the time, installable on racks.

> UPS

Our next item is the UPS. It’s responsible for ensuring a certain continuity of equipment operation when there is a failure in the power supply.

There are several equipment models and shapes, but these details don’t fit in this post. What interests us is just the affirmation that some models are proper for installation on racks.

>Ruler, the must-have item

Another item that you must have is the electric ruler, which is no more than a Power Distribution Unit. On GLPI, it is called PDU (Power Distribution Unit). The rulers have the function to distribute energy to the assets installed on the rack.

There are several types, outlet quantities and resources, such as monitorable via network using the SNMP (Simple Network Management Protocol).

Creating PDUs on GLPI.

Since the 9.3 version, GLPI comes with the native possibility of registering PDUs in the system.

This registration can be done with the following procedure:

Step 1: Access “Main menu > Assets > PDUs”

Step 2: Click on “Add items”

Step 3: Add your PDU with its proper characteristics

Assembling racks on GLPI.

With GLPI we can assemble an image of our racks using the items we have in our configuration base and then have a great level of management over these items.

Adding a rack on GLPI

To create a rack, just access the system in “Main menu > Assets> racks”.

Now, just click on “Add” to create your first rack on the system.

Data of the rack

After the rack’s registration, it will be available for us to “decorate” however we want.

Adding items to the rack on GLPI.

In order to provide a better experience, we’ll demonstrate the configuration of some of the items mentioned in this post.

The first item we’ll add is the UPS. This equipment, as mentioned above, is heavier. Therefore, we’ll install it at the position 1 of the rack, leaving most of the weight concentrated in the inferior region of the rack.

For that, just click at the center of unit 1 of the rack at the “plus” sign that appears when we pass the computer mouse over this region:

A modal will open asking what kind of item we want to insert in the rack.

The asset classes allowed for use by GLPI are:

  • Computer
  • Monitor
  • Network devices
  • Generic devices
  • Chassis
  • PDUs
  • Liability devices (Thank God the plug fell for the insertion of these items)

While selecting any of the classes, GLPI will list the assets for us to select one and install on the rack.

After selecting the item, just click on “Add” and then you’ll have your asset installed.

You can proceed adding items to your rack.

Impact & Relationship management.

Starting from GLPI 9.5 it is possible to create dependencies connection between assets. Now you can see which assets will be affected in case of damage/problems/incidents.

Ready to give it a try? 

Start your 45 days free trial

CREDITS:

  1. The article was written by Halexsandro Sales, CTO at Verdanatech and adapted for Teclib.
  2. Original version in Portuguese: click here.
  3. Translated from Portuguese to English by Laís Borges Dantas.

NEW SILVER PARTNER IN FRANCE: PROCSI

 

Procsi is an Information System Integrator and Operator. It is a small, strong structure started by a group of experienced professionals, with references from small to large companies, operating in fields:

AUDIT & CONSULTING: IS strategy, security, project management, ITSM;
IT MANAGEMENT: management of computers, servers, networks, telephony;
INTEGRATION: business software, ITIL tools, processes;
TELEPHONY: network infrastructure, VoIP network security, SBC.

Website: https://www.procsi.fr/ 

We are proud that GLPI ITSM solution is becoming more and more represented all over the world and GLPI Network (our support offer for on-premises – get your IT Infrastructure secured) subscription service will be available for more customers through our new partners.

Our large partnership network is always open for new collaborations. If you are interested in representing one of our products in your country, get in touch with us: click here.

Being a partner means having an a direct access to the Teclib´s technical database, new releases, official support and many other tools which will help you to gain more customers and increase reputation on the market. Find out all benefits of being a partner sending us an email: click here.

Check the list of our partners: https://glpi-project.org/partners/ 

Formcreator 2.12.0 beta: translatable forms!

 

 

Formcreator plugin for GLPI is a plugin which allows to create custom forms of easy access. Using Formcreator in GLPI you can offer your users alternative way of ticket creation. All forms are completely translatable and wide selection of fields types is available. Today we are happy to announce the release of Formcreator plugin version 2.12.0 beta:

Meet the new feature: translatable forms! Now you can translate any form to any language without having to duplicate it. We have prepared the video to showcase the feature:

If you use anonymous forms, the plugin detects the language of the browser and attempts to use the suitable translation (if available).

Download beta version here: click here

Reasons to migrate to GLPI Network Cloud!

 

 

Using GLPI on-premises? Do you want to try GLPI with all exclusive plugins and support package included? We offer free data migration, so you can test the platform in a production mode.

Here is why you have to give it a try:

Security:

All GLPI Network Cloud instances includes Support L.3 and covered by Teclib guarantee.

Speed of implementation​:

You do not have to make the initial installation, GLPI Network Cloud is already setup, just create your account and start parameterization.

Service:

Updates and backups are included to our offer, no need to worry about data loss anymore!

Functionality:

Use all exclusive GLPI plugins to enhance your experience: Branding to customize your instance, AdvancedDashboards to build your own reports, Oauthsso to login via third party providers like Facebook or Azure, etc.

Scalability:

Your team is growing? With monthly payments you can add as many agents as you need. Our payment system aslo allows to end service any time you want. Consult our Privacy Policy here: https://www.glpi-network.cloud/privacy-policies.php 

Start your free trial here: click