We decide to no longer use snmp_com.txt and SNMP communities data are stored in database. OCS server pass SNMP communities data to agent at PROLOG step. SNMP communities data are sent only if OCS agent communicate with OCS server using HTTPS and if OCS agent DEVICEID is already known in database.
We removes Apache "Alias" configuration from ocsinventory-reports.conf file and we removed SNMP configuration steps in setup.sh script. Moreover, we had a treatment in OCS unix agent postinst.pl script to remove snmp_com.txt file if exists at agent side.
All of this will be integrated in future OCS 2.0.3 release.
Hi,
We have just fixed this security issue at server side (web console and engine) and unix agent side:
http:// bazaar. launchpad. net/~ocsinvento ry-core/ ocsinventory- ocsreports/ stable- 2.0/revision/ 797 bazaar. launchpad. net/~ocsinvento ry-dev/ ocsinventory- server/ stable- 2.0/revision/ 686 bazaar. launchpad. net/~ocsinvento ry-dev/ ocsinventory- unix-agent/ stable- 2.0/revision/ 1069
http://
http://
We decide to no longer use snmp_com.txt and SNMP communities data are stored in database. OCS server pass SNMP communities data to agent at PROLOG step. SNMP communities data are sent only if OCS agent communicate with OCS server using HTTPS and if OCS agent DEVICEID is already known in database.
We removes Apache "Alias" configuration from ocsinventory- reports. conf file and we removed SNMP configuration steps in setup.sh script. Moreover, we had a treatment in OCS unix agent postinst.pl script to remove snmp_com.txt file if exists at agent side.
All of this will be integrated in future OCS 2.0.3 release.
Kind regards,
Guillaume