Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Metasploit @ 2010 Utah Open Source ConferenceJason Wood
Metasploit is a powerful application to use in a penetration test. It is an application that all security professionals and systems administrators should be familiar with. This presentation goes over the basics of Metasploit and some of its many capabilities.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
Metasploit @ 2010 Utah Open Source ConferenceJason Wood
Metasploit is a powerful application to use in a penetration test. It is an application that all security professionals and systems administrators should be familiar with. This presentation goes over the basics of Metasploit and some of its many capabilities.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Tony Chen
Every game console since the first Atari was more or less designed to prevent the piracy of games and yet every single game console has been successfully modified to enable piracy. However, this trend has come to an end. Both the Xbox One and the PS4 have now been on the market for close to 6 years, without hackers being able to crack the system to enable piracy or cheating. This is the first time in history that game consoles have lasted this long without being cracked. In this talk, we will discuss how we achieved this for the Xbox One. We will first describe the Xbox security design goals and why it needs to guard against physical attacks, followed by descriptions of the hardware and software architecture to keep the Xbox secure. This includes details about the custom SoC we built with AMD and how we addressed the fact that all data read from flash, the hard drive, and even DRAM cannot be trusted. We will also discuss the corresponding software changes needed with the custom hardware to keep the system and the games secure against physical attacks.
Kernel Recipes 2013 - Viewing real time ltt trace using gtkwaveAnne Nicolas
This presentation will explain how to use some ltt to be viewd in gtkwave, a graphical visualization tool, developped by the Parrot team.
It will also explain why this tool was developed, review some of the problems that have been analyzed using these traces. It will finally end up on the ongoing integration with LTTng 2.x.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Enabling TPM 2.0 on coreboot based devicesPiotr Król
This talk was presented during European coreboot Conference 2017 in Bochum. In this talk we walk through procedures required for enabling TPM 2.0 using LPC interface. We implemented that support as part of our ongoing maintainances of PC Engines apu series (AMD G-series) platform.
Video is available here: https://youtu.be/Yjb9n5p3giI
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Tony Chen
Every game console since the first Atari was more or less designed to prevent the piracy of games and yet every single game console has been successfully modified to enable piracy. However, this trend has come to an end. Both the Xbox One and the PS4 have now been on the market for close to 6 years, without hackers being able to crack the system to enable piracy or cheating. This is the first time in history that game consoles have lasted this long without being cracked. In this talk, we will discuss how we achieved this for the Xbox One. We will first describe the Xbox security design goals and why it needs to guard against physical attacks, followed by descriptions of the hardware and software architecture to keep the Xbox secure. This includes details about the custom SoC we built with AMD and how we addressed the fact that all data read from flash, the hard drive, and even DRAM cannot be trusted. We will also discuss the corresponding software changes needed with the custom hardware to keep the system and the games secure against physical attacks.
Kernel Recipes 2013 - Viewing real time ltt trace using gtkwaveAnne Nicolas
This presentation will explain how to use some ltt to be viewd in gtkwave, a graphical visualization tool, developped by the Parrot team.
It will also explain why this tool was developed, review some of the problems that have been analyzed using these traces. It will finally end up on the ongoing integration with LTTng 2.x.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Enabling TPM 2.0 on coreboot based devicesPiotr Król
This talk was presented during European coreboot Conference 2017 in Bochum. In this talk we walk through procedures required for enabling TPM 2.0 using LPC interface. We implemented that support as part of our ongoing maintainances of PC Engines apu series (AMD G-series) platform.
Video is available here: https://youtu.be/Yjb9n5p3giI
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.
Heat Provide great resource management abilities to OpenStack, a lot of fancy projects came out base on Heat’s orchestration abilities. A lot of OpenStack environment installed with Heat, but didn’t know how to use it well. Zombie resource happens, and this is very bad for cloud management.
We will give examples to operators and developers for how you can manage your cloud smartly by taking advantage of Heat.
Also deep dive into Heat’s features: “Convergence” and “SoftwareDeployment” for developers.
Extending TripleO for OpenStack ManagementKeith Basil
Operational awareness and value for cloud operators has largely been ignored by the OpenStack community. Today with the maturity of TripleO and inclusion of Tuskar, we can now begin to think about TripleO's use as a vehicle for OpenStack infrastructure management.
The question now is How do we extend TripleO with additional value?".
Within this context, there are several areas of integration which can be explored. These include an operator dashboard, infrastructure instrumentation agents, bare metal drivers and other supporting services. Hardware and software vendors can gain insight into what integration looks like from a product point of view.
In this session, we will explore:
- Why TripleO works for infrastructure management
- TripleO management integration points
- What TripleO means for hardware/software vendors
- Early work in this area
OSDC 2018 | OPNsense: the “open” firewall for your datacenter by Thomas Niede...NETWAYS
OPNsense is an open source and easy-to-use FreeBSD based firewall and routing platform. 2018 – three years after OPNsense started as a fork of pfSense® and m0n0wall – OPNsense brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. A strong focus on security and code quality drives the development of the project. The modern and intuitive web interface makes configuring firewall rules funny
In this talk, Thomas will outline OPNsense’s FreeBSD-based architecture and how you can take advantage of additional features using OPNsense plugins. He will also show how to initially setup an OPNsense firewall, and how you use datacenter-features like High Availability & Hardware Failover or Dual Uplinks.
Open (source) makes sense – also for your firewall
For people who want to start out with #opensource , #openstack, #cloud , #bigdata Linux is the foundational skill. Consider this a beginner guide to linux , understand why it is important , what is the landscape and how easy it is to learn it.
The learning cheat sheet can be utilized from http://linoxide.com/guide/linux-command-shelf.html
PDF version attached as well .
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Fusioninventory rmll-2011
1. Assets management with FusionInventory
David Durieux <d.durieux@siprossii.com>
´
Goneri Le Bouder <goneri@teclib.com>
July 2011
2. About us: David Durieux
IT management consultant
GLPI core-developer
FusionInventory project co-leader
Work at siprossii, Lyon area, France
3. ´
About us: Goneri Le Bouder
Free software enthusiast
FusionInventory project co-leader
Debian Developer
Perl Monger
Former OCS Inventory developer
Work at TECLIB’, Paris, France
4. The FusionInventory contributors
about 10 people directly involved in the project
active community of contributors
2 companies involved
We are looking for people to JOIN US!
5. The FusionInventory contributors
about 10 people directly involved in the project
active community of contributors
2 companies involved
We are looking for people to JOIN US!
6. The origin
2006 Agent creation
2008 Server project (Tracker, a GLPI plugin)
2009 Agent/Server integration
2010 FusionInventory project
2010 Uranos integration
2011 Rudder integration
7. The project infrastructure
FusionInventory is a community-driven project.
active mailing lists
IRC: #FusionInventory on FreeNode
public Forge, Git repositories, etc
8. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
9. First, some vocabulary!
Agent: a software running one a computer
Server: a software that can speak with the Agent
Task: an action done by the Agent for the server
10. pull / push
FusionInventory supports ”push” and ”pull”
”pull”: Agent =⇒ Server
the agent creates the connection to the server.
”push”: Agent ⇐= Server
the server awake the agent by itself.
11. Tasks
Different Tasks are supported:
Inventory
Network discovery
Remote SNMP inventory
Software deployment
vCenter/ESX/ESXi remote inventory
Wake On Lan
12. Servers today
4 different servers (so far!)
FusionInventory for GLPI
http://www.FusionInventory.org
Uranos
http://uranos.sourceforge.net/
Rudder
http://www.normation.com/#produits
OCS Inventory NG (patched to ignore the UserAgent
filter)
http://forge.fusioninventory.org/projects/
fusioninventory-agent/wiki/Patch_ocs_server
...local mode is also possible for Inventory
14. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
15. Server: Installation
FusionInventory for GLPI
A GLPI generic plugin.
1. Extract
2. Configure
3. You’re done!
16. Agent: supported OS (1/2)
Runs everywhere!
A large collection of supported OS
all the major system are supported
portage is easy as soon as a Perl exist
17. Agent: supported OS (1/2)
Runs everywhere!
A large collection of supported OS
all the major system are supported
portage is easy as soon as a Perl exist
18. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
19. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
20. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
21. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
22. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
23. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
24. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
25. Agent: supported OS (2/2)
Supported Operating Systems:
Linux
BSD
AIX
HP-UX
Solaris
Windows, all from 2000 to Seven 64bit
A complete list is avallable on the website
26. Agent: Tested systems
Linux
Debian all since 3.1
Ubuntu all since 8.04
Mandriva 9.2, 10.2, 2007.1, 2010.0, 2010.1
RedHat EL (or CentOS) all since 3
Fedora all since the 2nd
SUSE Linux Enterprise Server 10, 11
Slackware 10 to 13
RedHat Linux 7.0, 8.0 and 9.0
SME Server 7.5
OpenSUSE 11.3
Gentoo 1.6.14, 2008
Montavista 4.0
27. Agent: Tested systems
Windows
Windows 2000 ≥ SP4
Windows XP all
Windows 2003 all
Windows 2008 all
Windows Vista all
Windows Seven all
28. Agent: Tested systems
MacOSX
Panther 10.3.9 PowerPC
Tiger all
Leopard all
Snow Leopard all
29. Agent: Tested systems
Solaris
Solaris 8 to 10 for SPARC and 10
to 11 for x86
OpenSolaris 2009.06
OpenIndiana oi 148
30. Agent: Tested systems
BSD
OpenBSD 4.5 to 4.8
FreeBSD all since 5.3
include Debian
GNU/kFreeBSD
NetBSD 5.0 and 5.1
DragonflyBSD 2.8
34. Agent: Installation
different options
distribution packages
Debian, Fedora, EPEL, Ubuntu, Mageia, ...
Windows installer
GPO, psexec, ...
static prebuilt packages, untar and run
62 differents system so far
tarball or CPAN installation
35. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
36. Network discovery
FusionInventory can do fast network inventory using
NMAP
NetBios
SNMP query
37. Network discovery
During this step, we identify
Network information
Windows domain information
SNMP device name (sysdesc)
38. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
39. SNMP: History
History of SNMP
Standard protocole
First RFC: 1988
Created for monitoring devices
Tree different version 1, 2c, 3 (Encryption)
OID: an address per information
MIB: definition of OID addresses
40. SNMP: For what?
How we use SNMP?
Identify devices remotly (switch, router, printer...)
Inventory devices using SNMP
Get all important information
41. SNMP: The MIB nightmare?
All people say us: MIB exist use it!
Yes but...
Most of the time hard to find
Not always free (like in FreeSoftware)
Important information may be missing
Worst! They are sometime wrong depending on
device model/firmware
42. SNMP: The MIB nightmare?
All people say us: MIB exist use it!
Yes but...
Most of the time hard to find
Not always free (like in FreeSoftware)
Important information may be missing
Worst! They are sometime wrong depending on
device model/firmware
43. SNMP: The MIB nightmare?
All people say us: MIB exist use it!
Yes but...
Most of the time hard to find
Not always free (like in FreeSoftware)
Important information may be missing
Worst! They are sometime wrong depending on
device model/firmware
44. SNMP: The MIB nightmare?
All people say us: MIB exist use it!
Yes but...
Most of the time hard to find
Not always free (like in FreeSoftware)
Important information may be missing
Worst! They are sometime wrong depending on
device model/firmware
45. SNMP: The MIB nightmare?
All people say us: MIB exist use it!
Yes but...
Most of the time hard to find
Not always free (like in FreeSoftware)
Important information may be missing
Worst! They are sometime wrong depending on
device model/firmware
46. SNMP: An example
Example: Cisco 6500 firmware
12.2(33)SXI2a (02-Sep-09 01:00)
Serial OID:
.1.3.6.1.2.1.47.1.1.1.1.11.1
12.2(33)SXI3 (27-Oct-09 11:12)
Serial OID:
.1.3.6.1.2.1.47.1.1.1.1.11.2⇐=
WTF?!
47. SNMP: How do we unfuck this mess?
We create our own MIB like files
XML files
Relation between OID and information
e.g: serial number is oid .1.3...
Simple or dynamic OID
a serial number or name of each port
48. SNMP: Network switch (1/3)
Network switch
Serial number
Manufacturer
Model
Firmware
Mac address
CPU/RAM load
etc
49. SNMP: Network switch (2/3)
Switch port
Name
Network speed
Port status (enabled / disabled)
Errors input & output
VLAN
Trunk (tagged)
Active connection
50. SNMP: Network switch (3/3)
Connections per port
Mac addresses
one or many on some case
LLDP and CDP neighborhood
dialog and information between switches
55. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
56. Wake On Lan
What?
awake computer.
How?
Send the Magic Packet with agent
Raw ethernet packet (only from linux computer)
else, UDP packet
Benefit
no firewall issue
nor special routage rule needed
57. Wake On Lan
What?
awake computer.
How?
Send the Magic Packet with agent
Raw ethernet packet (only from linux computer)
else, UDP packet
Benefit
no firewall issue
nor special routage rule needed
58. Wake On Lan
What?
awake computer.
How?
Send the Magic Packet with agent
Raw ethernet packet (only from linux computer)
else, UDP packet
Benefit
no firewall issue
nor special routage rule needed
59. Wake On Lan: Example (1/2)
What we have
A remote site
50 computers all under windows
What we want
start all at same time, at 2:00 am for maintenance
operation
60. Wake On Lan: Example (2/2)
Into GLPI with task management
Define computers to awake
Schedule it at 2:00AM
That’s all
61. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
62. Software Deployment: OCS Inventory
What?
OCS software deployment featuring peer to peer support
Benefit
no proxy nor mirror
bandwidth-friendly
OS independent
63. Software Deployment: FusionInventory
What?
FusionInventory deployment
Why a new software deployment?
Same user interface
rights based on GLPI group/profile/entity
Secure: HTTPS and sha512
Sexy interface using ExtJS
67. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
69. vCenter/ESX/ESXi
The solution
FusionInventory is able to connect to the machine using
VMware SOAP API to get:
Hardware inventory
VirtualMachine list
vCenter
vCenter are an interface in front of a group of ESX/ESXi.
Hardware inventory
ESX/ESXi inventories
70. vCenter/ESX/ESXi: command line
f u s i o n i n v e n t o r y −esx −−host vcenter −−user foo
−−password bar −−d i r e c t o r y /tmp
Then you can push the generated files in the server:
f u s i o n i n v e n t o r y −i n j e c t o r −v −− f i l e /tmp / ∗ . ocs
−u h t t p s : / / g l p i / p l u g i n s / f u s i o n i n v e n t o r y /
71. vCenter/ESX/ESXi: from GLPI
You can drive the ESX
inventory directly from GLPI
Create a credential
Associate it to an
vCenter/ESX/ESXi server
Schedule the discovery
74. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
75. Inventory
The agent collects and send information
System: DNS, IP AntiVirus, users, serials, etc
,
Hardware: CPUs, storage, etc
Phone configuration: SIM card, IMEI, serial Android only
And more
76. The inventory content
This section presents information collected in
FusionInventory inventory.
77. Inventory: Generic machine information (1/3)
USERID The current user list, ’/’ is the delimiter. This field
is deprecated, you should use the USERS
section instead.
OSNAME
OSVERSION
OSCOMMENTS Service Pack on Windows, kernel build
date on Linux
NAME
SWAP The swap space in MB.
78. Inventory: Generic machine information (2/3)
IPADDR
WORKGROUP
DESCRIPTION Computer description (Windows only so far)
MEMORY Total system memory in MB
UUID
DNS
LASTLOGGEDUSER The login of the last logged user.
USERDOMAIN This field is deprecated, you should use the
USERS section instead.
DATELASTLOGGEDUSER
79. Inventory: Generic machine information (3/3)
DEFAULTGATEWAY
VMSYSTEM The virtualization technologie used if the
machine is a virtual machine. Can by:
Physical: (default) Xen VirtualBox Virtual
Machine: Generic if it’s not possible to
correctly identify the solution VMware: ESX,
ESXi, server, etc QEMU SolarisZone VServer
OpenVZ BSDJail Parallels Hyper-V
WINOWNER
WINPRODID
WINPRODKEY
WINCOMPANY
WINLANG Language code of the Windows
CHASSIS TYPE The computer chassis format (e.g:
Notebook, Laptop, Server, etc)
80. Inventory: BIOS
SMODEL System model
SMANUFACTURER System manufacturer
SSN System Serial number
BDATE BIOS release date
BVERSION The BIOS revision
BMANUFACTURER BIOS manufacturer
MMANUFACTURER Motherboard Manufacturer
MSN Motherboard Serial
MMODEL Motherboard model
ASSETTAG
ENCLOSURESERIAL
BASEBOARDSERIAL
BIOSSERIAL The optional asset tag for this machine.
81. Inventory: PCI cards
DRIVER
NAME The device name, the on from the PCIIDs DB
MANUFACTURER The manifacturer name, the on from the
PCIIDs DB
PCICLASS The PCI class ID
PCIID The PCI ID, e.g: 8086:2a40 (only for PCI device)
PCISUBSYSTEMID The PCI subsystem ID, e.g: 8086:2a40
(only for PCI device)
PCISLOT The PCI slot, e.g: 00:02.1 (only for PCI device)
TYPE The controller revision, e.g: rev 02. This field
may be renamed in the future.
REV Revision of the device in the XX format (e.g:
04)
82. Inventory: Memories
DESCRIPTION
FORMFACTOR Only available on Windows, See
Win32 PhysicalMemory documentation on
MSDN.
PURPOSE Only avalaible on Windows, See
Win32 PhysicalMemory documentation on
MSDN.
SPEED In Mhz, e.g: 800
TYPE
NUMSLOTS Eg. 2, start at 1, not 0
SERIALNUMBER
83. Inventory: CPUs
CACHESIZE The total CPU cache size in KB. e.g: 3072
CORE Number of core.
DESCRIPTION
MANUFACTURER AMD/Intel/Transmeta/Cyrix/VIA
NAME The name of the CPU, e.g: Intel(R) Core(TM)2
Duo CPU P8600 @ 2.40GHz
THREAD Number of thread per core.
SERIAL Serial number
SPEED Frequency in MHz
ID The CPU ID:
http://en.wikipedia.org/wiki/CPUID
84. Inventory: Filesystems
CREATEDATE Date of creation of the filesystem in
DD/MM/YYYY format.
DESCRIPTION
FREE Free space (MB)
FILESYSTEM File system name. e.g: ext3
LABEL Name of the partition given by the user.
LETTER Windows driver letter. Windows only
SERIAL Partition serial number or UUID
SYSTEMDRIVE Boolean. Is this the system partition?
TOTAL Total space available (MB)
TYPE The mount point on UNIX.
VOLUMN System name of the partition (e.g: /dev/sda1
or server:/directory for NFS)
85. Inventory: Storage devices
DESCRIPTION The long name of the device displayed to
the user.
DISKSIZE The disk size in MB.
INTERFACE INTERFACE can be
SCSI/HDC/IDE/USB/1394/Serial-ATA/SAS or
empty if unknown
MANUFACTURER
MODEL The commercial name of the device
NAME The name of the device as seen by the
system.
TYPE The kind of device. There is no standard for
the format of the string in this field.
SERIAL The harddrive serial number
FIRMWARE Firmware version
SCSI COID, CHID, UNID and LUN
WWN World Wide Name http://fr.wikipedia.
org/wiki/World_Wide_Name
86. Inventory: Softwares
NAME
COMMENTS
FILESIZE
PUBLISHER
FOLDER
FROM Where the information about the software
came from, can be: registry, rpm, deb, etc
INSTALLDATE Installation day in DD/MM/YYYY format.
Windows only.
NO REMOVE Can the software be removed.
RELEASE TYPE Windows only for now, come from the
registry
UNINSTALL STRING Windows only, come from the registry
URL INFO ABOUT
VERSION
IS64BIT If the software is in 32 or 64bit, (1/0)
GUID Windows software GUID
87. Inventory: Virtual machines
MEMORY Memory size, in MB.
NAME The name of the virtual machine.
UUID
STATUS The VM status: running, idle, paused,
shutdown, crashed, dying, off
SUBSYSTEM The virtualisation software. E.g: VmWare ESX
VMTYPE The name of the virtualisation system family.
The same type found is HARDWARE/VMSYSTEM
VCPU Number of CPU affected to the virtual
machine
VMID The ID of virtual machine in the virtual
managment system.
MAC The list of the MAC addresses of the virtual machine. The d
is ’/’. e.g: 00:23:18:91:db:8d/00:23:57:31:sb:8e
COMMENT a comment
OWNER
88. Inventory: Network configuration (1/2)
A network configuration.
DESCRIPTION The name of the interface as seen in the OS
settings, e.g: eth0 (Linux) or AMD PCNET
Family Ethernet Adapter (Windows)
DRIVER The name of the driver used by the network
interface
IPADDRESS
IPDHCP The IP address of the DHCP server (optional).
IPGATEWAY
IPMASK
IPSUBNET
89. Inventory: Network configuration (2/2)
MACADDR
MTU
PCISLOT The PCI slot name.
STATUS Up or Down
TYPE Interface type: Ethernet, Wifi
VIRTUALDEV If the interface exist or not (1 or empty)
SLAVES Bonded interfaces list in the eth0/eth1/eth2
format (/ is the separator).
MANAGEMENT Whether or not it is a HP iLO, Sun SC, HP
MP or other kind of Remote Management
Interface
SPEED Interface speed in Mb/s
BSSID Wifi only, Access point MAC Address
SSID Wifi only, Access point name
90. Inventory: And also
Logged users
Battery
Printer (with serial)
LVM configuration (Linux, AIX ≥ 2.1.10)
Screen and Video card
USB devices
Running processes
Environment variables
Port
Slot
Sound card
Modem
91. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions
92. What else? (1/2)
agent developement is very active
code clean up
larger test-suite, modern perl
architecture changes
event-driven programming, various executable
smaller memory footprint
93. What else? (1/2)
agent developement is very active
code clean up
larger test-suite, modern perl
architecture changes
event-driven programming, various executable
smaller memory footprint
94. What else? (2/2)
In test-suite we trust!
strong effort done during the last year
≥40 000 tests on the GLPI plugin and up to 2 000 on the
agent
with even stronger benefit so far
95. Our roadmap
What we are about to release
Android Agent, inventory done, finishing the GUI
FusionInventory for GLPI 0.80
featuring the configuration Wizard!
Debian package for fusioninventory-esx
Work in progress
Software deployment
OCS/XML → REST/JSON transition
FusionInventory Agent 2.2.x
96. Why JSON (1/2)
GET http : / / s r v /? action=getConfig&machineid=foobar
{
” httpd ” : {
” ip ” : ” 0 . 0 . 0 . 0 ” ,
” trust ” : [
”127.0.0.1”
],
” port ” : 62354
}
}
97. Why JSON (2/2)
REST/JSON benefit!
Way simpler
Already a standard in the IT management world
Puppet, OPSI, etc
Very small CPU/memory footprint
REST is easier to debug
REST is test-suite friendly using Test::HTTP::Server::Simple
98. Outline
Global Overview
Installation
Network Discovery
Remote SNMP Inventory
Wake On Lan
Software Deployment
vCenter/ESX/ESXi remote inventory
Inventory
What else?
Questions