Hard Drive Protection and Fog Client



  • Server
    • FOG Version: 1.3.0-RC-17
    • OS: Linux Debian
    Client
    • Service Version: 0.11.05
    • OS: Windows 10 64-bit
    Description

    Hi,
    i´ve got an Software Hard Drive Protection Solution for my System.

    This works about 2 or 3 days, but then the Fog Client cannot communicate with the Server and the following error is showing: “Unable to get subsection”+“Object not set to instance of Object” (more in the log).
    Then i reset the encryption data, so the token will be released.
    After that everything is working, until the next reboot, because my Hard Drive Protection now get the old State of the Machine with the old Security token.

    It is not a option to disable the Hard Drive Protection Solution.

    In my opinion there are two solutions, reset the security token after every boot, or dont change the security token afte the protection is enabled.

    Thank you for your help, and sorry for that bad english.

    Max Kern

    ----------------------------------UserTracker---------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:52 Client-Info Client Version: 0.11.5
     28.10.2016 11:52 Client-Info Client OS:      Windows
     28.10.2016 11:52 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:52 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:52 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
     28.10.2016 11:52 Middleware::Communication URL: http://192.168.1.5/fog/management/index.php?sub=requestClientInfo&configure&newService&json
     28.10.2016 11:52 Middleware::Response Success
     28.10.2016 11:52 Service Sleeping for 67 seconds
     28.10.2016 11:53 Middleware::Communication URL: http://192.168.1.5/fog/management/index.php?sub=requestClientInfo&mac=40:8D:5C:47:AC:48&newService&json
     28.10.2016 11:53 Middleware::Authentication Waiting for authentication timeout to pass
     28.10.2016 11:54 Middleware::Communication Download: http://192.168.1.5/fog/management/other/ssl/srvpublic.crt
     28.10.2016 11:54 Data::RSA FOG Server CA cert found
     28.10.2016 11:54 Middleware::Authentication Cert OK
     28.10.2016 11:54 Middleware::Communication POST URL: http://192.168.1.5/fog/management/index.php?sub=requestClientInfo&authorize&newService
     28.10.2016 11:54 Middleware::Response #!ist
     28.10.2016 11:54 Middleware::Response Success
     28.10.2016 11:54 Middleware::Communication URL: http://192.168.1.5/fog/service/getversion.php?clientver&newService&json
     28.10.2016 11:54 Middleware::Communication URL: http://192.168.1.5/fog/service/getversion.php?newService&json
    
     28.10.2016 11:54 Service Creating user agent cache
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    
    ------------------------------------------------------------------------------
    ---------------------------------ClientUpdater--------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response Success
    ------------------------------------------------------------------------------
    
    
    ------------------------------------------------------------------------------
    ----------------------------------TaskReboot----------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    
    ------------------------------------------------------------------------------
    --------------------------------HostnameChanger-------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    
    ------------------------------------------------------------------------------
    ---------------------------------SnapinClient---------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    
    ------------------------------------------------------------------------------
    --------------------------------PrinterManager--------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    
    ------------------------------------------------------------------------------
    --------------------------------PowerManagement-------------------------------
    ------------------------------------------------------------------------------
     28.10.2016 11:54 Client-Info Client Version: 0.11.5
     28.10.2016 11:54 Client-Info Client OS:      Windows
     28.10.2016 11:54 Client-Info Server Version: 1.3.0-RC-17
     28.10.2016 11:54 Middleware::Response ERROR: Unable to get subsection
     28.10.2016 11:54 Middleware::Response ERROR: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.```

  • Moderator

    @Max-Kern Well just try and see. Clearly you know some SQL, I don’t think you need my help any further lol. All I ask is that if you tweak the script, share it here.



  • @Wayne-Workman Ah, ok it all goes over the DB.

    So if want to reset only one Group in, this example Group with id 2, i can do also:

    UPDATE hosts AS h INNER JOIN groupMembers AS s on h.hostID=s.gmhostID SET hostPubKey="", hostSecToken="", hostSecTime="0000-00-00 00:00:00" WHERE s.gmGroupID=2;
    

    If i want ít with the Group Name i must do a second join, but that shouldnt be the Problem.



  • @Joe-Schmitt it is a german solution named "Dr. Kaiser PC-Wächter/Drive "


  • Moderator

    The below script should do it, and it should work in Cron fine since I pathed out the mysql command dynamically.

    The software the forums uses, nodeBB, has a bug in it lately where it removes spaces from BASH scripts. In the below script where you see [[ and ]] There needs to be a space after [[ and a space before ]]

    #!/bin/bash
    
    #----- MySQL Credentials -----#
    snmysqluser=""
    snmysqlpass=""
    snmysqlhost=""
    # If user and pass is blank, leave just a set of double quotes like ""
    # if the db is local, set the host to just double quotes "" or "127.0.0.1" or "localhost"
    
    
    #----- Begin Program -----#
    
    mysql=$(command -v mysql)
    
    resetEncryptionForAll="UPDATE hosts SET hostPubKey=\"\", hostSecToken=\"\", hostSecTime=\"0000-00-00 00:00:00\""
    
    #Test lines to make sure the sql looks good.
    #echo
    #echo $resetEncryptionForAll
    #echo
    
    options="-sN"
    if [[ $snmysqlhost != "" ]]; then
            options="$options -h$snmysqlhost"
    fi
    if [[ $snmysqluser != "" ]]; then
            options="$options -u$snmysqluser"
    fi
    if [[ $snmysqlpass != "" ]]; then
            options="$options -p$snmysqlpass"
    fi
    options="$options -D fog -e"
    
    
    #Do it
    $mysql $options "$resetEncryptionForAll"
    

  • Senior Developer

    @Max-Kern for reference what hard drive protection software are you using?



  • Thank you @Wayne-Workman.
    Maybe this is also a solution for People with simular Problems.


  • Moderator

    @Max-Kern said in Hard Drive Protection and Fog Client:

    i want to reset the token from the fog Server itselfe, with a cron Job.

    That’s not as bad. I can write a script for you to do it.What OS are you using for the FOG Server?

    EDIT
    duh, read wayne. You’re using Debian.


  • Moderator

    @Joe-Schmitt said in Hard Drive Protection and Fog Client:

    e.g. deep freeze has thaw sections

    Centurion Smart Shield, a locking software I have experience with, also has what they call “Persistent” partitions. A.K.A. the P:\ drive.



  • @Joe-Schmitt maybe thats a point, but this is not a solution for my Problem.
    I dont want to reset the token without authentication, i want to reset the token from the fog Server itselfe, with a cron Job.
    Maybe there will be a Security issue, but it is only Imaging and manage a Client and no real sensitiv Data.

    I also can search in the Script for the function call of the encryption data, but this is no clean way.


  • Senior Developer

    @Max-Kern Just because you can doesn’t mean you should. While that would fix the issue, it would provide a way for on-demand token resetting without any authentication. It completely breaks the client’s security model. To be blunt, any type of hard drive protection software that doesn’t have some exception list (e.g. deep freeze has thaw sections), is not a complete product.



  • Hi,
    in this solution there is no way for a whitelist.
    All other Programms are working fine.
    There is also no way to change this software because as a school we cannot quit this licens.

    I only need the call of the PHP script which perform the action of resetting the encryption data until we have another solution.

    Ive read something about users with dual boot system which have a simular issue is there a solution for that kind of Problem?


  • Senior Developer

    @Max-Kern I don’t know what hard drive protection solution you are using, but almost all ship with some kind of whitelist feature, where you can select certain files to persist between boots. Without that feature many pieces of software, such as the FOG Client, would not function.


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.