GNU Health/Security

From Wikibooks, open books for an open world
Jump to: navigation, search

Securing Your GNU Health Environment[edit]

Security is a multi disciplinary task, involving components from networking, operating system, database and application (Tryton), to human resources, to name a few.

This page will try to give an overview of some basic concepts that will help you to enhance the access control to your system. We will also talk about enabling Public-key cryptography to sign documents and records from different models.

GNU Health Security Advisories[edit]

GNU Health releases Security Advisories (SA) anytime a vulnerability is found. The security advisory format is inspired on FreeBSD.

The GNU Health security advisories are sent to all subscribers in the "health-security" mailing list. See the "Resources" chapter to subscribe.

You can check the current security advisory list in https://ftp.gnu.org/gnu/health/security/security_advisories.html


Access Control[edit]

Default server Ports[edit]

The Tryton server JSON-RPC listens by default in port 8000. It's a advisable to change to another port in production environments.

Serverpass: The Server Password Utility[edit]

Serverpass utility allows you to easily change the Tryton server password of the super-user. The "super-user" is the one who can do administrative tasks on databases from the Tryton client (create, delete, backup, restore).

In current versions of Tryton (since 3.4) the password of the super user is encrypted. To facilitate the creation and update of the password, the serverpass utility is included, and automatically invoked at the end of the installation process. Serverpass uses cracklib, a package that enforces the use of "good" passwords, thus, enhancing the security of your server.

Running serverpasss from the Command Line[edit]

If you want to update your current password, you can run the serverpass command from the command line. The utility is located under $HOME/gnuhealth/tryton/server/util directory. For example:

gnuhealth@veganworld:~/gnuhealth/tryton/server/util $ python ./serverpass.py 
Using Tryton configuration file  /home/gnuhealth/gnuhealth/tryton/server/config/trytond.conf
Password: 
Again
Password: 
Configuration file updated with new password !

The server super user encrypted password has been updated, in the corresponding section of the trytond.conf file. Here is a sample of such file

[database]
uri = postgresql://localhost:5432
path = /home/gnuhealth/attach
[session]
super_pwd = JonB./CoLl8F6


Disable demo users in Production environments[edit]

GNU Health comes with a set of pre-defined users for demo purposes. They all have the suffix "demo_" ( demo_doctor, demo_front_desk, demo_nurse... ).

Please deactivate them in production environments.

To deactivate the users, follow the following path : Administration -> Users -> Users

Deactivation of demo users in production environments

In filters, you can choose : login name : demo_

Unset the "active" flag of each of them. The demo users are now de-activated in your environment.

Public-key Cryptography in GNU Health[edit]

GNU Health Cryptographic Module[edit]

Button to generate the electronic prescription and its message digest
Electronic prescription digest
Document verification in GNU Health cryptographic module shows an altered date.

The module goal is to achieve the concepts of confidentiality, integrity and non-repudiation in GNU Health.

The health_crypto module currently provides the following functionality:

  • Document Serialization
  • Document hashing (MD)
  • Document signing
  • Document verification

The module will work on records from models that will need this functionality such as prescription, patient evaluations, surgeries or lab tests.

The Serialization includes the information in a predefined format (JSON) and encoding (UTF8).

There will be a field that will contain the Message digest of the serialization process, and that will check for any changes. If the case of alteration of any fields

The signing process will be upon that Message Digest field, whereas the encryption process will work on row or column level.

Public-key / asymmetric cryptography will be used for signing the documents.


The standard models that are included are Prescription, Birth Certificate and Death Certificate. Of course, you can apply the functionality to any model that you feel like is necessary. In addition, and based on the community requests, we will incorporate new models in the next versions.

Using Digital Signatures in GNU Health[edit]

Using GPG in GNU Health to digitally sign a document
Validating a document signature using GPG in GNU Health

GNU Health works along with GNU Privacy Guard for digitally signing and verifying documents. Please refer to the GNU Health Plugins section for the installation

Reporting a security vulnerability[edit]

We take security very seriously, and we appreciate your help on this !

If you believe you have found a vulnerability in GNU Health, please send an email to security@gnusolidario.org

Backups and High-Availability · Troubleshooting