Help us to raise 5900 euros for anonymization of data plugin for GLPI!

Published on November 25, 2019 by Polina Marishicheva

GLPI "Anonymizer" plugin.


This plugin will allow the data anonymization in GLPI, directly from the web interface or with the command line, either unitarily or massively.


This plugin will be compatible with GLPI 9.4 and higher.



Task 1 - Anonymization profiles


To choose which elements and attributes to anonymize, it will be possible to configure "anonymization profiles".


Each profile will determine:

1. The type of element to which it applies (e.g. "User", "Computer");

2. For each element fields (e.g.: "Name", "First name", "Serial number", "Place", "Status", etc ...), the strategy to apply among:

  • keep the value,
  • delete the value,
  • replace with a fixed value,
  • replace with a standard random value,
  • replace with a realistic random value;

3. The choice of the treatment to apply to the history of the element among:

  • delete the history,
  • deleting the history beyond a defined period and anonymization of the rest,
  • complete anonymization of the history;

4. The fields list for which the value must be searched for and replaced by third-party elements (e.g. descriptions of tickets and follow-ups, notes);

5. If this profile is the default profile to apply to the concerned type of element.


Default profiles will be pre-filled while the installation process of the plugin for the elements most likely to be anonymized, e.g.: "User", "Computer".


Task 2 - Anonymization in "Massive Action”


An action "Anonymize" will be available within the massive actions in the different lists of GLPI.

If the selection of the elements to be anonymized is >/= (greater or equal) 5, a message will be displayed to advise the users to use the anonymization command line (for better performance or to have an unlimited processing time).

This action will consist of the following steps:

1. Choosing the profiles to anonymize;

2. Entering values ​​for fields which strategy is "replacement by a fixed value" (the default value entered in the profile will be pre-filled).


Task 3 - Anonymization in "Command Line" (CLI)


A command will be added to the CLI console of GLPI (bin / console) in order to be able to propose either a treatment of the whole of one or more types of elements in a single operation, or of a targeted treatment similar to that proposed in massive actions.


The arguments of the command will be:

  • --item-type = X | --item-type = all to define the type of element to be processed (several possible values, e.g. "User", "Computer", etc ...);
  • --item-id = X | --item-id = all to define the elements to be anonymized (several possible values, if the type of elements is multiple, the action "all" applies);
  • --profile = X | --profile = default to define the profile to apply


Task 4 - Generate standard random values


For selected attributes choosing "random values" will generate unrealistic data based on the data type on the database side.


Examples:

  • If TINYINT, a random boolean is generated;
  • If INT in database, a random integer is generated;
  • If VARCHAR in database, a (non-readable) sentence is generated;
  • If TEXT in database, a text (non-readable) composed of one or more paragraphs is generated;
  • If DATETIME in database, a date + time is generated;
  • Etc.


Task 5 - Generate realistic random values


The generation of "realistic" random values ​​will be based on the fzaninotto / Faker component that offers generation functions for a large number of data typologies, including names, addresses, e-mail, telephone, IP.


The plugin will be delivered in its first version with only the following realistic random typologies:

  • All foreign_key dropdown : random choice in the corresponding GLPI dropdown values
  • glpi_x.serial -> Base.randomAscii
  • glpi_x.otherserial -> Barcode.ean13
  • glpi_x.uuid -> Uuid.uuid
  • glpi_contacts.name -> Person.name
  • glpi_contacts.firstname -> Person.firstName
  • glpi_contacts.phone -> PhoneNumber.e164PhoneNumber
  • glpi_contacts.phone2 -> PhoneNumber.e164PhoneNumber
  • glpi_contacts.mobile -> PhoneNumber.e164PhoneNumber
  • glpi_contacts.fax -> PhoneNumber.e164PhoneNumber
  • glpi_contacts.email -> Internet.email
  • glpi_contacts.address -> Address.streetAddress
  • glpi_contacts.postcode -> Address.postcode
  • glpi_contacts.town -> Address.city
  • glpi_contacts.state -> Address.state
  • glpi_contacts.country -> Address.country
  • glpi_networkports.ip -> Internet.ipv4
  • glpi_networkports.mac -> Internet.macAddress
  • glpi_phones.number_line -> PhoneNumber.e164PhoneNumber
  • glpi_users.name -> Internet.userName
  • glpi_users.password -> Internet.password
  • glpi_users.phone -> PhoneNumber.e164PhoneNumber
  • glpi_users.phone2 -> PhoneNumber.e164PhoneNumber
  • glpi_users.mobile -> PhoneNumber.e164PhoneNumber
  • glpi_users.realname -> Person.name
  • glpi_users.firstname -> Person.firstName
  • glpi_users.language -> Miscellaneous.locale
  • glpi_useremails.email -> Internet.email


Task 6 - Replacing values ​​in third-party items


The usefulness, complexity and reliability of the replacement values ​​in third-party elements differs greatly according to the typology of the fields, so the processing will be defined in a unitary way as specified in the following table.

Outside the defined fields no replacement will be done.

This process will analyze all VARCHAR / TEXT fields in the database, except for the history table that will be processed in a specific way. The processing can therefore be long on a large database.


Task 7 - History processing


When a value is anonymized, a processing will be performed in the history of the concerned element to update the corresponding history entries. When data constituting the identification of a user (login, lastname, firstname) will be modified, it will be necessary to update the field glpi_logs.user_name to reflect these changes

Limitations


Anonymization will not be able to process freely entered values ​​in third-party elements that don't exactly match the initial value that has been moved.

For example :

  • if the anonymization is done for a user whose name is "Jean de La Fontaine"
  • a value such as "Jean de Lafontaine" will not be recognized and therefore not replaced.

The generation of random values ​​on foreign keys (excluding titles) will not be proposed, in order to avoid altering third-party elements and generating orphan entries in the database.