i-doit is a PHP-based CMDB with API access and optional integrations. Security hardening should focus on web stack hardening, strict role design, and protecting import/synchronization channels.
i-doit is typically deployed on Apache/Nginx with PHP and MySQL/MariaDB.
Required controls:
- enforce HTTPS only and redirect all HTTP traffic
- disable directory listing and direct access to non-public paths
- run supported PHP versions and keep extensions patched
¶ 2) Enforce strict role and rights model in i-doit
i-doit supports granular rights per modules/categories. Excess rights can expose sensitive infrastructure metadata.
Access policy:
- keep admin privileges limited to CMDB platform operators
- separate roles for read-only inventory, editors, and integration accounts
- review rights assignments periodically and remove stale users
¶ 3) Secure API and import connectors
i-doit is frequently connected to discovery and sync tools.
Integration controls:
- use dedicated API users for each integration source
- scope API permissions to required objects/categories only
- validate import mappings in staging before production synchronization
¶ 4) Protect attachments and exported reports
CMDB attachments often include network diagrams, credentials references, and system ownership docs.
Data handling controls:
- restrict upload/download permissions by role
- keep attachment storage on secured filesystem mounts
- encrypt backups containing attachments and DB dumps
¶ 5) Operational patching and recovery discipline
Operational baseline:
- track i-doit Community Edition updates from official channels
- test upgrades on staging clone before production rollout
- validate restore procedure for DB + uploaded files + config on a schedule
- i-doit knowledge base: https://kb.i-doit.com/
- i-doit Community Edition information: https://www.i-doit.com/i-doit/
- i-doit source repository: https://github.com/i-doit/i-doit
Any questions?
Feel free to contact us. Find all contact information on our contact page.