For security reasons you may want to introduce account locking, where after a set number of incorrect passwords users cannot log into their accounts even when they have the correct password. This can prevent brute force password attacks. Foreman allows admins to pick the account lock number from 1 to 5, or none (default). This is available in the “User & Account Options” Tab in “Administration”:
This is what a user would see when they are locked out:
Admins can unlock users in the “Validate, Reset, & Deactivate Users” tab in “Administration”. Note that the number of locked users is highlighted in the tab title in red:
If there are users locked out, and the admin changes the account lock setting from X attempts to No lockout, they are all automatically unlocked.
If your are part of a large organisation, then it is likely that you will have an evidence retention policy which states how long you should keep evidence (both physical and logical) after the case has been completed. Foreman now has an admin section where this policy can be applied:
When an ‘archived’ piece of evidence reaches the retention period (i.e. x number of months after the archival date), an email will be sent to the user who added the evidence initially into Foreman and all the current administrators (just in case that user is no longer in the team) so that they can destroy the evidence according to their policy. They can then update the evidence status in Foreman to ‘destroyed’ [More on Evidence statuses here]. To set up the emails, an automated daily task is required, for example using CRON (Linux) or Task Scheduler (Windows). The following script should be run once daily:
python run_foreman.py scheduled_tasks
When run, this checks all the currently archived pieces of evidence and sees if retention period has been set. If so, all those which are due destruction generate emails. A flag is set so that the email is only send once and not repeatedly. Please remember that the config file should point to the correct Foreman database and have an email server set up.
There are two options if a retention period is changed / no longer needed:
- Existing retention emails still required, and only evidence archived from this point should not have retention periods: Administrator should select “No” for Evidence Retention Reminders
- All retention emails should be stopped: Administrator should select “No” for Evidence Retention Reminders and tick Remove existing reminders
Administrators in the administration panel are now able to add some custom text to the top of all add/edit pages for cases, tasks and evidence. This may be useful to add specific instructions to users, links to URLs (internal procedures & policies, or external links such as the ACPO guidelines) or other information; so that Foreman can smoothly integrate with your team practices.
The screenshot below shows the ability to add custom text to the task add & edit pages:
The screenshot below shows the output of the custom text added to the ‘add task’ page. This will be the same text for the ‘edit task’ page, but the administrator can choose different text for cases and evidence.