| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 2663 |
| Technical Name |
xc_security_plus |
| License | OPL-1 |
XC Security Plus
Enterprise Security Suite for Odoo 19
🔐 Tamper-Proof Audit Logs
💾 AES-256 Encrypted Backup
🔍 Vulnerability Scanner
🛡️ GDPR & NIA Compliant
⚡ Odoo 19
€49 / one-time license
6
Security Pillars
AES‑256
Encryption Standard
<2 min
Setup Time
100%
Odoo 19 Compatible
Why XC Security Plus?
❌ Without XC Security Plus
No audit trail — you cannot see who changed what or when
No encrypted backup — your data is one server failure away from permanent loss
No vulnerability scanning — misconfigurations go undetected until exploited
Permanent deletion — a single mistaken delete is unrecoverable
No GDPR audit compliance — regulatory risk and potential fines
✅ With XC Security Plus
Every action logged with cryptographic integrity — tamper-proof
Automated daily backups encrypted with AES-256 including DB, files & addons
Automated security scans detect ACL, record rule and config vulnerabilities
Soft delete — records are never permanently lost, always restorable
Full GDPR Article 30 & 32 compliance out of the box
Key Features
Everything you need to secure your Odoo environment in one module
Tamper-Proof Audit Logs
- Logs every Create, Update, and Delete across all models
- Tracks login attempts with IP address and timestamp
- Before/after values captured on every change
- Cryptographic hash prevents record tampering
- GDPR-compliant retention & automated purge
AES-256 Encrypted Backup
- Full backup: Database + Filestore + All addons
- Military-grade AES-256 encryption before saving
- Scheduled: hourly / daily / weekly / monthly
- One-click manual backup from menu or Settings
- Configurable retention with auto-cleanup
Security Vulnerability Scanner
- Detects overly permissive ACL rules instantly
- Finds record rules with open domains
- Identifies models with no ACL protection
- Checks system configuration for weak policies
- Manual or fully automatic scheduled scans
Soft Delete & Data Protection
- Records marked as deleted — never lost permanently
- Every deletion logged with user, time & reason
- Manager approval workflow for sensitive deletions
- One-click restore for any soft-deleted record
- Audit log itself is hard-delete protected
IP Restriction & Rate Limiting
- Whitelist-based IP access control
- Supports individual IPs and CIDR ranges
- Auto-blocks IPs after failed login threshold
- Configurable window and attempt count
- All blocked attempts logged in audit trail
Security Health Dashboard
- Real-time security posture at a glance
- Latest scan results and backup status
- Color-coded severity indicators
- Auto-refreshes every 6 hours via cron
- Role-based: Admin / Analyst / Viewer
Screenshots
A complete walkthrough of every feature
Screenshot 1
📋 Audit Log — Complete Activity Tracking
Every action across your Odoo system is logged automatically — who did what, when, from which IP, and what values changed. The cryptographic hash makes it impossible to alter records without detection.
| Timestamp | User | Model | Action | Changed Fields | IP Address |
|---|---|---|---|---|---|
| 2026-03-12 09:14:33 | admin | res.users | UPDATE | password, groups_id | 192.168.1.10 |
| 2026-03-12 09:22:01 | ahmed.ali | account.move | CREATE | All fields — Invoice #INV/2026/001 | 10.0.0.45 |
| 2026-03-12 10:05:18 | manager | res.partner | UPDATE | email, phone, bank_ids | 192.168.1.22 |
| 2026-03-12 11:30:45 | admin | res.users | DELETE | SOFT DELETE — user_id: 47 deactivated | 192.168.1.10 |
| 2026-03-12 14:15:00 | system | odosec.backup | CREATE | Backup completed — 245 MB encrypted (AES-256) | localhost |
Screenshot 2
💾 Backup Manager — Encrypted Full Backups
Automated and manual backups of your entire Odoo environment — database, filestore, and all third-party addons — encrypted with AES-256 and stored securely.
| Date | Filename | Type | Size | Status |
|---|---|---|---|---|
| 2026-03-12 02:00 | odosec_krixoo_20260312_0200.tar.gz.enc | Scheduled | 247 KB | ✓ Done |
| 2026-03-11 02:00 | odosec_krixoo_20260311_0200.tar.gz.enc | Scheduled | 244 KB | ✓ Done |
| 2026-03-10 15:33 | odosec_krixoo_20260310_1533.tar.gz.enc | Manual | 241 KB | ✓ Done |
| 2026-03-09 02:00 | odosec_krixoo_20260309_0200.tar.gz.enc | Scheduled | 238 KB | ✓ Done |
Screenshot 3
🔍 Security Scan — Vulnerability Detection
Automated vulnerability scanning detects ACL misconfigurations, weak record rules, exposed models, and missing security policies — before attackers do.
| Severity | Category | Finding | Remediation |
|---|---|---|---|
| ● CRITICAL | ACL | Public group has write access on account.move | Remove write/delete permissions from public group |
| ● HIGH | ACL | Portal users can create sale.order records | Restrict ACL to internal users only |
| ● MEDIUM | Record Rules | Unrestricted global rule on res.partner | Add group restriction or narrow the domain |
| ● MEDIUM | Configuration | No minimum password length policy set | Set minimum password length to 12+ characters |
| ● LOW | Model Exposure | Custom model without ACL definition | Add ACL entries in ir.model.access.csv |
Screenshot 4
⚙️ Settings — Centralized Security Configuration
All security settings in one place inside Odoo's standard Settings menu. Configure audit retention, backup schedules, scan frequency, IP restrictions, and rate limiting without leaving Settings.
📋 Audit Log
Log Record Updates
Track all modifications with before/after values
Log Login Attempts
Track successful and failed login attempts with IP
Retention Period
365 days
💾 Backup
AES-256 Encryption
Encrypt all backup files before saving to disk
Scheduled Backup
Daily at 02:00
Backup Directory
/var/backups/odosec
🔍 Security Scan
Scan Mode
⚡ Automatic (Scheduled)
Notify Admin on Critical Findings
Send notification when critical issues are detected
Screenshot 5
🗂️ Navigation — Clean & Intuitive Menu
XC Security Plus integrates seamlessly into Odoo's top navigation bar. All security features are accessible in just 2 clicks from the XC Security Plus menu.
Feature Comparison
| Feature | XC Security Plus | Basic Security | No Module |
|---|---|---|---|
| Tamper-proof Audit Log | ✓ | ✗ | ✗ |
| AES-256 Encrypted Backup | ✓ | ✗ | ✗ |
| Full Backup (DB + Files + Addons) | ✓ | ✗ | ✗ |
| Soft Delete with Audit Trail | ✓ | ✗ | ✗ |
| Security Vulnerability Scanner | ✓ | ✗ | ✗ |
| IP Restriction & Rate Limiting | ✓ | ✗ | ✗ |
| Centralized Security Dashboard | ✓ | ✗ | ✗ |
| GDPR & NIA Compliance Ready | ✓ | ✗ | ✗ |
| Role-Based Access (3 Levels) | ✓ | ✓ | ✗ |
| Scheduled Auto Backup | ✓ | ✓ | ✗ |
| One-Click Manual Backup | ✓ | ✓ | ✓ |
Compliance & Standards
XC Security Plus is designed to help you meet major security and privacy regulations
GDPR Article 30
Maintain records of processing activities with a complete, tamper-proof audit trail of every data access and modification.
GDPR Article 32
Implement encryption of personal data at rest. AES-256 encrypted backups ensure compliance with technical security measures.
NIA Controls
Access control, audit logging, and security monitoring align with National Information Assurance framework requirements.
OWASP Top 10
Vulnerability scanning detects broken access control, security misconfiguration, and identification & authentication failures.
Technical Specifications
Requirements
Odoo VersionOdoo 19 (Community & Enterprise)
Python3.10+
DatabasePostgreSQL 14+
Python Librarycryptography (AES-256)
Backup EngineOdoo built-in dump_db API
LicenseOPL-1
Security Architecture
EncryptionAES-256 (cryptography lib)
Audit IntegritySHA-256 tamper hash per record
Access ControlLeast-privilege 3-tier RBAC
RolesAdmin / Analyst / Viewer
Scan TypesACL / Rules / Models / Config / Full
Backup CoverageDB + Filestore + Addons
Quick Installation
Up and running in under 2 minutes
1
Download from Odoo App Store
Purchase and download XC Security Plus from apps.odoo.com. Extract the ZIP file on your server.
2
Copy to Addons Directory
Copy the
xc_security_plus folder to your Odoo addons path.cp -r xc_security_plus /usr/lib/python3/dist-packages/odoo/addons/
3
Install Python Dependency
XC Security Plus requires the
cryptography library for AES-256 encryption.pip install cryptography --break-system-packages
4
Restart Odoo & Install
Restart Odoo, then go to Apps → Update App List → search "XC Security Plus" → Install.
sudo systemctl restart odoo
5
Configure & Done 🎉
Go to Settings → XC Security Plus to configure backup schedules, scan frequency, retention periods, and all security features to your needs.
🔐 Secure Your Odoo Today
Join businesses that trust XC Security Plus to protect their Odoo environment with enterprise-grade security.
€49
One-time license · Odoo 19 · OPL-1 · Immediate download after purchase
Get XC Security Plus →
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module