AMT manager is now enabled by default, small fixes.

This commit is contained in:
Ylian Saint-Hilaire 2020-10-16 11:57:29 -07:00
parent 0aed255b69
commit 7b902f52e0
3 changed files with 53 additions and 25 deletions

View File

@ -55,7 +55,7 @@
"agentsInRam": { "type": "boolean", "default": false, "description": "Loads all agent binaries in RAM for faster agent updates." }, "agentsInRam": { "type": "boolean", "default": false, "description": "Loads all agent binaries in RAM for faster agent updates." },
"agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." }, "agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." },
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." }, "agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
"amtmanager": { "type": "boolean", "default": false, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." }, "amtmanager": { "type": "boolean", "default": true, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." },
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" }, "orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
"agentIdleTimeout": { "type": "integer", "minimum": 1 }, "agentIdleTimeout": { "type": "integer", "minimum": 1 },
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." }, "compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
@ -271,6 +271,33 @@
"MaxSingleUserSessions": { "type": "integer" } "MaxSingleUserSessions": { "type": "integer" }
} }
}, },
"amtManager": {
"type": "object",
"additionalProperties": false,
"description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.",
"properties": {
"amtAdminAccount": {
"description": "List of username and passwords to try when connecting to Intel AMT.",
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [ "pass" ],
"properties": {
"user": {
"description": "Intel AMT administrator username.",
"type": "string",
"default": "admin"
},
"pass": {
"description": "Intel AMT administrator password.",
"type": "string"
}
}
}
}
}
},
"amtAcmActivation": { "amtAcmActivation": {
"type": "object", "type": "object",
"additionalProperties": false, "additionalProperties": false,

View File

@ -137,7 +137,7 @@ function CreateMeshCentralServer(config, args) {
if ((obj.args.help == true) || (obj.args['?'] == true)) { if ((obj.args.help == true) || (obj.args['?'] == true)) {
console.log('MeshCentral v' + getCurrentVerion() + ', remote computer management web portal.'); console.log('MeshCentral v' + getCurrentVerion() + ', remote computer management web portal.');
console.log('This software is open source under Apache 2.0 licence.'); console.log('This software is open source under Apache 2.0 license.');
console.log('Details at: https://www.meshcommander.com/meshcentral2\r\n'); console.log('Details at: https://www.meshcommander.com/meshcentral2\r\n');
if ((obj.platform == 'win32') || (obj.platform == 'linux')) { if ((obj.platform == 'win32') || (obj.platform == 'linux')) {
console.log('Run as a background service'); console.log('Run as a background service');
@ -153,7 +153,7 @@ function CreateMeshCentralServer(config, args) {
console.log(' --noagentupdate Server will not update mesh agent native binaries.'); console.log(' --noagentupdate Server will not update mesh agent native binaries.');
console.log(' --listuserids Show a list of a user identifiers in the database.'); console.log(' --listuserids Show a list of a user identifiers in the database.');
console.log(' --cert [name], (country), (org) Create a web server certificate with [name] server name.'); console.log(' --cert [name], (country), (org) Create a web server certificate with [name] server name.');
console.log(' country and organization can optionaly be set.'); console.log(' country and organization can optionally be set.');
console.log(''); console.log('');
console.log('Server recovery commands, use only when MeshCentral is offline.'); console.log('Server recovery commands, use only when MeshCentral is offline.');
console.log(' --createaccount [userid] Create a new user account.'); console.log(' --createaccount [userid] Create a new user account.');
@ -1333,14 +1333,12 @@ function CreateMeshCentralServer(config, args) {
obj.meshScanner = require('./meshscanner.js').CreateMeshScanner(obj).start(); obj.meshScanner = require('./meshscanner.js').CreateMeshScanner(obj).start();
} }
// Setup the Intel AMT manager
if (obj.args.amtmanager == true) {
obj.amtManager = require('./amtmanager.js').CreateAmtManager(obj);
}
// Setup and start the MPS server // Setup and start the MPS server
if ((obj.args.lanonly != true) && (obj.args.mpsport !== 0)) { obj.mpsserver = require('./mpsserver.js').CreateMpsServer(obj, obj.db, obj.args, obj.certificates);
obj.mpsserver = require('./mpsserver.js').CreateMpsServer(obj, obj.db, obj.args, obj.certificates);
// Setup the Intel AMT manager
if (obj.args.amtmanager !== false) {
obj.amtManager = require('./amtmanager.js').CreateAmtManager(obj);
} }
// Setup and start the legacy swarm server // Setup and start the legacy swarm server

View File

@ -37,23 +37,26 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
//'/text.ico': { file: 'c:\\temp\\test.iso', maxserve: 3, maxtime: Date.now() + 15000 } //'/text.ico': { file: 'c:\\temp\\test.iso', maxserve: 3, maxtime: Date.now() + 15000 }
}; };
if (obj.args.mpstlsoffload) { // Set the MPS external port only if it's not set to zero and we are not in LAN mode.
obj.server = net.createServer(onConnection); if ((args.lanonly != true) && (args.mpsport !== 0)) {
} else { if (obj.args.mpstlsoffload) {
// Note that in oder to support older Intel AMT CIRA connections, we have to turn on TLSv1. obj.server = net.createServer(onConnection);
obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, minVersion: 'TLSv1', requestCert: true, rejectUnauthorized: false, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION }, onConnection); } else {
//obj.server.on('secureConnection', function () { /*console.log('tlsServer secureConnection');*/ }); // Note that in oder to support older Intel AMT CIRA connections, we have to turn on TLSv1.
//obj.server.on('error', function () { console.log('MPS tls server error'); }); obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, minVersion: 'TLSv1', requestCert: true, rejectUnauthorized: false, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION }, onConnection);
obj.server.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); }); //obj.server.on('error', function () { console.log('MPS tls server error'); });
obj.server.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); }); obj.server.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
obj.server.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
}
obj.server.listen(args.mpsport, args.mpsportbind, function () {
console.log("MeshCentral Intel(R) AMT server running on " + certificates.AmtMpsName + ":" + args.mpsport + ((args.mpsaliasport != null) ? (", alias port " + args.mpsaliasport) : "") + ".");
obj.parent.authLog('mps', 'Server listening on ' + ((args.mpsportbind != null) ? args.mpsportbind : '0.0.0.0') + ' port ' + args.mpsport + '.');
}).on("error", function (err) { console.error("ERROR: MeshCentral Intel(R) AMT server port " + args.mpsport + " is not available."); if (args.exactports) { process.exit(); } });
obj.server.on('tlsClientError', function (err, tlssocket) { if (args.mpsdebug) { var remoteAddress = tlssocket.remoteAddress; if (tlssocket.remoteFamily == 'IPv6') { remoteAddress = '[' + remoteAddress + ']'; } console.log('MPS:Invalid TLS connection from ' + remoteAddress + ':' + tlssocket.remotePort + '.'); } });
} }
obj.server.listen(args.mpsport, args.mpsportbind, function () {
console.log("MeshCentral Intel(R) AMT server running on " + certificates.AmtMpsName + ":" + args.mpsport + ((args.mpsaliasport != null) ? (", alias port " + args.mpsaliasport) : "") + ".");
obj.parent.authLog('mps', 'Server listening on ' + ((args.mpsportbind != null) ? args.mpsportbind : '0.0.0.0') + ' port ' + args.mpsport + '.');
}).on("error", function (err) { console.error("ERROR: MeshCentral Intel(R) AMT server port " + args.mpsport + " is not available."); if (args.exactports) { process.exit(); } });
obj.server.on('tlsClientError', function (err, tlssocket) { if (args.mpsdebug) { var remoteAddress = tlssocket.remoteAddress; if (tlssocket.remoteFamily == 'IPv6') { remoteAddress = '[' + remoteAddress + ']'; } console.log('MPS:Invalid TLS connection from ' + remoteAddress + ':' + tlssocket.remotePort + '.'); } });
obj.parent.updateServerState('mps-port', args.mpsport); obj.parent.updateServerState('mps-port', args.mpsport);
obj.parent.updateServerState('mps-name', certificates.AmtMpsName); obj.parent.updateServerState('mps-name', certificates.AmtMpsName);
if (args.mpsaliasport != null) { obj.parent.updateServerState('mps-alias-port', args.mpsaliasport); } if (args.mpsaliasport != null) { obj.parent.updateServerState('mps-alias-port', args.mpsaliasport); }