AMT manager is now enabled by default, small fixes.
This commit is contained in:
parent
0aed255b69
commit
7b902f52e0
|
@ -55,7 +55,7 @@
|
||||||
"agentsInRam": { "type": "boolean", "default": false, "description": "Loads all agent binaries in RAM for faster agent updates." },
|
"agentsInRam": { "type": "boolean", "default": false, "description": "Loads all agent binaries in RAM for faster agent updates." },
|
||||||
"agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." },
|
"agentPing": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval and expects a response from the agent." },
|
||||||
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
|
"agentPong": { "type": "integer", "minimum": 1, "description": "When specified, sends data to the agent at x seconds interval." },
|
||||||
"amtmanager": { "type": "boolean", "default": false, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." },
|
"amtmanager": { "type": "boolean", "default": true, "description": "When enabled, MeshCentral will automatically monitor and manage Intel AMT devices." },
|
||||||
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
|
"orphanAgentUser": { "type": "string", "default": null, "description": "If an agent attempts to connect to a unknown device group, automatically create a new device group and grant access to the specified user. Example: admin" },
|
||||||
"agentIdleTimeout": { "type": "integer", "minimum": 1 },
|
"agentIdleTimeout": { "type": "integer", "minimum": 1 },
|
||||||
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
|
"compression": { "type": "boolean", "default": true, "description": "Enables GZIP compression for web requests." },
|
||||||
|
@ -271,6 +271,33 @@
|
||||||
"MaxSingleUserSessions": { "type": "integer" }
|
"MaxSingleUserSessions": { "type": "integer" }
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"amtManager": {
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false,
|
||||||
|
"description": "Information passed to the AMT manager module that impacts all Intel AMT device managed within this domain.",
|
||||||
|
"properties": {
|
||||||
|
"amtAdminAccount": {
|
||||||
|
"description": "List of username and passwords to try when connecting to Intel AMT.",
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false,
|
||||||
|
"required": [ "pass" ],
|
||||||
|
"properties": {
|
||||||
|
"user": {
|
||||||
|
"description": "Intel AMT administrator username.",
|
||||||
|
"type": "string",
|
||||||
|
"default": "admin"
|
||||||
|
},
|
||||||
|
"pass": {
|
||||||
|
"description": "Intel AMT administrator password.",
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"amtAcmActivation": {
|
"amtAcmActivation": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"additionalProperties": false,
|
"additionalProperties": false,
|
||||||
|
|
|
@ -137,7 +137,7 @@ function CreateMeshCentralServer(config, args) {
|
||||||
|
|
||||||
if ((obj.args.help == true) || (obj.args['?'] == true)) {
|
if ((obj.args.help == true) || (obj.args['?'] == true)) {
|
||||||
console.log('MeshCentral v' + getCurrentVerion() + ', remote computer management web portal.');
|
console.log('MeshCentral v' + getCurrentVerion() + ', remote computer management web portal.');
|
||||||
console.log('This software is open source under Apache 2.0 licence.');
|
console.log('This software is open source under Apache 2.0 license.');
|
||||||
console.log('Details at: https://www.meshcommander.com/meshcentral2\r\n');
|
console.log('Details at: https://www.meshcommander.com/meshcentral2\r\n');
|
||||||
if ((obj.platform == 'win32') || (obj.platform == 'linux')) {
|
if ((obj.platform == 'win32') || (obj.platform == 'linux')) {
|
||||||
console.log('Run as a background service');
|
console.log('Run as a background service');
|
||||||
|
@ -153,7 +153,7 @@ function CreateMeshCentralServer(config, args) {
|
||||||
console.log(' --noagentupdate Server will not update mesh agent native binaries.');
|
console.log(' --noagentupdate Server will not update mesh agent native binaries.');
|
||||||
console.log(' --listuserids Show a list of a user identifiers in the database.');
|
console.log(' --listuserids Show a list of a user identifiers in the database.');
|
||||||
console.log(' --cert [name], (country), (org) Create a web server certificate with [name] server name.');
|
console.log(' --cert [name], (country), (org) Create a web server certificate with [name] server name.');
|
||||||
console.log(' country and organization can optionaly be set.');
|
console.log(' country and organization can optionally be set.');
|
||||||
console.log('');
|
console.log('');
|
||||||
console.log('Server recovery commands, use only when MeshCentral is offline.');
|
console.log('Server recovery commands, use only when MeshCentral is offline.');
|
||||||
console.log(' --createaccount [userid] Create a new user account.');
|
console.log(' --createaccount [userid] Create a new user account.');
|
||||||
|
@ -1333,14 +1333,12 @@ function CreateMeshCentralServer(config, args) {
|
||||||
obj.meshScanner = require('./meshscanner.js').CreateMeshScanner(obj).start();
|
obj.meshScanner = require('./meshscanner.js').CreateMeshScanner(obj).start();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup the Intel AMT manager
|
|
||||||
if (obj.args.amtmanager == true) {
|
|
||||||
obj.amtManager = require('./amtmanager.js').CreateAmtManager(obj);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Setup and start the MPS server
|
// Setup and start the MPS server
|
||||||
if ((obj.args.lanonly != true) && (obj.args.mpsport !== 0)) {
|
obj.mpsserver = require('./mpsserver.js').CreateMpsServer(obj, obj.db, obj.args, obj.certificates);
|
||||||
obj.mpsserver = require('./mpsserver.js').CreateMpsServer(obj, obj.db, obj.args, obj.certificates);
|
|
||||||
|
// Setup the Intel AMT manager
|
||||||
|
if (obj.args.amtmanager !== false) {
|
||||||
|
obj.amtManager = require('./amtmanager.js').CreateAmtManager(obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Setup and start the legacy swarm server
|
// Setup and start the legacy swarm server
|
||||||
|
|
33
mpsserver.js
33
mpsserver.js
|
@ -37,23 +37,26 @@ module.exports.CreateMpsServer = function (parent, db, args, certificates) {
|
||||||
//'/text.ico': { file: 'c:\\temp\\test.iso', maxserve: 3, maxtime: Date.now() + 15000 }
|
//'/text.ico': { file: 'c:\\temp\\test.iso', maxserve: 3, maxtime: Date.now() + 15000 }
|
||||||
};
|
};
|
||||||
|
|
||||||
if (obj.args.mpstlsoffload) {
|
// Set the MPS external port only if it's not set to zero and we are not in LAN mode.
|
||||||
obj.server = net.createServer(onConnection);
|
if ((args.lanonly != true) && (args.mpsport !== 0)) {
|
||||||
} else {
|
if (obj.args.mpstlsoffload) {
|
||||||
// Note that in oder to support older Intel AMT CIRA connections, we have to turn on TLSv1.
|
obj.server = net.createServer(onConnection);
|
||||||
obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, minVersion: 'TLSv1', requestCert: true, rejectUnauthorized: false, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION }, onConnection);
|
} else {
|
||||||
//obj.server.on('secureConnection', function () { /*console.log('tlsServer secureConnection');*/ });
|
// Note that in oder to support older Intel AMT CIRA connections, we have to turn on TLSv1.
|
||||||
//obj.server.on('error', function () { console.log('MPS tls server error'); });
|
obj.server = tls.createServer({ key: certificates.mps.key, cert: certificates.mps.cert, minVersion: 'TLSv1', requestCert: true, rejectUnauthorized: false, ciphers: "HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", secureOptions: constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_COMPRESSION }, onConnection);
|
||||||
obj.server.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
|
//obj.server.on('error', function () { console.log('MPS tls server error'); });
|
||||||
obj.server.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
|
obj.server.on('newSession', function (id, data, cb) { if (tlsSessionStoreCount > 1000) { tlsSessionStoreCount = 0; tlsSessionStore = {}; } tlsSessionStore[id.toString('hex')] = data; tlsSessionStoreCount++; cb(); });
|
||||||
|
obj.server.on('resumeSession', function (id, cb) { cb(null, tlsSessionStore[id.toString('hex')] || null); });
|
||||||
|
}
|
||||||
|
|
||||||
|
obj.server.listen(args.mpsport, args.mpsportbind, function () {
|
||||||
|
console.log("MeshCentral Intel(R) AMT server running on " + certificates.AmtMpsName + ":" + args.mpsport + ((args.mpsaliasport != null) ? (", alias port " + args.mpsaliasport) : "") + ".");
|
||||||
|
obj.parent.authLog('mps', 'Server listening on ' + ((args.mpsportbind != null) ? args.mpsportbind : '0.0.0.0') + ' port ' + args.mpsport + '.');
|
||||||
|
}).on("error", function (err) { console.error("ERROR: MeshCentral Intel(R) AMT server port " + args.mpsport + " is not available."); if (args.exactports) { process.exit(); } });
|
||||||
|
|
||||||
|
obj.server.on('tlsClientError', function (err, tlssocket) { if (args.mpsdebug) { var remoteAddress = tlssocket.remoteAddress; if (tlssocket.remoteFamily == 'IPv6') { remoteAddress = '[' + remoteAddress + ']'; } console.log('MPS:Invalid TLS connection from ' + remoteAddress + ':' + tlssocket.remotePort + '.'); } });
|
||||||
}
|
}
|
||||||
|
|
||||||
obj.server.listen(args.mpsport, args.mpsportbind, function () {
|
|
||||||
console.log("MeshCentral Intel(R) AMT server running on " + certificates.AmtMpsName + ":" + args.mpsport + ((args.mpsaliasport != null) ? (", alias port " + args.mpsaliasport) : "") + ".");
|
|
||||||
obj.parent.authLog('mps', 'Server listening on ' + ((args.mpsportbind != null) ? args.mpsportbind : '0.0.0.0') + ' port ' + args.mpsport + '.');
|
|
||||||
}).on("error", function (err) { console.error("ERROR: MeshCentral Intel(R) AMT server port " + args.mpsport + " is not available."); if (args.exactports) { process.exit(); } });
|
|
||||||
|
|
||||||
obj.server.on('tlsClientError', function (err, tlssocket) { if (args.mpsdebug) { var remoteAddress = tlssocket.remoteAddress; if (tlssocket.remoteFamily == 'IPv6') { remoteAddress = '[' + remoteAddress + ']'; } console.log('MPS:Invalid TLS connection from ' + remoteAddress + ':' + tlssocket.remotePort + '.'); } });
|
|
||||||
obj.parent.updateServerState('mps-port', args.mpsport);
|
obj.parent.updateServerState('mps-port', args.mpsport);
|
||||||
obj.parent.updateServerState('mps-name', certificates.AmtMpsName);
|
obj.parent.updateServerState('mps-name', certificates.AmtMpsName);
|
||||||
if (args.mpsaliasport != null) { obj.parent.updateServerState('mps-alias-port', args.mpsaliasport); }
|
if (args.mpsaliasport != null) { obj.parent.updateServerState('mps-alias-port', args.mpsaliasport); }
|
||||||
|
|
Loading…
Reference in New Issue