MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-01-13 07:53:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added agent signature locking support.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-05-29 12:35:27 -07:00
parent a799b9855a
commit c04666895c
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
meshcentral-config-schema.json
View File

@ -100,6 +100,7 @@
"agentLogDump": { "type": "boolean", "default": false, "description": "Automatically downloads all agent error logs into meshcentral-data/agenterrorlogs.txt." }, "agentLogDump": { "type": "boolean", "default": false, "description": "Automatically downloads all agent error logs into meshcentral-data/agenterrorlogs.txt." },
"agentCoreDump": { "type": "boolean", "default": false, "description": "Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps." }, "agentCoreDump": { "type": "boolean", "default": false, "description": "Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps." },
"agentCoreDumpUsers": { "type": "array", "description": "List of non-administrator users that have access to mesh agent crash dumps." }, "agentCoreDumpUsers": { "type": "array", "description": "List of non-administrator users that have access to mesh agent crash dumps." },
"agentSignLock": { "type": "boolean", "default": false, "description": "When code signing an agent using authenticode, lock the agent to only allow connection to this server. (This is in testing, the default value will change to true in the future)." },
"ignoreAgentHashCheck": { "type": [ "boolean", "string" ], "default": false, "description": "When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only. You can also set this to a comma seperated list of IP addresses to ignore, for example: \"192.168.2.100,192.168.1.0/24\"." }, "ignoreAgentHashCheck": { "type": [ "boolean", "string" ], "default": false, "description": "When true, the agent no longer checked the TLS certificate of the server. This should be used for debugging only. You can also set this to a comma seperated list of IP addresses to ignore, for example: \"192.168.2.100,192.168.1.0/24\"." },
"exactPorts": { "type": "boolean", "default": false }, "exactPorts": { "type": "boolean", "default": false },
"allowLoginToken": { "type": "boolean", "default": false }, "allowLoginToken": { "type": "boolean", "default": false },

3
meshcentral.js
View File

@ -2870,6 +2870,9 @@ function CreateMeshCentralServer(config, args) {
var xdomain = (domain.dns == null) ? domain.id : ''; var xdomain = (domain.dns == null) ? domain.id : '';
if (xdomain != '') xdomain += '/'; if (xdomain != '') xdomain += '/';
signUrl += '/' + xdomain; signUrl += '/' + xdomain;
// If requested, lock the agent to this server
if (obj.config.settings.agentsignlock) { signUrl += '?ServerID=' + obj.certificateOperations.getPublicKeyHash(obj.certificates.agent.cert).toUpperCase(); }
} }
// Load agent information file. This includes the data & time of the agent. // Load agent information file. This includes the data & time of the agent.

1
sample-config-advanced.json
View File

@ -59,6 +59,7 @@
"_userBlockedIP": "127.0.0.1,::1,192.168.0.100", "_userBlockedIP": "127.0.0.1,::1,192.168.0.100",
"_agentAllowedIP": "192.168.0.100/24", "_agentAllowedIP": "192.168.0.100/24",
"_agentBlockedIP": "127.0.0.1,::1", "_agentBlockedIP": "127.0.0.1,::1",
"_agentSignLock": true,
"_authLog": "c:\\temp\\auth.log", "_authLog": "c:\\temp\\auth.log",
"_InterUserMessaging": [ "user//admin" ], "_InterUserMessaging": [ "user//admin" ],
"_manageAllDeviceGroups": [ "user//admin" ], "_manageAllDeviceGroups": [ "user//admin" ],