Agent Management

adding a linux agent you can display the agents installed in the target servers under the linux agent management > linux agent tab to add a new agent navigate to linux agent management > linux agent click the add button download the setup script through the link and follow the installation guide if the setup key expires, a new key must be generated navigate to linux agent management > linux agent click the add agent button click the next button select a date period to generate a valid key after getting the newly generated key, follow the installation guide agent management page highlights you can find the agent information in the agent list screen when an agent is registered in kron pam, the following information is retrieved from the server table 1 description of the agent page fields options description version installed agent version status online, offline, online search search option for agents filter manually filter using keywords view displays agents as a box or list view hostname the hostname of the server registration time when the agent is registered in kron pam device ip the ip address of the server linux icon if the server is linux based, the icon will be a linux icon windows icon if the server is windows, the icon will be a windows icon there are also some available on the agent operations listing screen table 2 agent listing screen properties options description heartbeat graphically displays heartbeat status table 2 agent listing screen properties options description file integrity monitoring opens the file integrity monitoring settings menu agent properties opens the agent configurations options menu remove deletes agent linux agent profile in the linux agent profile menu, you can configure which privileges users will have on the target agent installed linux servers log in to the kron pam web gui navigate to linux agent open the linux agent profile tab click the add profile button enter the profile information and click save table 3 table 3 linux agent profile properties parameter name description profile name profile name to be displayed description profile description offline authentication button when this option is active, if the communication between kron pam and the agent is interrupted for a certain period, the user to whom this profile is assigned continues to log in to the agent during the cache period, using the last valid password and policy settings sudoer for users button users with this option active can use the ksudo command to run commands that require sudo authority restricted hosts it can include more than one value, separated by commas (,) this option can prevent users from establishing ssh connections (using it as a jump server) to servers other than the servers where the agent is installed ssh connections cannot be established to the given ip addresses over the server where the agent is installed you can use the regular expression (regex) table 4 linux agent profile – screen 2 field descriptions parameter name description check policy update periodically button if this option is active, changes to the user’s policy settings are updated regularly whether the agent’s policies are used by the agent when the user session starts and continues to use the same policies throughout the session policy update check period if the previous option is selected, this determines how often the policy update will be done, on a minute basis user add policy determines the settings related to how users who connect to the server where the agent is installed will be added to this server create a new group with username a user group with the same name as the connected user is created and the user is assigned to this new group use default template the user is created according to the rules set in the default settings of the agent use default template with group definition user and user groups are created according to the rules set in the agent's default settings user add template group id when use default template with group definition is selected, it is used to determine with which group id the group to be created will be created local shell determines which local shell the user will connect to (i e /bin/sh gibi) resource limits it determines with which limits the connected user can make transactions it can have more than one value, separated by commas (,) (ex maxlogins = 2, nofile = 1024) values that can be used cpu max cpu time size max file size data max data size stack max stack size core max core file size rss max resident set nproc max number of processes nofile max number of open files memlock max locked memory as max address space locks max file locks spending max pending signals msgqueue max msgqueue size nice max nice priority rtprio max realtime priority maxlogins max number of logins of user priority the priority to run user processes with editing/deleting linux agent profiles you can edit/delete the created linux agent profiles using the option buttons