Agent Reference Guide

Agent Management

7min

Adding a Linux Agent

You can display the Agents installed in the target servers under the Linux Agent Management > Linux Agent tab.

Agents Installed in Target Servers List
Agents Installed in Target Servers List


To add a new agent:

  1. Navigate to Linux Agent Management > Linux Agent.
  2. Click the Add button.
  3. Download the setup script through the link and follow the installation guide.
Adding a New Agent
Adding a New Agent


If the setup key expires, a new key must be generated:

  1. Navigate to Linux Agent Management > Linux Agent.
  2. Click the Add Agent button.
  3. Click the Next button.
  4. Select a date period to generate a valid key.

After getting the newly generated key, follow the installation guide.

Generating New Installation Key
Generating New Installation Key


Agent Management Page Highlights

You can find the Agent information in the agent list screen. When an agent is registered in Kron PAM, the following information is retrieved from the server:

Initial Token Generation
Initial Token Generation


Table-1

Description of the Agent Page Fields

Options

Description

Version

Installed Agent Version

Status

Online, Offline, Online

Search

Search option for agents

Filter

Manually filter using keywords

View

Displays agents as a box or list view

Hostname

The hostname of the server

Registration Time

When the agent is registered in Kron PAM.

Device IP

The IP address of the server

Linux Icon

If the server is Linux-based, the icon will be a Linux icon

Windows Icon

If the server is Windows, the icon will be a Windows icon

There are also some available on the Agent operations listing screen:

Table 2

Agent Listing Screen Properties

Options

Description

Heartbeat

Graphically displays heartbeat status

Table 2

Agent Listing Screen Properties

Options

Description

File Integrity Monitoring

Opens the File Integrity Monitoring Settings menu

Agent Properties

Opens the agent configurations options menu

Remove

Deletes agent

Linux Agent Profile

In the Linux Agent profile menu, you can configure which privileges users will have on the target agent-installed Linux servers.

  1. Log in to the Kron PAM Web GUI.
  2. Navigate to Linux Agent.
  3. Open the Linux Agent Profile tab.
  4. Click the Add Profile button.
  5. Enter the profile information and click Save.
 Screen 1
Linux Agent Profile


Table 3

Table 3 Linux Agent Profile Properties

Parameter Name

Description

Profile name

Profile name to be displayed

Description

Profile description

Offline

Authentication

Button - When this option is active, if the communication between Kron PAM and the agent is interrupted for a certain period, the user to whom this profile is assigned continues to log in to the agent during the cache period, using the last valid password and policy settings.

Sudoer for users

Button - Users with this option active can use the ksudo command to run commands that require sudo authority.

Restricted hosts

It can include more than one value, separated by commas (,).

This option can prevent users from establishing SSH connections (using it as a jump server) to servers other than the servers where the agent is installed. SSH connections cannot be established to the given IP addresses over the server where the agent is installed. You can use the regular expression (regex).

Screen 2
Linux Agent Profile


Table 4

Linux Agent Profile – Screen 2 Field Descriptions

Parameter Name

Description

Check Policy Update Periodically

Button - If this option is active, changes to the user’s policy settings are updated regularly. Whether the agent’s policies are used by the agent when the user session starts and continues to use the same policies throughout the session.

Policy Update Check Period

If the previous option is selected, this determines how often the policy update will be done, on a minute basis.

User Add Policy

Determines the settings related to how users who connect to the server where the Agent is installed will be added to this server.

Create a New Group with Username

A user group with the same name as the connected user is created and the user is assigned to this new group.

Use Default Template

The user is created according to the rules set in the default settings of the agent.

Use Default Template with Group Definition

User and user groups are created according to the rules set in the agent's default settings.

User Add Template Group ID

When Use Default Template With Group Definition is selected, it is used to determine with which group id the group to be created will be created.

Local Shell

Determines which local shell the user will connect to. (i.e.: /bin/sh gibi)

Resource Limits

It determines with which limits the connected user can make transactions. It can have more than one value, separated by commas (,). (Ex: maxlogins = 2, nofile = 1024) Values that can be used: cpu: Max cpu time size: Max file size data: Max data size stack: Max stack size core: Max core file size rss: Max resident set nproc: Max number of processes nofile: Max number of open files memlock: Max locked memory as: Max address space locks: Max file locks spending: Max pending signals

msgqueue: Max msgqueue size nice: Max nice priority rtprio: Max realtime priority maxlogins: Max number of logins of user priority: The priority to run user processes with

Editing/Deleting Linux Agent Profiles You can edit/delete the created Linux Agent Profiles using the option buttons:

Linux Agent Profile Option Buttons
Linux Agent Profile Option Buttons