Agent Management
You can display the Agents installed in the target servers under the Linux Agent Management > Linux Agent tab.
To add a new agent:
- Navigate to Linux Agent Management > Linux Agent.
- Click the Add button.
- Download the setup script through the link and follow the installation guide.
If the setup key expires, a new key must be generated:
- Navigate to Linux Agent Management > Linux Agent.
- Click the Add Agent button.
- Click the Next button.
- Select a date period to generate a valid key.
After getting the newly generated key, follow the installation guide.
You can find the Agent information in the agent list screen. When an agent is registered in Kron PAM, the following information is retrieved from the server:
Table-1 | Description of the Agent Page Fields |
|---|---|
Options | Description |
Version | Installed Agent Version |
Status | Online, Offline, Online |
Search | Search option for agents |
Filter | Manually filter using keywords |
View | Displays agents as a box or list view |
Hostname | The hostname of the server |
Registration Time | When the agent is registered in Kron PAM. |
Device IP | The IP address of the server |
Linux Icon | If the server is Linux-based, the icon will be a Linux icon |
Windows Icon | If the server is Windows, the icon will be a Windows icon |
There are also some available on the Agent operations listing screen:
Table 2 | Agent Listing Screen Properties |
|---|---|
Options | Description |
Heartbeat | Graphically displays heartbeat status |
Table 2 | Agent Listing Screen Properties |
Options | Description |
File Integrity Monitoring | Opens the File Integrity Monitoring Settings menu |
Agent Properties | Opens the agent configurations options menu |
Remove | Deletes agent |
In the Linux Agent profile menu, you can configure which privileges users will have on the target agent-installed Linux servers.
- Log in to the Kron PAM Web GUI.
- Navigate to Linux Agent.
- Open the Linux Agent Profile tab.
- Click the Add Profile button.
- Enter the profile information and click Save.
Table 3 | Table 3 Linux Agent Profile Properties |
|---|---|
Parameter Name | Description |
Profile name | Profile name to be displayed |
Description | Profile description |
Offline Authentication | Button - When this option is active, if the communication between Kron PAM and the agent is interrupted for a certain period, the user to whom this profile is assigned continues to log in to the agent during the cache period, using the last valid password and policy settings. |
Sudoer for users | Button - Users with this option active can use the ksudo command to run commands that require sudo authority. |
Restricted hosts | It can include more than one value, separated by commas (,). This option can prevent users from establishing SSH connections (using it as a jump server) to servers other than the servers where the agent is installed. SSH connections cannot be established to the given IP addresses over the server where the agent is installed. You can use the regular expression (regex). |
Table 4 | Linux Agent Profile – Screen 2 Field Descriptions |
|---|---|
Parameter Name | Description |
Check Policy Update Periodically | Button - If this option is active, changes to the user’s policy settings are updated regularly. Whether the agent’s policies are used by the agent when the user session starts and continues to use the same policies throughout the session. |
Policy Update Check Period | If the previous option is selected, this determines how often the policy update will be done, on a minute basis. |
User Add Policy | Determines the settings related to how users who connect to the server where the Agent is installed will be added to this server. |
Create a New Group with Username | A user group with the same name as the connected user is created and the user is assigned to this new group. |
Use Default Template | The user is created according to the rules set in the default settings of the agent. |
Use Default Template with Group Definition | User and user groups are created according to the rules set in the agent's default settings. |
User Add Template Group ID | When Use Default Template With Group Definition is selected, it is used to determine with which group id the group to be created will be created. |
Local Shell | Determines which local shell the user will connect to. (i.e.: /bin/sh gibi) |
Resource Limits | It determines with which limits the connected user can make transactions. It can have more than one value, separated by commas (,). (Ex: maxlogins = 2, nofile = 1024) Values that can be used: cpu: Max cpu time size: Max file size data: Max data size stack: Max stack size core: Max core file size rss: Max resident set nproc: Max number of processes nofile: Max number of open files memlock: Max locked memory as: Max address space locks: Max file locks spending: Max pending signals msgqueue: Max msgqueue size nice: Max nice priority rtprio: Max realtime priority maxlogins: Max number of logins of user priority: The priority to run user processes with |
Editing/Deleting Linux Agent Profiles You can edit/delete the created Linux Agent Profiles using the option buttons:
