OSPatrol 101: authd

ospatrol-authd and agent-auth are two OSPatrol applications to automatically register an agent. ospatrol-authd is the server side daemon, and agent-auth runs on the agent.

Running ospatrol-authd:

There aren’t many options for ospatrol-authd. It’s generally recommended that ospatrol-authd is only run when adding new agents due to the lack of authentication.

An SSL certificate is required, and should be installed at /var/ospatrol/etc/sslmanager.cert.

Running ospatrol-authd can be as simple as:

/var/ospatrol/bin/ospatrol-authd -p 1515

In this example ospatrol-authd listens on port 1515 for client connections.

Running agent-auth:

agent-auth does not have many options either. Running it can be as simple as:

/var/ospatrol/bin/agent-auth -m 10.10.10.10 -p 1515

Adding an agent name with -A agent_name may also be useful.

Considerations:

Currently ospatrol-authd and agent-auth do not authenticate the other side. The communication is encrypted, but there is nothing stopping an attacker with access to the ospatrol-authd port from registering fake agents.

Scenario:

On a Tuesday Adele’s boss Steve asks her to add the new database servers to the OSPatrol infrastructure. Adele didn’t want to go to each of the 12 systems to configure everything from scratch, so she decided to use ospatrol-authd to automatically register the new systems.

Adele added an SSL certificate to the OSPatrol server by running:

# openssl genrsa -out /var/ospatrol/etc/sslmanager.key 2048
# openssl req -new -x509 -key /var/ospatrol/etc/sslmanager.key -out /var/ospatrol/etc/sslmanager.cert -days 365

Then she ran ospatrol-authd to listen on port 2157:

# /var/ospatrol/bin/ospatrol-authd -p 2157

Next Adele used the existing management infrastructure to install OSPatrol agents on each of the systems, and if /var/ospatrol/etc/client.keys did not exist to run /var/ospatrol/bin/agent-auth with the following command:

# /var/ospatrol/bin/agent-auth -m 192.168.29.46 -p 2157