Configuration - agent.conf settings

Table of Contents

This how-to describes the manual configuration of the Server Agent

Format

The format of the Server Agent configuration must be in valid JSON. Otherwise the SErver Agent will fail to start. This can be tested with JSON Lint

An example configuration looks like:

Single domain configuration

agent.conf (Linux)

{
"key": "abc",
"secret": "abc",
"tmpfile": "hashes.txt",
"domains": {
"example.com": "/var/www/example.com"
},
"excludeDir": [ ],
"excludeRegexp": [ ],
"includeDir": [ ],
"includeRegexp": [ ],
"apiserver": "https://api.nimbusec.com"
}

agent.conf (Windows)

{
"key": "abc",
"secret": "abc",
"tmpfile": "hashes.txt",
"domains": {
"example.com": "C:\\iis\\example.com"
},
"excludeDir": [ ],
"excludeRegexp": [ ],
"includeDir": [ ],
"includeRegexp": [ ],
"apiserver": "https://api.nimbusec.com"
}

Multi domain configuration

agent.conf (Linux)

{
"key": "abc",
"secret": "abc",
"tmpfile": "hashes.txt",
"domains": {
"example.com": "/var/www/example.com",
"demo.co.at": "/var/www/demo.co.at"
},
"excludeDir": [ ],
"excludeRegexp": [ ],
"includeDir": [ ],
"includeRegexp": [ ],
"apiserver": "https://api.nimbusec.com"
}

agent.conf (Windows)

{
"key": "abc",
"secret": "abc",
"tmpfile": "hashes.txt",
"domains": {
"example.com": "C:\\iis\\example.com",
"demo.co.at": "C:\\iis\\demo.co.at"
},
"excludeDir": [ ],
"excludeRegexp": [ ],
"includeDir": [ ],
"includeRegexp": [ ],
"apiserver": "https://api.nimbusec.com"
}
Field Description
key Your assigned customer key for the Server Agent. The key can be via https://portal.nimbusec.com/einstellungen/serveragent or by requesting a new from support@nimbusec.com. The key is unique per server and must not be used across multiple servers.
secret Your assigned customer secret for the Server Agent. The secret can be retrieved via https://portal.nimbusec.com/einstellungen/serveragent or by requesting a new from support@nimbusec.com . The secret is bound to a key.
tmpfile Path to a writable location where the Server Agent can store it's temporary file. This file contains the data that is sent to the nimbusec API to analysis and will not get deleted after, but overwritten with each run. Each domain counts as a separate run. This enables you to inspect the data we send to our API.
domains A key value map of domain names and corresponding document roots. The domain name must match the domain name in the portal, else the upload will fail with a access denied message. The document root is the root directory which should be scanned. On Windows the backslashes must be escaped. You can also use forward slashes on Windows.
excludeDir A list of directories which should be skipped. The directories must be absolute file paths. Neither baseline nor webshell analysis will be performed inside these directories!
excludeRegexp A list of regular expressions. If a regular expression matches a file path, the file will be ignored. Be very sure to make the regular expression as strict as possible. The syntax of the regular expressions accepted is the same general syntax used by Perl, Python, and other languages. More precisely, it is the syntax accepted by RE2 and described at http://code.google.com/p/re2/wiki/Syntax , except for \C. Neither baseline nor webshell analysis will be performed inside these files!
includeDir A list of directories which should be included. The directories must be absolute file paths. If this list contains entries, only directories, that begin with the specified values will be regarded for baseline and webshell analysis. All other directories will be disregarded. E.g. document root is /var/www, if /var/www/a is specified /var/www/a files and directories below will be analysed while everything else below /var/www will be ignored.
includeRegexp A list of regular expressions. If a regular expression matches a file path, the file will be anylsed. Be very sure to make the regular expression as strict as possible. The syntax of the regular expressions accepted is the same general syntax used by Perl, Python, and other languages. More precisely, it is the syntax accepted by RE2 and described at http://code.google.com/p/re2/wiki/Syntax , except for \C. Neither baseline nor webshell analysis will be performed inside these files!
apiserver The url of our API server. Only change this if told you by the nimbusec support!

Command Line Options

The agent can be run with the following parameters: (Not all options are available in all versions of the agent)

Parameter Version Description
-h * Displays help and exits.
-config string * Configuration file for nimbusec agent (default "agent.conf")
-follow-symlinks TRUE / FALSE * Toggle following symlinks (default true)
-maxprocs int * Maximum number of processes used (default 2)
-v 11 Displays the version and exits.
-yara 11 Enable YARA engine.
Still need help? Get in touch!
Last updated on 22nd May 2018