Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Able to access console via the minion over port 443 with multihome

EDR: Able to access console via the minion over port 443 with multihome

Environment

  • EDR (Formerly CB Response) Server: All Supported Versions

Symptoms

  • A different Nginx WebUI port was set to get access to the console
  • Using the minion address over port 443 a user can get access

Cause

  • The API connection to the minions requires 443 by default
  • Adding additional settings to point the API to the same port will correct the issue

Resolution

  1. On the master go to /etc/cb/cb.conf to find or add this line with your custom port:
    MinionApiPort=<customport>
  2. On the minions, move the cb.conf file and rename the multihome:
    mv /etc/cb/nginx/conf.d/cb.conf /etc/cb/nginx/conf.d/cb.conf.old
    mv /etc/cb/nginx/conf.d/cb.multihome.conf /etc/cb/nginx/conf.d/cb.conf
  3. Edit the new /etc/cb/nginx/conf.d/cb.conf to have the NginxWebAPI port set to your custom port:
    listen [::]:<customport> ssl ipv6only=off
  4. On the minion open /etc/cb/cb.conf and modify or add if missing these two configs with the custom port:
    NginxWebApiHttpPort=<customport>
    MinionApiPort=<customport>
  5. Restart the cluster service to take affect:
    /usr/share/cb/cbcluster stop
    /usr/share/cb/cbcluster start

Additional Notes

Make sure the port is open for communication with the minions and master for the API to work


Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-07-2020
Views:
11898
Contributors