On 06/05/2012 11:21 AM, dan (ddp) wrote:
On Mon, Jun 4, 2012 at 3:05 PM, [email protected]
<[email protected]> wrote:
Hi all
I'm looking to confirm something with regards the active response feature, I
believe this works in something like the following manner
Data sent from logs on Agent> triggers rules / alert on master> fires
relevant active response script on agent
The active response script / binary needs to be placed in active-response/bin
on the agent and the master server is itself not capable of running arbitrary
commands on the agent system or injecting scripts / binaries onto this for
execution.
Correct. The server cannot run arbitrary commands on the agents or
transfer AR files to the agents.
You're right--in the context of AR. I just wanted to point out that if
someone has control of the server (manager) they can distribute an
agent.conf with full_command and do pretty much anything they want on
the agents.
