From 4d19ead2f19fd7750c41ad4917738a9e669f16be Mon Sep 17 00:00:00 2001 From: Jon Date: Sat, 24 Feb 2024 20:16:37 +0930 Subject: [PATCH] feat(scanner): for ssl cert validation when uploading to server !11 #1 --- docs/projects/ansible/collection/phpipam_scan_agent/scanner.md | 2 ++ playbooks/tasks/scan_subnet.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md index 0276f41..7583449 100644 --- a/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md +++ b/docs/projects/ansible/collection/phpipam_scan_agent/scanner.md @@ -100,6 +100,8 @@ The scanner component has the following workflow: Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server. +There is no true confirmation of the servers identity outside of confirming the TLS Certificate is trusted. Due to this fact, you're advised to use your own CA to sign the server components TLS Certificate. By doing this only you can issue a certificate to the server component. All that is required is to ensure that your CA certificate is within the trusted certificates of the machine that is running the agent. + !!! danger "Security" Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server. diff --git a/playbooks/tasks/scan_subnet.yaml b/playbooks/tasks/scan_subnet.yaml index f5de6b5..09203d0 100644 --- a/playbooks/tasks/scan_subnet.yaml +++ b/playbooks/tasks/scan_subnet.yaml @@ -103,3 +103,4 @@ "results": "{{ subnet_scan_results }}" } } + validate_certs: true # Ensure always true