@ -38,15 +38,15 @@ nofusscomputing_phpipam_scan_agent:
|
|||||||
|
|
||||||
http_port: 5000 # Optional, Integer. http port to connect to the server.
|
http_port: 5000 # Optional, Integer. http port to connect to the server.
|
||||||
http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
|
http_server: http://127.0.0.1 # Optional, Integer. url with protocol of the Scan Server to connect to.
|
||||||
auth_token: # Optional, String. The Scan-Agent server authentication token.
|
auth_token: # Optional, String. The Scan-Agent server authentication token.
|
||||||
|
|
||||||
cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
|
cache_expire_time: 1800 # Optional, Integer. Time in seconds to expire the phpIPAM cache.
|
||||||
epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
|
epoch_time_offset: 0 # optional, int. Value in seconds to offset the time
|
||||||
|
|
||||||
# phpIPAM Scan Agent Settings
|
# phpIPAM Scan Agent Settings
|
||||||
client_token: # Mandatory, String client api token to connect to phpIPAM API [client_token]
|
client_token: # Mandatory, String client api token to connect to phpIPAM API
|
||||||
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface [client_name]
|
client_name: # Mandatory, String. The scanner name as set in phpIPAM interface
|
||||||
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface [scanagent_code]
|
scanagent_code: # Mandatory, String. Scan Agent Code as set in phpIPAM interface
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -98,7 +98,7 @@ The scanner component has the following workflow:
|
|||||||
|
|
||||||
## Remote network Scannning
|
## Remote network Scannning
|
||||||
|
|
||||||
Once the [server component](server.md#remote%20network%20scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server.
|
Once the [server component](server.md#remote-network-scannning) has been setup, the client can be installed/used from any network. Even a network that is isolated from the server. Only caveat is that the client can communicate with the server. To ensure that the client can connect to the server set the `auth_token` to match that of the server.
|
||||||
|
|
||||||
!!! danger "Security"
|
!!! danger "Security"
|
||||||
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
||||||
|
|||||||
@ -29,10 +29,10 @@ The variables described below, if optional the value specified here is the defau
|
|||||||
nofusscomputing_phpipam_scan_server:
|
nofusscomputing_phpipam_scan_server:
|
||||||
|
|
||||||
# phpIPAM MariaDB/MySQL Variables
|
# phpIPAM MariaDB/MySQL Variables
|
||||||
mysql_host: # Mandatory, String. IP/DNS of host to connect. [nfc_c_]
|
mysql_host: # Mandatory, String. IP/DNS of host to connect.
|
||||||
mysql_port: 3306 # Optional, Integer. port to use for connection. [nfc_c_]
|
mysql_port: 3306 # Optional, Integer. port to use for connection.
|
||||||
mysql_user: # Mandatory, String. User to authenticate with. [nfc_c_]
|
mysql_user: # Mandatory, String. User to authenticate with.
|
||||||
mysql_password: # Mandatory, String. Password for the user to connect with. [nfc_c_]
|
mysql_password: # Mandatory, String. Password for the user to connect with.
|
||||||
|
|
||||||
|
|
||||||
# Server Component Variables
|
# Server Component Variables
|
||||||
@ -63,7 +63,7 @@ The Server componet has the following workflow:
|
|||||||
|
|
||||||
Remote network scanning is possible with the Scan-Agent. The server must be setup and have connectivity to the phpIPAM MariaDB/MySQL database. Currently the server does not perform secure communication. As such you are strongly encouraged to setup the server component behind a reverse proxy that conducts the TLS termination.
|
Remote network scanning is possible with the Scan-Agent. The server must be setup and have connectivity to the phpIPAM MariaDB/MySQL database. Currently the server does not perform secure communication. As such you are strongly encouraged to setup the server component behind a reverse proxy that conducts the TLS termination.
|
||||||
|
|
||||||
The [scan](scanner.md#remote%20network%20scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client.
|
The [scan](scanner.md#remote-network-scannning) and server component must be setup with the same `auth_token`. It is this token that provides a means to ensure that what the server is receiving, is from an authorized client.
|
||||||
|
|
||||||
!!! danger "Security"
|
!!! danger "Security"
|
||||||
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
Failing to secure the server component communication with TLS will allow anyone with direct access to the line of communication to view the `auth_token`. Anyone who has the `auth_token` will be able to upload data to the server.
|
||||||
|
|||||||
Reference in New Issue
Block a user