[-]
  
[-]
  
  
  
  
  
  
  
 
 
[-]
  
  
  
  
[-]
  
 [+]
  
[-]
Monitoring
  
 [+]
 [+]
 [+]
  
[-]
Monitoring guides
  
  
[-]
Templates
  
  
  
[-]
Cloud monitoring
 [+]
  
  
 [+]
Kubernetes
[-]
Network checks
 [+]
  
  
  
[-]
 [+]
  
  
  
  
  
  
 [+]
 [+]
 [+]
 [+]
[-]
CounterMeasures
  
 [-]
   
   
 [+]
  
  
[-]
Panopta OnSight
 [+]
 [+]
[-]
SNMP
 [+]
  
[-]
Alerting
 [+]
 [+]
 [+]
 [+]
 [+]
[-]
Reporting
  
  
  
[-]
Maintenance
  
  
[-]
API
  
  
  
  
[-]
Users, Groups, and Authentication
 [+]
  
  
  
[-]
Billing and Payments
  
  
  
  
  
  
 
[-]
  
  
  
  
  
  
  
  
  
  
  
  
Updated on 7/26/2019
Online Help
Standard Linux CounterMeasure actions
Direct link to topic in this publication:

Out of the box, the Panopta agent comes with a handful of standard CounterMeasure actions to use. You can view them using the following command: 

Python
python /usr/bin/panopta-agent/countermeasure.py list_plugins

R
Available Countermeasures


=========================




Name Author Description


--------------------------------------------------------------------------------


Reboot Server support@panopta.com Reboot the server


dmesg support@panopta.com Gather the latest lines from dmesg


netstat support@panopta.com Gather most recent netstat output


top support@panopta.com Gather most recent top output


vmstat support@panopta.com Gather vmstat output


All of these will run without requiring further configuration, except for Reboot Server. Instructions on configuring that is below.

Configuring Reboot Server privileges

CounterMeasure actions are executed by the panopta-agent user, which is created at the time of agent installation. The panopta-agent user itself does not have elevated privileges and does not require them to perform it's normal monitoring tasks. However, one out-of-the-box CounterMeasure action requires elevated permissions reboot server. If you attempt to run this CounterMeasure before you've configured permissions, it will fail.

Ubuntu

  • Open /etc/passwd. At the end of the panopta-agent line, remove /usr/sbin/nologin and replace it with /bin/bash
  • Save the file
Information
Make sure the following steps are taken using the `vi sudo` command, which validates file integrity when saving.
  • Open /etc/sudoers. Under User privilege specification, add panopta-agent ALL=(ALL) NOPASSWD: /sbin/shutdown under the existing declaration.
  • Save the file

On a stock Ubuntu image, the sudoers file would now look like this:

Python
Defaults        env_reset 
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL
panopta-agent ALL=(ALL) NOPASSWD: /sbin/shutdown

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d