Managing Per-Agent CLI Password
book
Article ID: 286625
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Steps to enable or disable the use of per-Agent CLI Passwords.
Environment
- App Control Agents: All Supported Versions
- App Control Console: All Supported Versions
Resolution
Enable/Disable per-Agent CLI:
These settings must be done while the Agent is Connected to the Console, or prior to Agent installation.
- Log in to the Console and navigate to https://ServerAddress/agent_config.php
- Add a filter for Value > begins with > accept_cli
- Edit (pencil icon) the relevant Agent Config and set the value accordingly:
- Accept per-Agent CLI Password:
accept_cli_password=1
- Do not accept per-Agent CLI Password:
accept_cli_password=0
Enable/Disable Showing per-Agent CLI:
- Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
- Find defined property "ShowDascliPasswordInConsole"
- Set the Property Value accordingly:
- Show the per-Agent Password in Console:
true
- Hide the per-Agent Password in Console:
false
Obtaining the per-Agent CLI:
If the Agent is still shown in Assets > Computers:
- Log in to the Console and navigate to Assets > Computers > relevant Computer > Carbon Black App Control Agent tab.
- Click the hyperlink, "Click to Show" to reveal the CLI Password of the Agent.
If the Agent has already been deleted from Assets > Computers:
- Run SQL Server Management Studio as the Carbon Black Service Account
- Connect to the App Control Database and execute the following query:
USE das;
SELECT host_id, hostname, cli_code from dbo.hostmain (NOLOCK) WHERE hostname like '%HOSTNAMEHERE%';
Additional Information
- Existing Agents must be in a Connected state to receive the necessary changes.
- This feature was disabled by default beginning with the release of both Server and Agent version 8.1.4.
- If the Agent has been deleted from the das database, there will be no way to recover the Local CLI password.
Feedback
thumb_up
Yes
thumb_down
No