EDR: Able to access console via the minion over port 443 with multihome
search cancel

EDR: Able to access console via the minion over port 443 with multihome

book

Article ID: 290743

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • A different Nginx WebUI port was set to get access to the console
  • Using the minion address over port 443 a user can get access

Environment

  • EDR (Formerly CB Response) Server: All Supported Versions

Cause

  • The API connection to the minions requires 443 by default
  • Adding additional settings to point the API to the same port will correct the issue

Resolution

  1. On the master go to /etc/cb/cb.conf to find or add this line with your custom port: 
    MinionApiPort=<customport>
  2. On the minions, move the cb.conf file and rename the multihome: 
    mv /etc/cb/nginx/conf.d/cb.conf /etc/cb/nginx/conf.d/cb.conf.old
mv /etc/cb/nginx/conf.d/cb.multihome.conf /etc/cb/nginx/conf.d/cb.conf
  3. Edit the new /etc/cb/nginx/conf.d/cb.conf to have the NginxWebAPI port set to your custom port: 
    listen [::]:<customport> ssl ipv6only=off
  4. On the minion open /etc/cb/cb.conf and modify or add if missing these two configs with the custom port: 
    NginxWebApiHttpPort=<customport>
MinionApiPort=<customport>
  5. Restart the cluster service to take affect: 
    /usr/share/cb/cbcluster stop
/usr/share/cb/cbcluster start

Additional Information

Make sure the port is open for communication with the minions and master for the API to work

Powered by Wolken Software