There are many types of Foglight® agents; most communicate with the Management Server through a provided client component—the Foglight Agent Manager (FglAM).
The Agent Manager can be installed without administrator access, but such access is required to enable startup scripts or Windows® services to allow automatic launching of the Agent Manager upon machine reboot. The Agent Manager can be initially installed on a monitored host through an installer GUI, a text-based console installer, or a command-line silent mode (suitable for mass deployment using customer-provided tools).
Some data collection agents hosted by the Agent Manager require administrator privileges to perform their assigned tasks. In order to avoid running the entire client host with the required privileges, Foglight® uses a privilege escalation mechanism to create the required access for the agents that need it.
The Agent Manager, by default, uses the well known sudo facility (a very fine-grained configurable system) to implement privilege escalation. Sudo can be configured to allow only specific applications to be launched with escalated privileges, and the privileges provided to each launched application can be independently controlled. In addition, sudo allows the administrator to limit the parameters passed to each application; this facility is central to configuring a secure system with the Agent Manager.
The Agent Manager also provides an alternative setuid root-based launcher. This launcher is only intended for use in demonstration installations with minimal security needs, where the burden of properly configuring sudo for fine-grained access control would hinder a timely demonstration. Quest does not recommend that this setuid root-based launcher be configured as part of Foglight’s standard installation instructions.
The Foglight® Management Server and Foglight cartridges use the JavaTM Cryptographic Extension library for cryptographic operations.
MD5 for existing users migrated from Foglight 6.3.0 or earlier version. |
|||
Using automatically generated RSA key as encryption key, the key is protected by lockbox password | |||
Foglight Agent Manager uses the Java Cryptographic Extension library for cryptographic operations.
Using default Agent Manager encryption key for encrypting keystore passwords. | |||
Using the DH session key for encrypting or decrypting the lockbox key. | |||
When an internal Foglight® user account is created, the user's password is hashed with the MD5 algorithm and the resulting digest is stored in the Foglight database. User passwords are therefore not stored anywhere, in encrypted or in clear text form.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center