Standard Linux CounterMeasure actions

Out of the box, the Panopta agent comes with a handful of standard CounterMeasure actions to use. You can view them using the following command: 

 

All of these will run without requiring further configuration, except for Reboot Server. Instructions on configuring the reboot server are detailed in the following section.

Configuring Reboot Server privileges 

CounterMeasure actions are executed by the panopta-agent user, which is created at the time of agent installation. The panopta-agent user itself does not have elevated privileges and does not require them to perform it's normal monitoring tasks. However, one out-of-the-box CounterMeasure action requires elevated permissions reboot server. If you attempt to run this CounterMeasure before you've configured permissions, it will fail.

Ubuntu 

  • Open /etc/passwd. At the end of the panopta-agent line, remove /usr/sbin/nologin and replace it with /bin/bash

  • Save the file

Make sure the following steps are taken using the visudo command, which validates file integrity when saving.

  • Open /etc/sudoers. Under User privilege specification, add panopta-agent ALL=(ALL) NOPASSWD: /sbin/shutdown under the existing declaration.

  • Save the file

On a stock Ubuntu image, the sudoers file would now look like this:

On this page

See also