Skip to main content

Configuration

The Sicura Agent Configuration File

Once your copy of Sicura Agent has been installed certain options can be set inside the sicura-agent.yaml file.

NOTE: This file is not generated during install time and requires you run the sicura-agent at least once to be generated.

The config file can be found here:

Linux: /etc/sicura/sicura-agent.yaml

Windows: C:\Program Files\Sicura\Sicura Agent\sicura-agent.yaml

The Sicura Agent config file has four sections. Each section has a set of options which, by default, are disabled (commented out). To enable an option, remove the comment # and enter in the relavent information for that option.

General

NOTE: Options within this section control the agent's functionality system-wide.

log-level

By selecting log-level you will be able to control what information is output by the agent to stdout and stderr. The levels can be lowered or raised seven values for troubleshooting: trace, debug, info, warn, error, fatal, and panic. The default is info.

log-to-file

This true/false option allows you to choose if you want output from the scanner to go to a file in addition to the terminal's stdout/stderr. This is ideal for archiving situations. The default destination for this file is STATE_DIRECTORY/sicura-agent.log

log-dest

This is a custom-defined path where the log file will be saved. This will allow you to override the default log location.

force-scan

The Sicura Agent will error and fail when trying to pull Sicura_Default_Content*** from the console if you are using an unsupported platform. If force_scan is set to true, this error will become a warning and continue running.

NOTE: Use this option at your own risk! Using an unsupported platform may cause undesired results for both the agent and the console.

collector-request-interval

When running sicura-agent or running the Sicura Agent as a service, the process will occasionally reconnect to its collector(s). The collector-request-interval option allows you to adjust the wait period between connections. The default is set to 2 seconds.

ignore-platform-mismatch

In some cases when doing CIS scans, a result-set may come back with all 'Not Applicable'. If this is the case, this option can be set true to attempt a CPE agnostic scan.

Collector

Defines the information needed for the Agent to make a connection to connect to the Sicura Console.

collector-https

(true) whether a secure protocol should be used when accessing the console collector.

collector

The hostname that connections should be made to. Overrides the default of the sicura-console-collector well known DNS entry.

collector-port

(6468) The port on which the Sicura Console is running and accepting connections.

Reports

Any output from the Agent is considered a "Report". By default, reports are sent to the Sicura Console collector for further evaluation and displayed in the Console UI. If desired, they can be kept on the local system.

Options

save-reports This true/false settings will allow you to save the reports for each job. If true, reports save to STATE_DIRECTORY/reports by default. report-path Allows you to override the default path for reports.