Default agent config has DenyKey, AllowKey in the wrong order

XMLWordPrintable

    • Type: Problem report
    • Resolution: Cannot Reproduce
    • Priority: Trivial
    • 5.2 (plan)
    • Affects Version/s: 5.0.0, 5.0.1
    • Component/s: Agent (G)
    • None
    • Sprint 65 (Jun 2020), Sprint 66 (Jul 2020)
    • 0.125

      In the default agent configuration the DenyKey section is above the AllowKey section. Therefore, any system.run[...] item matches the predefined DenyKey=system.run[*] entry and is denied. To fix, move the AllowKey section before the DenyKey section.

      Steps to reproduce:

      1. Install the agent in version 5.0. Set EnableRemoteCommands=1. Do not modify the configuration with regard to the DenyKey, AllowKey options.
      2. Attempt to request "system.run[echo 1]". It fails as expected.
      3. Add an AllowKey configuration item: AllowKey=system.run[echo 1].
      4. Try the item again. It still fails, contrary to expectation.
      5. In the configuration file, move the AllowKey section above the DenyKey section.
      6. Try again. The "echo 1" item is correctly executed while other system.run[...] items are disabled as expected.

            Assignee:
            Artjoms Rimdjonoks
            Reporter:
            Christian Ullrich
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: