-
Notifications
You must be signed in to change notification settings - Fork 2
Configuration
You can use any certificate for the manager and the worker. If you want to use a self signed certificate you can execute the following code, by default the manager and workers only check the certificate, not the IP or domain. If you want to check fully the certificate edit the script with the correct fields and use the flag -verifyAltName.
bash generateCert.shSet the certificate folder in the certFolder variable in the manager.conf config file.
The manager requires a configuration file named manager.conf to be present in the same directory as the executable. The configuration file should be in JSON format and contain the following fields:
{
"users": {
"user1": "WLJ2xVQZ5TXVw4qEznZDnmEEV",
"user2": "WLJ2xVQZ5TXVw4qEznZDnmEE2",
"user3": "WLJ2xVQZ5TXVw4qEznZDnmEE3"
},
"workers": {
"workers": "IeH0vpYFz2Yol6RdLvYZz62TFMv5FF"
},
"statusCheckSeconds": 10,
"StatusCheckDown": 360,
"port": "8080",
"dbUsername": "your_username",
"dbPassword": "your_password",
"dbHost": "db",
"dbPort": "3306",
"dbDatabase": "manager",
"diskPath": "",
"certFolder": "./certs/manager/"
}-
users: A map of user names and their corresponding OAuth tokens for authentication. -
workers: A map of worker names and their corresponding tokens for authentication. (In this case all workers use the same token called workers) -
statusCheckSeconds: The interval in seconds between status check requests from the manager to the workers. -
StatusCheckDown: The number of seconds after which a worker is marked as down if the status check request fails. -
port: The port on which the manager should listen for incoming connections. -
dbUsername: The username for the database connection. -
dbPassword: The password for the database connection. -
dbHost: The hostname of the database server. -
dbPort: The port number of the database server. -
dbDatabase: The name of the database to use. -
diskPath: (optional) The folder path where task outputs should be saved. -
certFolder: The folder path where SSL certificates for the manager should be stored.
The worker requires a configuration file named workerouter.conf to be present in the same directory as the executable. The configuration file should be in JSON format and contain the following fields:
{
"name": "",
"iddleThreads": 2,
"managerIP": "127.0.0.1",
"managerPort": "8080",
"managerOauthToken": "IeH0vpYFz2Yol6RdLvYZz62TFMv5FF",
"CA": "./certs/ca-cert.pem",
"insecureModules": true,
"modules": {
"sleep": "/usr/bin/sleep",
"curl": "/usr/bin/curl",
"echo": "/usr/bin/echo",
"cat": "/usr/bin/cat",
"grep": "/usr/bin/grep",
"nmap": "nmap",
"nmapIPs": "bash ./worker/modules/nmapIPs.sh",
"exec": ""
}
}-
name: (optional) The name of the worker. If not provided, the hostname will be used. -
iddleThreads: The number of idle threads in the worker (default: 5). -
managerIP: The IP address or domain name of the manager. -
managerPort: The port on which the manager is listening. -
managerOauthToken: The OAuth token for authentication with the manager. -
port: The port number on which the worker should listen for incoming requests. -
CA: The path to the CA certificate used for TLS communication with the manager. -
insecureModules: This flag determines whether the worker allows the execution of insecure modules with special characters like;or|. -
modules: A map of module names to executable commands.
Note: The exec module and the insecureModules flag allow remote execution of arbitrary commands on the worker. Use them with caution.
Each worker uses a unique name and IP:port combination to identify itself to the manager. If the name is left blank and the IP and port are different for each client, the same VPS can be cloned indefinitely as long as each VPS has a different hostname.