Context
OpenBAS helpfully creates a config file for the agents installed trhough the scripts obtained on the server. However, this config file reflects one single configuration pattern with settings set on the server itself, and does not allow discrete overrides to survive an agent upgrade.
This does not allow maintaining multiple endpoint populations each requiring a different configuration
Use case
Given a single OpenBAS server:
- Some, not all, endpoints may require disabling TLS verification (PoC situation, manual tests...)
- Some, not all, endpoints may require supporting a proxy
Current Workaround
Manually retoggle any settings that have been overridden after the upgrade; might be tedious
Proposed Solution
Do not override the config file if found existing. Generally omit config settings that have defaults, unless the server is set so as to contradict the defaults. Link to the documentation for complete settings list and explanations.
Context
OpenBAS helpfully creates a config file for the agents installed trhough the scripts obtained on the server. However, this config file reflects one single configuration pattern with settings set on the server itself, and does not allow discrete overrides to survive an agent upgrade.
This does not allow maintaining multiple endpoint populations each requiring a different configuration
Use case
Given a single OpenBAS server:
Current Workaround
Manually retoggle any settings that have been overridden after the upgrade; might be tedious
Proposed Solution
Do not override the config file if found existing. Generally omit config settings that have defaults, unless the server is set so as to contradict the defaults. Link to the documentation for complete settings list and explanations.