Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

This page allows to configure access to Snare Agent via web User Interface, as well as establish communication with Snare Agent Manager (SAM).
Web UI can be used for configuring Snare Agent and monitoring its operation. 
Remote control is enabled by default, but can be disabled by modifying the file/etc/security/snare.conf (see /wiki/spaces/MACV5/pages/141295754).

The following options may be set for remote control operation:

  • Restrict remote control of SNARE agent to certain hosts. This feature indicates whether to restrict web access to the Snare Agent to certain machines specified in IP Address allowed to remote control SNARE. This option is also configurable at the time of installation. Enabling this option will make the Snare Agent's web GUI and web APIs accessible from certain IPs only. When disabled, the Agent's web interface is accessible from any machine.  
    Note: if web access was not enabled during Agent installation, it can be turned on by enabling the correct registry key on the machine on which the Snare Agent is installed.
  • IP Address allowed to remote control SNARE. Remote control actions may be limited to a given host. This host, entered as an IP address in this field, will only allow remote connections to be effected from the stated IP address. Note that access control based on source IP address is prone to spoofing, and should be considered as a security measure used in conjunction with other countermeasures. Multiple comma-separated IP addresses or FQDNs can be entered.

  • Password to allow remote control of SNARE. Displays the state of the password e.g. Password is set. If the agent is not remotely configured, the password can be reset using the 'Reset password' button. This is the password required at login.

    Password complexity rules

    The password must meet the following criteria:

    Between 10 and 128 characters in length.
    Not more than 2 identical characters in a row (e.g. 111 not allowed).
    And 3 out of the following 4 complexity rules:
     At least 1 uppercase character (A - Z),
     At least 1 lowercase character (a - z),
     At least 1 digit (0 - 9),
     At least 1 special character (e.g. punctuation).

    Password reset command

    If you are ever locked out the password can be manually reset with use of the password reset command line option. To use, become administrator (sudo -s), stop the Snare Agent Service (launchctl unload -w /Library/LaunchDaemons/com.intersectalliance.snare.agent.plist), and run the agent executable with -p (or --password) followed by the new password:
    e.g. /usr/local/bin/snarecore -p myNewPassword99

    Ensure you restart the agent service afterwards (launchctl load -w /Library/LaunchDaemons/com.intersectalliance.snare.agent.plist).

  • Max number of failed attempts allowed Indicates the number of failed login attempts to be allowed before the agent will be locked. Accepted number of failed login attempts is 3 to 6. Default value is 3.
  • Lock timeout (minutes) after max failed attempts Indicates the lock duration in minutes if the agent is locked due to the maximum failed login attempts. Accepted duration (minutes) is 15 to 60. Default value is 15.
  • Web Server Port. By default Snare Agent operates on port 6161. Note that the port needs to be explicitly added to the URL when accessing the Web UI, i.e. https://mysite.com:6161, unless it is changed to port 80 in which case :80 can be omitted from the URL. Users of the Snare Server should generally leave the port as 6161, in order to take advantage of the Snare Server's user and group audit capabilities.
  • Require at least TLS 1.3 for browser connections to Agent Website. When unchecked (default), Snare Agent supports TLS 1.2 and TLS 1.3 for web connections. When checked, TLS 1.2 is explicitly disabled; browsers connecting to the agent website must support at least TLS 1.3 for ssl connections.
  • Snare Agent Manager IP. The IP address or FQDN of the Snare Agent Manager (SAM). If SAM is installed on the same machine, localhost can be used.  The agent will communicate with SAM via this IP.
  • Snare Agent Manager Port. The port number of SAM machine the agent will try to connect using IP:Port combination.  Default port is 6262.
  • Snare Agent Manager Authentication Key. It is the secret key that the agent uses for authentication while making the connection with the SAM. The agent will not be able to continue connection with the SAM if this key is invalid. This key is generated by administrators on SAM.  On installation of the agent the default key is DEFAULT_AUTH_KEY__USER_TO_UPDATE, and this is also the default on SAM in Settings|General.


To save and set the changes to the above settings, and to ensure the configuration file has been updated perform the following:

  1. Click on Change Configuration to save any changes.
  2. Click on the Apply Configuration & Restart Service menu item.


  • No labels