1. Home
  2. Docs
  3. ConfigFiles
  4. Agent
  5. Security

Security

File Permission

The cm-agent stores sensitive data in several locations. These files and directories must be configured properly to avoid information leakage. The following files and directories must be owned by the root user and must not be readable by global users:

  • /etc/cm-agent.yaml – Default configuration file.
  • /var/log/cm-agent.log – Default log file.

The default configuration has a permission set to writeable and readable for the root user only.

Data Communications

ConfigFiles is a SaaS product, whereby users need to establish an outbound connection from their network to the public internet in order to submit monitoring data. Traffic is always initiated by the cm-agent to ConfigFiles via HTTPS connections. No sessions are ever initiated from ConfigFiles back to the cm-agent.

Outbound connection via proxy is not supported at the moment.

The bartender agent periodically pulls the configuration (default is every 30 seconds) from a number of API endpoints:

  • agent-api.s9s.io:443 – Agent configuration and reporting.
  • agent-auth-api.s9s.io:443 – Agent authentication.

All communication to the API endpoints must be accompanied by a security token (retrievable under /etc/cm-agent.yaml), which is uniquely generated by ConfigFiles when users add their database host.

Privacy

ConfigFiles stores some information about the node where it is running:

  • Host:
    • Operating System
    • Disks
    • Network information
  • Database
    • Vendor
    • Version
    • Database Names
Note

ConfigFiles never sends out internal data nor credentials outside the node.

Was this article helpful to you? Yes No