Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Corner Bowl Server Manager
SIEM, IPS, Server Monitoring, Uptime Monitoring and Compliance Software
Server Configuration
In this Topic
Overview
By default, the server runs unencrypted on port 21843. You can configure to server to run on TLS 1.2/3 and on the port of your choosing.
The server configuration file is located in the following directories:
- Windows:
C:\ProgramData\Corner Bowl\Server Manager\tcpserver.json
- Linux:
/usr/share/corner-bowl/server-manager/tcpserver.json
How to Configure Encrypted Communications on Windows Installations
- From the Windows Server that the Corner Bowl Server Manager Service is installed, use the Windows Certificate Manager to install a SSL certificate.
- Once you have a valid SSL certificate installed, open a command prompt as Administrator.
- Type:
Notepad.exe
- From Notepad, select File | Open.
- Select:
C:\ProgramData\Corner Bowl\Server Manager\tcpserver.json
- Find TlsConfiguration | Enabled then set the value to true.
- Find TlsConfiguration | Certificate then set the value to one of the following values found in the Windows Certificate Manager:
Attribute | Sample Value | Search Order |
---|---|---|
Thumbprint | 1E2CCCC2461DFD3FD925CDA17E5DCAD17B95D94B | 1 |
Serial Number | 5C588F17F5225B9C4CE09E9D42E0DB94 | 3 |
Subject Distinguished Name | CN=LocalhostName,OU=IT,O=\"Corner Bowl Software\",L=Kamas,S=Utah,C=US | 2 |
Subject Name | LocalhostName | 4 |
- Save your changes.
- From the Windows Service Control Manager, restart the Corner Bowl Server Manager service.
Important
If you have configured the Management Console to save your password, the first time you login after either enabling or disabling TLS 1.2/3 you must wait for the connection to first timeout before you have the opportunity to apply your updates.
How to Configure Encrypted Communications on Linux Installations
- Use openssl to create and install your certificate, for example:
sudo apt install openssl sudo mkdir /etc/pki sudo mkdir /etc/pki/CA sudo mkdir /etc/pki/CA/private cd /etc/pki/CA/private sudo openssl genpkey -algorithm RSA -out private.key sudo openssl req -new -key private.key -out request.csr sudo openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt sudo chmod 600 private.key sudo openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt
- Once installed, add the certificate to your .NET Certificate Store using the Server Manager Command-Line Interface, for example:
cd /usr/bin/corner-bowl/server-manager /usr/bin/dotnet cbsmcli.dll -ic -f /etc/pki/CA/private/certificate.pfx
- Using a text editor, open the following file:
/usr/share/corner-bowl/server-manager/tcpserver.json
- Find TlsConfiguration | Enabled then set the value to true.
- Find TlsConfiguration | Certificate then set the value to the network routable hostname used when creating the certificate.
- Save your changes.
- From a command-prompt, restart the Daemon, for example:
sudo systemctl stop cbsmsrv sudo systemctl start cbsmsrv
How to Connect from the Management Console
- Launch the Corner Bowl Management Console.
- Configure the options accordingly, then click Login.
Important
If you have configured the Management Console to save your password, the first time you login after either enabling or disabling TLS 1.2/3 you must wait for the connection to first timeout before you have the opportunity to apply your updates.
Configuration File Reference (tcpserver.json)
Attribute | Description | Range of Values | Default Value |
---|---|---|---|
Host | The hostname the Corner Bowl Server Manager Service is running. | Any network routable hostname or IP address. Values must be wrapped with quotes. | "0.0.0.0" |
Port | The port the Corner Bowl Server Manager Service is running. | 1 - 65535 | 21843 |
IdleTimeout | A Int32 that specifies the maximum number of seconds allowed to pass between command packets. Once exceeded, the remote connection is closed. | 1 - 65535 | 300 |
ReceiveTimeout | An Int32 that specifies the amount of time, in seconds, that will elapse before a read operation fails. | 1 - 65535 | 120 |
SendTimeout | An Int32 that specifies the amount of time, in seconds, that will elapse before a read operation fails. | 1 - 65535 | 120 |
TempDirectory | A string that specifies the path to save temporary files. If the value is set to NULL, the default system temporary directory is used. | The full path to save temporary files. | NULL |
KeepAliveInterval | An Int32 that specifies the amount of time, in seconds, the keep-alive protocol sends heartbeats. | 1 - 65535 | 10 |
TlsConfiguration | Encapsulates the SSL/TLS 1.2/3 configuration properties. | ||
Enabled | A Boolean that specifies whether SSL/TLS 1.2/3 is enabled. | true or false | false |
Certificate | A string that specifies the name of the X509Certificate used to authenticate. | On Windows, the Thumbprint is suggested, however, you can also specify the Serial Number, Subject Distinguished Name or Subject Name. On Linux, the value must be the network routable hostname. If specified, the value must be wrapped in quotes otherwise specify null without quotes. | null |
AllowSelfSignedCertificate | A Boolean value that specifies whether self-signed certificates are supported. | true or false | true |
CheckCertificateRevocation | A Boolean value that specifies whether the certificate revocation list is checked during authentication. | true or false | false |
AllowCertificateChainErrors | A Boolean value that specifies whether the certificate chain is checked during authentication. | true or false | true |
Sample File Contents (tcpserver.json)
{ "Host": "0.0.0.0", "Port": 21843, "IdleTimeout": 300, "ReceiveTimeout": 120, "SendTimeout": 120, "TempDirectory": "d:\temp", "KeepAliveInterval": 30, "TlsConfiguration": { "Enabled": true, "Certificate": ""ed0a01a9e2022527d03304b839b66d021341cfb6"", "RequireRemoteCertificate": false, "AllowSelfSignedCertificate": false, "CheckCertificateRevocation": false, "AllowCertificateChainErrors": false } }
Troubleshooting
If you are unable to connect to the server, you can view the server's verbose output log for detailed information. The server's log file is located in the following locations:
- Windows:
C:\ProgramData\Corner Bowl\Server Manager\server.log
- Linux:
/var/log/corner-bowl/server.log