azcomputerguru
65086f4407
CORS: - Restrict CORS to DASHBOARD_URL environment variable - Default to production dashboard domain Authentication: - Add AuthUser requirement to all agent management endpoints - Add AuthUser requirement to all command endpoints - Add AuthUser requirement to all metrics endpoints - Add audit logging for command execution (user_id tracked) Agent Security: - Replace Unicode characters with ASCII markers [OK]/[ERROR]/[WARNING] - Add certificate pinning for update downloads (allowlist domains) - Fix insecure temp file creation (use /var/run/gururmm with 0700 perms) - Fix rollback script backgrounding (use setsid instead of literal &) Dashboard Security: - Move token storage from localStorage to sessionStorage - Add proper TypeScript types (remove 'any' from error handlers) - Centralize token management functions Legacy Agent: - Add -AllowInsecureTLS parameter (opt-in required) - Add Windows Event Log audit trail when insecure mode used - Update documentation with security warnings Closes: Phase 1 items in issue #1 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
86 lines
2.2 KiB
TOML
86 lines
2.2 KiB
TOML
[package]
|
|
name = "gururmm-agent"
|
|
version = "0.3.5"
|
|
edition = "2021"
|
|
description = "GuruRMM Agent - Cross-platform RMM agent"
|
|
authors = ["GuruRMM"]
|
|
|
|
[features]
|
|
default = ["native-service"]
|
|
# Modern Windows (10+, Server 2016+): Native Windows Service integration
|
|
native-service = ["dep:windows-service", "dep:windows"]
|
|
# Legacy Windows (7, Server 2008 R2): Console mode, use NSSM for service wrapper
|
|
legacy = []
|
|
|
|
[dependencies]
|
|
# Async runtime
|
|
tokio = { version = "1", features = ["full"] }
|
|
|
|
# System information (cross-platform metrics)
|
|
sysinfo = "0.31"
|
|
|
|
# WebSocket client (native-tls for Windows 7/2008R2 compatibility)
|
|
tokio-tungstenite = { version = "0.24", features = ["native-tls"] }
|
|
futures-util = "0.3"
|
|
|
|
# HTTP client (fallback/registration) - native-tls for Windows 7/2008R2 compatibility
|
|
reqwest = { version = "0.12", default-features = false, features = ["json", "native-tls"] }
|
|
|
|
# Serialization
|
|
serde = { version = "1", features = ["derive"] }
|
|
serde_json = "1"
|
|
toml = "0.8"
|
|
|
|
# CLI arguments
|
|
clap = { version = "4", features = ["derive"] }
|
|
|
|
# Logging
|
|
tracing = "0.1"
|
|
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
|
|
|
|
# Error handling
|
|
anyhow = "1"
|
|
thiserror = "1"
|
|
|
|
# UUID for identifiers
|
|
uuid = { version = "1", features = ["v4", "serde"] }
|
|
|
|
# URL parsing for download validation
|
|
url = "2"
|
|
|
|
# SHA256 checksums for update verification
|
|
sha2 = "0.10"
|
|
|
|
# Time handling
|
|
chrono = { version = "0.4", features = ["serde"] }
|
|
|
|
# Hostname detection
|
|
hostname = "0.4"
|
|
|
|
# Network interface enumeration (LAN IPs)
|
|
local-ip-address = "0.6"
|
|
|
|
# Async file operations
|
|
tokio-util = "0.7"
|
|
|
|
[target.'cfg(windows)'.dependencies]
|
|
# Windows service support (optional, only for native-service feature)
|
|
windows-service = { version = "0.7", optional = true }
|
|
# Windows-specific APIs for service management (optional)
|
|
windows = { version = "0.58", optional = true, features = [
|
|
"Win32_System_Services",
|
|
"Win32_Foundation",
|
|
"Win32_Security",
|
|
] }
|
|
|
|
[target.'cfg(unix)'.dependencies]
|
|
# Unix signal handling and user detection
|
|
nix = { version = "0.29", features = ["signal", "user"] }
|
|
|
|
[profile.release]
|
|
# Optimize for size while maintaining performance
|
|
opt-level = "z"
|
|
lto = true
|
|
codegen-units = 1
|
|
strip = true
|