From e380ff3d2112ed6a48d6c472843f59aae939d7a7 Mon Sep 17 00:00:00 2001 From: redteampanda-ng <31235211+redteampanda-ng@users.noreply.github.com> Date: Tue, 9 Dec 2025 19:00:08 +0100 Subject: [PATCH 1/2] chore: add note about custom root CA (#81) --- administration/users.rst | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/administration/users.rst b/administration/users.rst index a645ee8..4e595c0 100644 --- a/administration/users.rst +++ b/administration/users.rst @@ -18,7 +18,7 @@ Editing a user account does not require a password although the fields are shown in the dialogue. An initial password has to be provided for user creation, though. -Access the user roles in ``Settings`` > ``Roles``. +Access the user roles in ``Settings`` > ``Roles``. You can download a list of all users in CSV format. @@ -33,16 +33,16 @@ deleted. The ASGARD role model is fully configurable. .. figure:: ../images/mc_roles-factory-defaults.png :alt: ASGARD User Roles - User Roles – Factory Defaults + User Roles – Factory Defaults -Note that all users except users with the right ``Readonly`` have the right to run scans on endpoints. +Note that all users except users with the right ``Readonly`` have the right to run scans on endpoints. The following section describes these predefined rights and restrictions that each role can have. Rights ^^^^^^ -.. list-table:: +.. list-table:: :header-rows: 1 :widths: 30, 70 @@ -61,10 +61,10 @@ Rights * - Service Control - User can manage services on endpoint, e.g. Aurora -Restrictions +Restrictions ^^^^^^^^^^^^ -.. list-table:: +.. list-table:: :header-rows: 1 :widths: 30, 70 @@ -91,6 +91,12 @@ In the right column, the mapping of LDAP groups to ASGARD groups First check if your LDAP server is reachable by ASGARD by clicking "Test Connection". +.. note:: + If you are using LDAPS with a self-signed certificate or a custom CA, you must trust the signer on the ASGARD server. + Copy the CA certificate to ``/usr/local/share/ca-certificates``. + Run ``sudo update-ca-certificates``. + Restart the ASGARD service: ``sudo systemctl restart asgard-management-center``. + .. figure:: ../images/mc_ldap-server.png :alt: Configure the LDAP Server @@ -112,7 +118,7 @@ A default for LDAP and AD in a flat structure is given in the **"Use recommended filters"** drop-down menu, but you can adapt it to your liking. The test button shows you if a login with that user would be successful and which groups ASGARD identified -and could be used for a mapping to ASGARD groups. +and could be used for a mapping to ASGARD groups. .. figure:: ../images/mc_ldap-filter.png :alt: Configure the LDAP User and Group Filters @@ -137,4 +143,4 @@ This is done in the right column by using the ``Add LDAP Role`` feature. .. figure:: ../images/mc_ldap-roles.png :alt: LDAP Group to ASGARD Role Mapping - LDAP Group to ASGARD Role Mapping \ No newline at end of file + LDAP Group to ASGARD Role Mapping From 5cdee7ad204c1c4ddfeab89d722111a5dc8c2869 Mon Sep 17 00:00:00 2001 From: redteampanda-ng <31235211+redteampanda-ng@users.noreply.github.com> Date: Wed, 17 Dec 2025 14:42:16 +0100 Subject: [PATCH 2/2] chore: update changelog --- changelog/log2.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/changelog/log2.rst b/changelog/log2.rst index 86a00ef..16797e2 100644 --- a/changelog/log2.rst +++ b/changelog/log2.rst @@ -1,6 +1,20 @@ Management Center v3.2 ====================== +Management Center 3.2.1 +----------------------- + +Release Date: Wed, 17 Dec 2025 12:27:00 +0200 + +.. list-table:: + :header-rows: 1 + :widths: 15, 85 + + * - Type + - Description + * - Bugfix + - Fixed an issue where agents appeared offline and could not download the Agent Core due to exhausted module download slots caused by agents with repeated download failures (e.g., due to full disks) + Management Center 3.2.0 -----------------------