Security Modules
The FleetManager Security Agent is a modular security monitor for Linux and Windows. It periodically checks (default: every 5 minutes) various security aspects and reports the results as standardized diagnostics to the FleetManager.
Installation
The agent is installed as a system service and reads its configuration from /etc/fleetmanager-security/config.yaml (Linux) or C:\ProgramData\fleetmanager-security\config.yaml (Windows).
General Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
fleetmanager.base_url | string | https://fleet.brinkhaus-gmbh.de | URL of the FleetManager server |
fleetmanager.token | string | — | HTTPS ingest token (required) |
fleetmanager.customer | string | — | Customer slug (required) |
fleetmanager.machine | string | — | Machine slug (required) |
fleetmanager.verify_ssl | bool | true | Verify SSL certificate |
fleetmanager.timeout_seconds | int | 10 | HTTP timeout |
fleetmanager.retry_count | int | 3 | Retry attempts |
agent.heartbeat_interval_seconds | int | 60 | Heartbeat interval |
agent.check_interval_seconds | int | 300 | Check interval (all modules) |
agent.log_level | string | INFO | Log level (DEBUG, INFO, WARNING, ERROR) |
YAML Example (Minimal)
fleetmanager:
base_url: https://fleet.brinkhaus-gmbh.de
token: "my-ingest-token"
customer: "my-customer"
machine: "server-01"
agent:
check_interval_seconds: 300Available Modules
Each module can be individually enabled/disabled (enabled: true/false).
| Module | Area | Linux | Windows |
|---|---|---|---|
| sec-auth | Login monitoring, SSH configuration | yes | yes |
| sec-updates | Patch status, OS end-of-life | yes | yes |
| sec-network | Network listeners | yes | yes |
| sec-firewall | Firewall status, rule changes | yes | yes |
| sec-users | User accounts, privileges | yes | yes |
| sec-services | System services | yes | yes |
| sec-integrity | File integrity, SUID/SGID | yes | yes |
| sec-hardening | CIS benchmark checks | yes | yes |
| sec-cron | Scheduled tasks | yes | yes |
| sec-av | Antivirus status | — | yes |
| sec-kernel | Kernel modules, taint status | yes | — |
Diagnostic Code Ranges
| Range | Topic |
|---|---|
| 2xxx | Patch status & OS end-of-life |
| 3xxx | Antivirus (Windows Defender) |
| 4xxx | Authentication & login |
| 5xxx | Firewall & network listeners |
| 6xxx | SSH configuration & firewall rule drift |
| 7xxx | Linux: Users, Cron, Services, Integrity, Hardening, Kernel |
| 8xxx | Windows: Users, Tasks, Services, Integrity, Hardening |