Dhound-agent troubleshooting on Linux
Dhound-agent installation makes some changes in the system automatically. It does not affect servers security.
In case of troubleshooting, stop dhound-agent and run it in verbose mode
sudo service dhound-agent stop
If there're any problems with Dhound agent installtion, please get in touch with our support via live chat.
sudo /opt/dhound-agent/bin/dhound-agent -config-dir /etc/dhound-agent -verbose
Test particular rules
All rules are located in the folder /etc/dhound-agent/rules.d/.
To collect and debug specific events, open /etc/dhound-agent/config.yml file, set up 'allrules' to 'false' and specify rule file without exentension into 'rules' parameter.
# for more information about dhound-agent configuration see here - https://knowledge.dhound.io/how-to-use-dhound output: # (required) client access token accesstoken: 5MDMDMDMDMDMDMKEYMDMDMDMKSKDMFMDMSMDMFMXG1K8B68J8 # (required) server identifier serverkey: MMMDDDFFFBLK # (optional) proxy settings # proxy: http://localhost:8080 input: # enable all rules specified in rules.d folder: true/false allrules: true # if allrules is false, specify name of rule files without extension (for example, sshd, tcp-out, etc) rules: [sshd, fail2ban, pure-ftpd, tcp-out, apache-wordpress]
- Install dhound-agent (on this resource)