Replies: 1 comment
-
|
Hi @lexcorp glpi-agent is more an inventory agent than a monitoring agent. In that way, it only run tasks when this is the moment to run them. It could be easy to hack the agent to run such payload and maybe it will be able in the future. But actually, I really think you should better look toward more appropriate monitoring software. If you want something visible in GLPI. You may develop a script to monitor this created file and trigger a registry key of file creation that can be easily reported by a Collect task. Anyway, this won't be like a monitoring software as the collect task may not run as soon as you wish. GLPI won't generate an alert, but with it, you can identify all the computer on which has been collected the wanted information in the last 24h. A point is also, the file you're talking about seems created in users profile. This means a detector script has to scan for new user profiles. |
Beta Was this translation helpful? Give feedback.
-
Your idea
One of the day-to-day challenges in the areas of security and computer networks is to identify and mitigate the use of psiphon software.
When psiphon is run, the file psiphon-tunnel-core.exe is createdon this route:
%userprofile%\AppData\Local\Temp\psiphon-tunnel-core.exe
The glpi agent would act as a file monitor, waiting for the file generated by psiphon at the specified path.
When it detects that the file has been created in the specific path, it generates a log file with the date, time, and data of the computer that used psiphon.
Save a log when psiphon software usage is detected.
Beta Was this translation helpful? Give feedback.
All reactions