GuardMode 2024.2
Catalogic SoftwareKnowledge BaseMySupport
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using GuardMode Agent as a Container
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Found an issue?
Powered by GitBook
On this page
  • Prerequisites
  • Configuring Automatic Blocklist Updates
  1. Agent Configuration

Configuring DPX for Automatic Blocklist Updates

Attention! This chapter details changes for the DPX Master Server configuration, not GuardMode. These modifications are essential for enabling the Master Server to download the blocklist from our server.

Follow these instructions to configure automatic blocklist updates for GuardMode in your DPX Master Server.

Prerequisites

Before you begin, ensure you have the following:

  • Access to your DPX instance via SSH.

  • Root user privileges.

Configuring Automatic Blocklist Updates

  1. Log in to Your DPX Instance via SSH, using:

ssh your_username@your_dpx_instance_ip
  1. Switch to Root User

  2. Navigate to the Services Directory, using:

cd /catalogic/services
  1. Edit the dpx.yml Docker Compose file to configure automatic blocklist updates.

In the dpx.yml file, locate the section catalog → environment. Add or modify the following environment variables to enable automatic blocklist updates:

  • Blocklist Network Fetch Enabled: Determines if the blocklist will be downloaded from the internet. Default: false.

  • Blocklist Network URL: The URL for the blocklist download. Default: https://catalogic-mysupport.s3.us-west-002.backblazeb2.com/security-updates/block-list-latest.json.

  • Blocklist Network Fetch Interval (milliseconds): The frequency of blocklist updates. Default: 43200000 (12 hours).

Example configuration:

catalog:
  environment:
    BLOCKLIST_NETWORK_FETCH_ENABLED: true
    BLOCKLIST_NETWORK_URL: https://catalogic-mysupport.s3.us-west-002.backblazeb2.com/security-updates/block-list-latest.json
    BLOCKLIST_NETWORK_FETCH_INTERVAL_MILLISECONDS: 10000

Tip. If you encounter any issues while editing the dpx.yml file, ensure that the syntax is correct and that all environment variables are properly indented.

  1. Save the changes to the dpx.yml file and exit the text editor.

  2. Restart the DPX services to apply the new configuration.

systemctl restart dpx-swarm

Attention! Restarting the DPX services will temporarily disrupt any ongoing operations. Plan this change during a maintenance window to avoid impacting users.

  1. Once the services are running again (this may take a few minutes), check the Events section in the DPX UI to verify that the blocklist has been downloaded.

PreviousAltering Audit RulesNextUsing TLS

Last updated 10 months ago