When run as a daemon or a service, GLPI Agent can be reached on an HTTP interface which, by default, can be reached on port 62354.
The HTTP interface, by default, provides few basic features.
It shows agent version, configured targets, next planned run date, and eventually a link to force tasks run if your ip is in the trusted list.
The interface provides also an API on
/status page for GLPI server. It returns a short plain text depending on what the agent is currently doing, like:
status: running task inventory
Regarding security, by default, this interface provides a really limited public access as it only permits to see basic informations.
Anyway, when required, the HTTP interface can be disabled by setting no-httpd configuration.
Listening interface can be changed using httpd-ip configuration to restrict it, as by default all network interfaces are use to listen for new connection. Also the port can be changed to listen on a different port using httpd-port configuration.
Trusted IP is limited by default and you can trust new ip or iprange configuring httpd-trust.
The GLPI server ip is always added to the trusted ip list.
GLPI Agent is provided with few HTTP server plugins which are all disabled by default but can extend the HTTP interface with few nice features. Regarding security, the SSL Server plugin can be used to encrypt HTTP exchange using SSL protocol and since GLPI Agent v1.5, the Basic Authentication Server Plugin can be used in combination to require authentication (See Basic Authentication use cases).
- Basic Authentication Server Plugin
- SSL Server Plugin
- Proxy Server Plugin
- Inventory Server Plugin
- Test Server Plugin
- ToolBox interface