Is this Nethserver module helpful to you?
Please consider donating to the author

Thank you kindly!

2019/03/04 06:06 · HF

MeshCentral

Meshcentral is a web-based remote monitoring and management tool.

Valid Certificate and Virtualhost needed

MeshCentral needs a valid certificate to work. You may use a Letsencrypt certificate. To be reachable for users and agents, MeshCentral needs a dedicated virtualhost, an FQDN like mydomain.org. You may use a Dynamic DNS provider.

mrmarkuz repo

Install mrmarkuz repo to ease installation/updates.

NethServer MeshCentral

Install nethserver-meshcentral:

yum -y --enablerepo=mrmarkuz install nethserver-meshcentral

Virtualhost

Set the domain to reach the MeshCentral instance.

config setprop meshcentral VirtualHost mydomain.org

Security

IP Filter

IP Filtering can be done for users and agents. By default access is allowed from everywhere for both, users and agents. I recommend to use the IP filter. In this example agents and web users from local network 192.168.0.0/24 are allowed and the external agent with ip 1.2.3.4 is allowed too.

config setprop UserAllowedIP 192.168.0.0/24
config setprop AgentAllowedIP 192.168.0.0/24,1.2.3.4

2FA

MeshCentral supports 2FA. It's fully manageable via the web UI in the “My Account” tab go to “Manage authenticator app”. I recommend 2FA when using MeshCentral over WAN or on a VPS.

Mail Validation

It's possible to validate users by email. To enable mail validation:

config setprop meshcentral MailValidation enabled

If you do not use the local mail server or like to edit “From” address

config setprop meshcentral MailHost mail.somehost.tld
config setprop meshcentral MailPort 993
config setprop meshcentral MailFrom user@somehost.tld
config setprop meshcentral MailTLS enabled

Customize MeshCentral

To customize the title or the pictures:

config setprop meshcentral Title 'My NethCentral'
config setprop meshcentral Title2 'This is my NethCentral Server'
config setprop meshcentral TitlePicture 'title.png'
config setprop meshcentral LoginPicture 'login.png'

AD/LDAP

MeshCentral uses internal authentication by default, you can enable AD/LDAP authentication but there's no way to use both auth methods so you have to decide. It's possible to create an internal user, enable AD/LDAP, login with AD/LDAP users, disable AD/LDAP and login with the created internal user. This way you always have an untouched backup admin.

config setprop meshcentral ldap enabled

For VPS it's recommended to disable the LAN mode and just run in WAN mode:

config setprop meshcentral WANOnly enabled

Apply configuration change

signal-event nethserver-meshcentral-update

Admin user

Browse to your virtualhost domain and you should see the MeshCentral login page. The first account created or logging in (AD/LDAP) is the administrator.

Upgrade MeshCentral

To upgrade meshcentral to the latest version:

signal-event nethserver-meshcentral-upgrade

MeshCentral supports Intel AMT, it's running on port 4433 but you need to open the port in the firewall or service settings. I did not test AMT yet.

Please raise Issues on NethServer Community