Agent Configuration
The agent reads its configuration from:
| Platform | Path |
|---|---|
| Windows | %ProgramData%\Bastion\config\agent.toml |
| macOS | /Library/Application Support/Bastion/agent.toml |
| Linux | /etc/bastion/agent.toml |
A full example with all options is shown below.
Full reference
Section titled “Full reference”[server]# Backend server gRPC address (required)url = "grpc://your-backend:50051"
# Connection timeout in seconds (default: 30)timeout_secs = 30
# Maximum retry attempts for failed connections (default: 5)max_retries = 5
[agent]# Human-readable name for this endpoint (default: hostname)# name = "accounting-workstation-01"
# Polling interval for policy sync in seconds (default: 300)policy_sync_interval_secs = 300
# Heartbeat interval in seconds (default: 30)heartbeat_interval_secs = 30
[detection]# Enable YARA scanning (default: true)yara_enabled = true
# Path to custom YARA rules directory (optional)# yara_rules_dir = "/etc/bastion/rules/"
# Enable behavioral analytics (default: true)behavioral_enabled = true
# Enable memory scanning (default: true, Windows only)memory_scan_enabled = true
# Enable PowerShell/script monitoring (default: true)script_monitor_enabled = true
[quarantine]# Directory for quarantined files (default: platform-specific)# quarantine_dir = "/var/bastion/quarantine"
# Maximum quarantine store size in MB (default: 5000)max_size_mb = 5000
[monitoring]# File system monitoring paths (default: system-wide)# watch_paths = ["/home", "/etc", "/var"]
# Paths to exclude from monitoringexclude_paths = [ "/proc", "/sys", "/dev",]
[logging]# Log level: trace, debug, info, warn, error (default: info)level = "info"
# Log file path (default: platform-specific)# file = "/var/log/bastion-agent.log"
[tls]# Require mutual TLS for backend connection (default: false)# enable_mtls = false# client_cert = "/etc/bastion/certs/client.crt"# client_key = "/etc/bastion/certs/client.key"# ca_cert = "/etc/bastion/certs/ca.crt"Environment variable overrides
Section titled “Environment variable overrides”Any option can be overridden with an environment variable using the prefix BASTION_AGENT_:
BASTION_AGENT_SERVER_URL="grpc://new-backend:50051" bastion-agentApplying config changes
Section titled “Applying config changes”On Linux/macOS:
sudo systemctl restart bastion-agentOn Windows (PowerShell as Administrator):
Restart-Service BastionAgent