This section contains special case settings for the node's JSON configuration file (sandfly-setup/setup/setup_data/config.node.json) which can be used if needed on a per setting per node basis.

Default and Fallback Directories

During a scan the Sandfly agent is delivered into and is run out of a temporary directory created under the home directory of the username as defined by the associated credential. As you create that account and credential, the user's home directory location is fully under your control. In addition, should the ability to create and use that directory fail for any reason, the scan will automatically attempt to use the fallback directory.

For example, you have a user named "sandflyscanner" with its home directory set to /opt/sandfly/ and that account was used in a Sandfly credential. The agent would run from a different temporary directory located under /opt/sandfly/ for each scan. If that directory becomes unusable, say due to being set to read-only permissions for the "sandflyscanner" user, Sandfly will try to create the temporary directory under the fallback directory, which by default is set to the /dev/shm/directory.

Should an exception to these location options ever become needed, there are two configuration settings in the node configuration file that can change the default behavior:

default_directory - Determines the directory the scan will attempt to switch to at login. The default, blank value means that Sandfly stays in the home directory of the user (or wherever the OpenSSH session drops us into by default).

fallback_directory - If the scan attempt cannot write to the default directory for any reason, the scan will try again in the location configured in this setting. The default fallback location is /dev/shm.

Example of both properties, with their default values, taken from a snippet of a config.node.json file:

		"options": {
			...
			"default_directory": "",
			"fallback_directory": "/dev/shm",
			...
		}

Deployment Scope

It is very important to note that changing the directories in this config file is applied at the node host level. Thus it will affect every node container running on that node's host, which also means that it will affect the named queue as well. Therefore this configuration change should be made with careful planning as it needs to apply to every associated node and queue.

🚧

CAUTION: This configuration change is applied at the host level

Changing the default directory will affect every node container running on that node's host, which also means that it will affect the named queue as well. Therefore this configuration change should be made with careful planning as it needs to apply to every associated node and queue.

Our recommendation is to control the location via the user's home directory whenever possible, however, should you choose to use this method and need further assistance with this configuration please contact Sandfly Support.

Post Configuration Change

For any change to the config.node.json file to take effect, all Sandfly nodes on that host will need to be stopped then started via the provided scripts after the JSON file was updated and saved. Container restarts alone will not reload the changed configuration file.

# Stop all sandfly containers on this host.
~/sandfly-setup/start_scripts/shutdown_sandfly.sh

# Starts one instance of the node on this host.
~/sandfly-setup/start_scripts/start_node.sh

The commands above assume that the changes are only being performed on a dedicated Sandfly node. If the Sandfly server is also running on the same host (i.e. a Standard Security installation was used), follow the server shutdown and start processes as if performing a Sandfly upgrade.