I tried tor enable enable_script_checks, but I dint get the way of usage of the command.
When I tried running consul agent -h , displayed options like below, but I dint find the way of usage.
-enable-local-script-checks
Enables health check scripts from configuration file.
-enable-script-checks
Enables health check scripts.
I would like to suggest - if we have an example of command usage , it could have been more helpful.
Thanks
Hi @giriadini,
You can enable script checks simply by specifying the flag at the CLI.
❯ consul agent -dev -enable-script-checks
==> Starting Consul agent...
Version: 'v1.8.0'
Node ID: '53ff37db-0958-a04b-9189-2389132685c3'
Node name: 'b1000.local'
Datacenter: 'dc1' (Segment: '<all>')
Server: true (Bootstrap: false)
Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: 8502, DNS: 8600)
Cluster Addr: 127.0.0.1 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false, Auto-Encrypt-TLS: false
==> Log data will now stream in as it occurs:
2020-07-17T08:55:45.783-0700 [DEBUG] agent: Using random ID as node ID: id=53ff37db-0958-a04b-9189-2389132685c3
2020-07-17T08:55:45.784-0700 [ERROR] agent: [SECURITY] issue: error="using enable-script-checks without ACLs and without allow_write_http_from is DANGEROUS, use enable-local-script-checks instead, see https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations/"
We recommend using -enable-local-script-checks over -enable-script-checks unless the environment is properly secured using ACLs and allow_http_write_from. See
https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations/ for more info.