mirror/cyberpamnow
1
0
Fork 0
mirror of https://github.com/RamboRogers/cyberpamnow.git synced 2025-12-16 23:14:38 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
cyberpamnow/ZEROTRUST.md
Matthew Rogers 48e01fc210 0.3.0c
2025-01-08 18:39:04 -05:00

3.5 KiB
Raw Permalink Blame History

CyberPAMZero Trust Network Access

TLDR: No more VPNs, just use Cloudflare Access to access your CyberPAM instance. Hosts no longer need to be in the same network, or have any open ports.

Yes, CyberPAM and the host do NOT need to be in the same network.

ZTDrawing

Setup Requirements

  • Assumes you have a CyberPAM instance running already.
  • Assumes you have a Cloudflare account and a domain. (free tier is fine)

Settings Panel Fully Configured

When you having it it all setup, you should see something like this, notice the green globes. This setup takes less than 15 minutes to complete.

💣 Notice red panel, once you set your domain, if you change it you will need to re-register the agents.

ZT Settings Panel

Cloudflare ZTNA

The ZTNA module here works amazing well, however the setup isn't foolproof. Fill in the values and press save, then enable and the engine will start.

Add Catchall Policy

You need this policy to secure your hosts, and allow access to your CyberPAM instance.

alt text ztadd ztdomain ztserver ztcatch

Get your Service Token

You'll need to strip off the CF-Header and CF-Key from the token, and then paste it into the CyberPAM settings panel.

Get your service token

Setup API Access

Take note of the API key, account id, and email, you'll need to paste them into the CyberPAM settings panel. Your permissions should match these here.

Example API token

You'll know its working when you see the green globe and your domains populate.

If you don't see the green globes or the domains don't populate, you'll need to check your API key, account id, and email.

API Verified

List of domains

Add Hosts

Lets add a host to our CyberPAM instance.

zerotrust add host

system token

Run the CyberPAM agent on the host, and provide this token. Within a few minutes you should see the host will be added to the list and the tunnel will show it's health under "expanded" view.

https://github.com/RamboRogers/cyberpamagent

🐧 Linux & 🍎 macOS

curl -L https://raw.githubusercontent.com/RamboRogers/cyberpamagent/main/install.sh | sh

🪟 Windows PowerShell

Admin Powershell

iwr -useb https://raw.githubusercontent.com/RamboRogers/cyberpamagent/main/install.ps1 | iex

ZT Install

That's it, the agent will install and run as a service. You can uninstall it with cyberpamagent -uninstall.

Lots of Hosts

A example instance with some hosts added.

Home

⚖️ License

CyberPAM is licensed under a restricted license.

(c)Matthew Rogers 2024. All rights reserved. No Warranty. No Support. No Liability. No Refunds.

Free Demo Software

Connect With Me 🤝

GitHub Twitter Website

Matthew Rogers

Reference in New Issue View Git Blame Copy Permalink