Skip to main content
Version: 25.6.0

Security Features Deployment

Please refer to the separate documentation for the Proposed Directory Structure for assistance with the steps below.

The following flags need to be added to <absoulte path to the agent>/conf_*/waratek.properties file.

Deploy Security Features

Security Features can be included in the content of rules.armr file as follows:

com.waratek.rules.local=<path-to-agent-conf-folder>rules.armr

Security patches (and ARMR security rules) can be loaded from a dedicated directory as follows:

com.waratek.rules.dir=<path-to-agent-conf-folder>

Once configured, the Waratek Agent will load every patch/rule placed in the above directory.

  • Valid ARMR Security rules and Patch files must have a .armr file extension in the rules directory (files with other extension or no extension will be ignored)
  • A syntax error in an individual file will result in that particular file being ignored.
  • Other files in the directory will be loaded, provided they are free from syntax errors.
  • Subdirectories of the rules directory will be ignored.

On Java Agent v25.0.0 and later, it is possible to specify a path to a zip file using the com.waratek.rules.local option, where the zip file is a compressed directory containing 1 or more .armr files.

com.waratek.rules.local=<path-to-agent-conf-folder>rules.zip

On the Java Agent v25.0.0 and later, it is possible to specify a path to a directory containing multiple zip files using the com.waratek.rules.dir option, where each of the multiple zip files contains 1 or more .armr files. The directory specified by com.waratek.rules.dir may also contain .armr files as well as .zip files.

Auto-reloading

Ensure rules are auto-reloaded:

com.waratek.rules.autoreload=true

Agent Name

An initial agent name can be set using the following property:

com.waratek.agent.name=<agent name>

When set, this value is used as the agent's display name when it first onboards to the Portal. If not set, the Portal auto-generates a name from the agent's hostname or IP address.

The agent can be renamed at any time in the Portal UI. A name set in the Portal takes priority and persists across agent restarts and reconnections.

Backup Directory

The Waratek Agent creates a backup of ARMR rule files as it changes these backup files will be saved to the backups directory, which is created automatically. Each backup filename ends with a three-digit number (e.g. 001) and allows the user to view/restore old versions of the ARMR rule file. If this directory is not cleared by the user, it will contain a full history of all ARMR rule files ever applied to the agent.

Applications using Jakarta Servlet 5.0 specification

The Waratek Agent v25.1.0 introduces support for the com.waratek.servlet=<javax>/<jakarta> property, which informs the agent whether the protected application is using the javax.servlet or jakarta.servlet namespace. The two valid property values (if the property is set) are javax and jakarta. The default value is javax.

Applications using the jakarta.servlet namespace (e.g. applications running in Tomcat10+, JBoss EAP 8+) will require the following configuration property to be set in the waratek.properties file.

com.waratek.servlet=jakarta