Using the open-appsec-ctl Tool

The interactive CLI tool open-appsec-ctl allows you to perform various tasks related to your open-appsec for NGINX/Kong installation. The tool will be automatically installed with the agent and can be used as follows:

List all available policies:

open-appsec-ctl --list-policies

open-appsec-ctl -lp

Currently only a single configuration file is supported, support for multiple configuration files will be added soon.

By default the following policy file is used when no [policy-file] is explicitly specified in the commands listed below: /etc/cp/conf/local_policy.yaml

View policy:

open-appsec-ctl --view-policy [policy-file]

open-appsec-ctl -vp [policy-file]

This will show either the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Edit policy

open-appsec-ctl --edit-policy [policy-file]

open-appsec-ctl -ep [policy-file] Edit the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Here you can find all details regarding the structure of the Local Policy File:

Configuration Using Local Policy File (Linux)

Apply policy

open-appsec-ctl --apply-policy [policy-file]

open-appsec-ctl -ap [policy-file]

Apply the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Show agent status

open-appsec-ctl --status [--extended]

open-appsec-ctl -s [--extended]

Shows the agent status and versions, you can get extended output by also adding the flag --extended

View logs

open-appsec-ctl --view-logs

open-appsec-ctl -vl

Show the open-appsec logs

Start/Stop the agent

open-appsec-ctl --start-agent

open-appsec-ctl -r

Starts the agent

open-appsec-ctl --stop-agent

open-appsec-ctl -q

Stops the agent

Uninstall the agent

open-appsec-ctl --uninstall

open-appsec-ctl -u

Uninstalls the agent

For debugging purposes only

Start/stop individual agent services

Start the selected service

open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>

open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>

Stop the selected service

open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>

open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>

View and change debug information

open-appsec-ctl -d

Can be used for viewing and changing the debug configuration. This command will present you with all available options when run without any additional parameters.

Last updated