Using the open-appsec-ctl Tool
The interactive CLI tool open-appsec-ctl
allows you to perform various tasks related to your open-appsec for NGINX/Kong installation.
The tool will be automatically installed with the agent and can be used as follows:
List all available policies:
open-appsec-ctl --list-policies
open-appsec-ctl -lp
Currently only a single configuration file is supported, support for multiple configuration files will be added soon.
By default the following policy file is used when no [policy-file] is explicitly specified in the commands listed below:
/etc/cp/conf/local_policy.yaml
View policy:
open-appsec-ctl --view-policy [policy-file]
open-appsec-ctl -vp [policy-file]
This will show either the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]
Edit policy
open-appsec-ctl --edit-policy [policy-file]
open-appsec-ctl -ep [policy-file]
Edit the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]
Here you can find all details regarding the structure of the Local Policy File:
Configuration Using Local Policy File (Linux)
Apply policy
open-appsec-ctl --apply-policy [policy-file]
open-appsec-ctl -ap [policy-file]
Apply the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]
Show agent status
open-appsec-ctl --status [--extended]
open-appsec-ctl -s [--extended]
Shows the agent status and versions, you can get extended output by also adding the flag
--extended
View logs
open-appsec-ctl --view-logs
open-appsec-ctl -vl
Show the open-appsec logs
Start/Stop the agent
open-appsec-ctl --start-agent
open-appsec-ctl -r
Starts the agent
open-appsec-ctl --stop-agent
open-appsec-ctl -q
Stops the agent
Uninstall the agent
open-appsec-ctl --uninstall
open-appsec-ctl -u
Uninstalls the agent
For debugging purposes only
Start/stop individual agent services
Start the selected service
open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>
open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>
Stop the selected service
open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>
open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>
View and change debug information
open-appsec-ctl -d
Can be used for viewing and changing the debug configuration. This command will present you with all available options when run without any additional parameters.
Last updated