Links
Comment on page

Using the open-appsec-ctl Tool

The interactive CLI tool open-appsec-ctl allows you to perform various tasks related to your open-appsec for NGINX/Kong installation. The tool will be automatically installed with the agent and can be used as follows:

List all available policies:

open-appsec-ctl --list-policies
open-appsec-ctl -lp
Currently only a single configuration file is supported, support for multiple configuration files will be added soon.
By default the following policy file is used when no [policy-file] is explicitly specified in the commands listed below: /etc/cp/conf/local_policy.yaml

View policy:

open-appsec-ctl --view-policy [policy-file]
open-appsec-ctl -vp [policy-file]
This will show either the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Edit policy

open-appsec-ctl --edit-policy [policy-file]
open-appsec-ctl -ep [policy-file] Edit the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]
Here you can find all details regarding the structure of the Local Policy File:

Apply policy

open-appsec-ctl --apply-policy [policy-file]
open-appsec-ctl -ap [policy-file]
Apply the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Show agent status

open-appsec-ctl --status [--extended]
open-appsec-ctl -s [--extended]
Shows the agent status and versions, you can get extended output by also adding the flag --extended

View logs

open-appsec-ctl --view-logs
open-appsec-ctl -vl
Show the open-appsec logs

Start/Stop the agent

open-appsec-ctl --start-agent
open-appsec-ctl -r
Starts the agent
open-appsec-ctl --stop-agent
open-appsec-ctl -q
Stops the agent

Uninstall the agent

open-appsec-ctl --uninstall
open-appsec-ctl -u
Uninstalls the agent

For debugging purposes only

Start/stop individual agent services

Start the selected service
open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>
open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>
Stop the selected service
open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>
open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>

View and change debug information

open-appsec-ctl -d
Can be used for viewing and changing the debug configuration. This command will present you with all available options when run without any additional parameters.