open-appsec
WebsiteManagement PortalPlaygroundGitHub
  • open-appsec Documentation
  • What is open-appsec?
  • open-appsec Video Tutorials
  • Release Notes
  • Getting started
    • Getting Started
    • Start With Kubernetes
      • Install Using Interactive CLI Tool (Ingress NGINX)
      • Configuration Using Interactive CLI Tool
      • Install Using Helm
      • Install Using Helm - new flow (beta)
      • Configuration Using CRDs
      • Configuration Using CRDs - v1beta2
      • Configuration using CRDs - special options for Large Scale Deployments
        • Using appsec class for assigning separate custom resources to specific deployments
        • Using namespace-scoped custom resources
      • Monitor Events
    • Start With Linux
      • Install open-appsec for Linux
      • Using the open-appsec-ctl Tool
      • Configuration Using Local Policy File (Linux)
      • Local Policy File (Advanced)
      • Local Policy File v1beta2 (beta)
      • Monitor Events
    • Start with Docker
      • Install With Docker (Centrally Managed)
      • Install With Docker (Locally Managed)
      • Deploy With Docker-Compose (Beta)
      • Configuration Using Local Policy File (Docker)
      • Local Policy File (Advanced)
    • Using the Web UI (SaaS)
      • Sign-Up and Login to Portal
      • Agents Deployment
      • Connect Deployed Agents to SaaS Management Using Tool (K8s & Linux)
      • Connect Deployed Agents to SaaS Management Using Helm (K8s)
      • Connect Deployed Agents to SaaS Management (Docker)
      • Create a Profile
      • Protect Additional Assets
      • Monitor Events
    • Using the Advanced Machine Learning Model
  • Concepts
    • Agents
    • Management & Automation
    • Security Practices
    • Contextual Machine Learning
  • SETUP INSTRUCTIONS
    • Setup Web Application Settings
    • Setup Custom Rules and Exceptions
    • Setup Web User Response Pages
    • Setup Log Triggers
    • Setup Behavior Upon Failure
    • Setup Agent Upgrade Schedule
  • Additional Security Engines
    • Anti-Bot
    • API Schema Enforcement
    • Data Loss Prevention (DLP) Rules
    • File Security
    • Intrusion Prevention System (IPS)
    • Rate Limit
  • Snort Rules
    • Import Snort Rules
    • Write Snort Signatures
  • HOW TO
    • Configuration and Learning
      • Track Learning and Move From Learn/Detect to Prevent
      • Configure Contextual Machine Learning for Best Accuracy
      • Track Learning and Local Tuning in Standalone Deployments
      • Move From Detect to Prevent in K8s With Many Ingress Rules
  • Deployment and Upgrade
    • Load the Attachment in Proxy Configuration
    • Upgrade Your Reverse Proxy/API Gateway When an Agent is Installed
    • Integration in GitOps CD (K8s)
    • Build open-appsec Based on Source Code
  • Management Web UI
    • Track Agent Status
    • Delete or Reset Management Tenant (SaaS)
    • Disconnect an open-appsec agent from Central Management
  • Integrations
    • About Integrations With 3rd Party Solutions
    • CrowdSec
      • CrowdSec Bouncer Support
      • CrowdSec Intelligence Sharing Using open-appsec Parser/Scenario
    • NGINX Proxy Manager
      • Install NGINX Proxy Manager with open-appsec managed from NPM WebUI
      • Install NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)
      • Frequently Asked Questions
      • How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep Configuration
    • NPMplus
    • Docker SWAG
      • Install Docker SWAG with open-appsec (locally managed)
      • How to connect locally managed Docker SWAG with open-appsec to WebUI
      • Install Docker SWAG with open-appsec (centrally managed)
      • Deploy Docker SWAG with docker-compose (beta)
      • Frequently Asked Questions
  • Troubleshooting
    • Troubleshooting
    • Troubleshooting Guides
      • Configuration contains ingress/asset with URL which already has asset attached to it in your tenant
      • HTTP Request to Port 80 Not Returning as Expected
      • Agent Fails to Recognize HTTP Transactions with NGINX
      • Agent Not Recognizing Initial HTTP Requests
      • Handling Large Requests (413 Responses)
      • open-appsec on Docker HTTP Transaction Handler Is Set To Ready
      • Traffic Recognition Issue on Single-Core Machine/Connection Timed Out
      • Installing open-appsec on CentOS 7
      • SELinux: checking status and disabling
      • Deploy open-appsec directly on the web server hosting the application to protect
      • object is locked or remote, and therefore cannot be modified
      • Failed to Register to Fog
  • references
    • Agent CLI
    • Event Query Language
    • Events/Logs Schema
    • WAF Comparison Project
Powered by GitBook
On this page

Was this helpful?

  1. Getting started
  2. Start With Linux

Using the open-appsec-ctl Tool

PreviousInstall open-appsec for LinuxNextConfiguration Using Local Policy File (Linux)

Last updated 7 months ago

Was this helpful?

The interactive CLI tool open-appsec-ctl allows you to perform various tasks related to your open-appsec for NGINX/Kong/APISIX installation. The tool will be automatically installed with the agent and can be used as follows:

List all available policies:

open-appsec-ctl --list-policies

open-appsec-ctl -lp

Currently only a single configuration file is supported, support for multiple configuration files will be added soon.

By default the following policy file is used when no [policy-file] is explicitly specified in the commands listed below: /etc/cp/conf/local_policy.yaml

View policy:

open-appsec-ctl --view-policy [policy-file]

open-appsec-ctl -vp [policy-file]

This will show either the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Edit policy

open-appsec-ctl --edit-policy [policy-file]

open-appsec-ctl -ep [policy-file] Edit the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Here you can find all details regarding the structure of the Local Policy File:

Configuration Using Local Policy File (Linux)

Apply policy

open-appsec-ctl --apply-policy [policy-file]

open-appsec-ctl -ap [policy-file]

Apply the policy file at the default location which is automatically created during installation or the specified policy file [policy-file]

Show agent status

open-appsec-ctl --status [--extended]

open-appsec-ctl -s [--extended]

Shows the agent status and versions, you can get extended output by also adding the flag --extended

View logs

open-appsec-ctl --view-logs

open-appsec-ctl -vl

Show the open-appsec logs

Start/Stop the agent

open-appsec-ctl --start-agent

open-appsec-ctl -r

Starts the agent

open-appsec-ctl --stop-agent

open-appsec-ctl -q

Stops the agent

Uninstall the agent

open-appsec-ctl --uninstall

open-appsec-ctl -u

Uninstalls the agent

For debugging purposes only

Start/stop individual agent services

Start the selected service

open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>

open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>

Stop the selected service

open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>

open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>

View and change debug information

open-appsec-ctl -d

Can be used for viewing and changing the debug configuration. This command will present you with all available options when run without any additional parameters.