### Download and prepare the installer Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Downloads the installation script and grants it execution permissions. ```bash wget https://downloads.openappsec.io/open-appsec-install && chmod +x open-appsec-install ``` -------------------------------- ### Display installer help information Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Shows available command-line options and version details for the installer. ```bash ./open-appsec-install -h ``` -------------------------------- ### Start Deployment Source: https://docs.openappsec.io/integrations/docker-swag/deprecated-deployment-options/install-docker-swag-with-open-appsec-locally-managed Starts the containers in detached mode. ```bash docker-compose up -d ``` -------------------------------- ### Download Example Local Policy Source: https://docs.openappsec.io/getting-started/start-with-linux/local-policy-file-v1beta2-beta Download a comprehensive example of the v1beta2 local policy configuration file from the official GitHub repository. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/linux/v1beta2/example/local_policy.yaml ``` -------------------------------- ### Download and run the open-appsec installer Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-interactive-cli-tool-ingress-nginx Use these commands to download the installation script and execute it on a Linux-based Kubernetes cluster. ```bash wget https://downloads.openappsec.io/open-appsec-k8s-install && chmod +x open-appsec-k8s-install ./open-appsec-k8s-install ``` -------------------------------- ### SELinux status output examples Source: https://docs.openappsec.io/troubleshooting/troubleshooting-guides/selinux-checking-status-and-disabling Example outputs indicating whether SELinux is enabled or disabled. ```lua SELinux status: enabled ``` ```lua SELinux status: disabled ``` -------------------------------- ### Start Agent Source: https://docs.openappsec.io/getting-started/start-with-linux/using-the-open-appsec-ctl-tool Starts the open-appsec agent. The short form is -r. ```bash open-appsec-ctl --start-agent ``` ```bash open-appsec-ctl -r ``` -------------------------------- ### Run the open-appsec Configuration Tool Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-interactive-cli-tool Execute the open-appsec-config tool to start the interactive configuration process. This will guide you through generating policy files. ```bash ./open-appsec-config ``` -------------------------------- ### Install open-appsec with APISIX API Gateway Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm-new-flow-beta Execute this command to install the open-appsec Helm chart for Apache APISIX. Customize `` and note that `appsec.agentToken` can be left empty for standalone setups. ```bash helm install open-appsec-apisix openappsec/open-appsec-apisix \ --set rbac.create=true \ --set service.type=LoadBalancer \ --set appsec.persistence.enabled=false \ --set ingress-controller.enabled=true \ --set ingress-controller.config.ingressClass=appsec-apisix \ --set appsec.userEmail="" \ --set appsec.agentToken= \ --namespace appsec-apisix --create-namespace ``` -------------------------------- ### Download Full Example CRD Configuration (v1beta2) Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 Download a single file containing all custom resource examples for v1beta2. This is useful for setting up a comprehensive configuration. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/k8s/v1beta2/open-appsec-k8s-full-example-config-v1beta2.yaml ``` -------------------------------- ### Install Missing Libraries Source: https://docs.openappsec.io/troubleshooting/troubleshooting-guides/installing-open-appsec-on-centos-7 Execute these commands to install required libraries like libicu, epel-release, nghttp2, and libpsl if the installation process reports missing dependencies. ```bash yum install libicu ``` ```arduino yum install epel-release ``` ```bash yum install nghttp2 ``` ```bash yum install libpsl ``` -------------------------------- ### Open-AppSec Installer Download Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Execute this command to download all necessary Open-AppSec components for manual installation. You can specify a temporary directory using `--tmpdir`. ```bash ./open-appsec-install --download ``` -------------------------------- ### Install open-appsec agent components Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Execute these scripts to install the agent, HTTP transaction handler, and attachment registration manager. ```bash /tmp/open-appsec/openappsec/install-cp-nano-agent.sh --install --hybrid_mode /tmp/open-appsec/openappsec/install-cp-nano-service-http-transaction-handler.sh --install /tmp/open-appsec/openappsec/install-cp-nano-attachment-registration-manager.sh --install ``` -------------------------------- ### Install open-appsec with Kong API Gateway Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm Installs the open-appsec Helm chart with Kong API Gateway. Persistent storage can be enabled by setting 'appsec.persistence.enabled=true'. ```bash helm install open-appsec-k8s-kong-latest.tgz \ --name-template=open-appsec \ --set appsec.mode=standalone \ --set ingressController.ingressClass=appsec-kong \ --set appsec.persistence.enabled=false \ --set appsec.userEmail="" \ --set appsec.agentToken= -n appsec --create-namespace ``` -------------------------------- ### Install open-appsec with APISIX API Gateway Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm Installs the open-appsec Helm chart with Apache APISIX API Gateway. Configure persistence by setting 'appsec.persistence.enabled=true'. ```bash helm install open-appsec-k8s-apisix-latest.tgz \ --name-template=appsec-apisix \ --set appsec.mode=standalone \ --set rbac.create=true \ --set service.type=LoadBalancer \ --set appsec.persistence.enabled=false \ --set ingress-controller.enabled=true \ --set ingress-controller.config.kubernetes.ingressClass=appsec-apisix \ --set appsec.userEmail="" \ --set appsec.agentToken= --create-namespace -n appsec-apisix ``` -------------------------------- ### Deploy and Verify Containers Source: https://docs.openappsec.io/integrations/docker-swag/deploy-docker-swag-with-open-appsec Commands to start the Docker services and verify that all containers are running correctly. ```bash docker-compose up -d ``` ```bash docker ps ``` -------------------------------- ### PolicyActivation Example Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 A sample YAML configuration for enabling a security policy on a specific host. ```yaml apiVersion: openappsec.io/v1beta2 kind: PolicyActivation metadata: name: policy-activation-example spec: enabledPolicies: - name: policy-example hosts: - "example.com" ``` -------------------------------- ### Install Open-appsec with APISIX Gateway Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm Install open-appsec with the APISIX gateway, specifying the namespace and associating an email address for support and communication. ```bash -n --create-namespace --set appsec.userEmail= ``` -------------------------------- ### Install open-appsec with Kong Gateway Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm-new-flow-beta This command installs the open-appsec Helm chart for Kong API Gateway. Replace `` with your email. The `appsec.agentToken` can be omitted if not using a central WebUI deployment profile. ```bash helm install open-appsec-kong openappsec/open-appsec-kong \ --set ingressController.ingressClass=appsec-kong \ --set appsec.persistence.enabled=false \ --set appsec.userEmail="" \ --set appsec.agentToken= \ --namespace appsec --create-namespace ``` -------------------------------- ### Download SWAG proxy configuration files Source: https://docs.openappsec.io/integrations/docker-swag/deploy-docker-swag-with-open-appsec Use these commands to download example configuration files for proxying traffic to the juiceshop-backend container. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/juiceshop.subfolder.conf -O ./swag-proxy-confs/juiceshop.subfolder.conf ``` ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/examples/juiceshop/swag/default.conf -O ./swag-nginx-site-confs/default.conf ``` -------------------------------- ### Compile and Install Kong Lua Plugin Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Compiles and installs the open-appsec WAF Kong Lua plugin using luarocks. Ensure dependencies are met before running. ```bash luarocks install https://raw.githubusercontent.com/openappsec/attachment/main/attachments/kong/plugins/open-appsec-waf-kong-plugin/open-appsec-waf-kong-plugin-1.0.0-1.rockspec ``` -------------------------------- ### Install open-appsec with Ingress NGINX Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm-new-flow-beta Use this command to install the open-appsec Helm chart for Ingress NGINX. Ensure you replace `` with your actual email. The `appsec.agentToken` can be left empty for standalone deployments. ```bash helm install open-appsec-nginx openappsec/open-appsec-nginx-ingress \ --set controller.ingressClass=appsec-nginx \ --set controller.ingressClassResource.name=appsec-nginx \ --set controller.ingressClassResource.controllerValue="k8s.io/appsec-nginx" \ --set appsec.persistence.enabled=false \ --set controller.service.externalTrafficPolicy=Local \ --set appsec.userEmail="" \ --set appsec.agentToken= \ --namespace appsec --create-namespace ``` -------------------------------- ### Run open-appsec agent container Source: https://docs.openappsec.io/getting-started/start-with-docker/deprecated-deployment-options/install-with-docker-locally-managed Start the agent container with required volume mounts and environment variables for NGINX integration. ```bash docker run --name=open-appsec-agent \ --ipc=host \ -v :/etc/cp/conf \ -v :/etc/cp/data \ -v :/var/log/nano_agent \ -v :/ext/appsec \ -e registered_server='NGINX' \ -e user_email= \ -e https_proxy= \ -e autoPolicyLoad=false \ -it -d ghcr.io/openappsec/agent:latest /cp-nano-agent ``` -------------------------------- ### Install Open-AppSec for Kong Gateway Source: https://docs.openappsec.io/deployment-and-upgrade/integration-in-gitops-cd-k8s This Helm command installs Open-AppSec for Kong Gateway in standalone mode. Adjust the userEmail parameter as needed and ensure compatibility with your GitOps CD tool. ```bash helm install open-appsec-k8s-kong-latest.tgz \ --name-template=open-appsec \ --set appsec.mode=standalone \ --set ingressController.ingressClass=appsec-kong \ --set appsec.persistence.enabled=false \ --set appsec.userEmail="" \ -n appsec --create-namespace ``` -------------------------------- ### View Local open-appsec Logs Source: https://docs.openappsec.io/getting-started/start-with-linux/monitor-events Run this command after installation to view logs generated by open-appsec. Logs are typically stored in `/var/log/nano-agent/CP-nano-http-transaction-handler.log`. ```bash open-appsec-ctl --view-logs ``` -------------------------------- ### Run open-appsec NGINX container Source: https://docs.openappsec.io/getting-started/start-with-docker/deprecated-deployment-options/install-with-docker-locally-managed Start the NGINX container with the required IPC host parameter. ```bash docker run \ --name open-appsec-nginx \ --ipc=host \ -p 80:80 \ ``` -------------------------------- ### Download APISIX local_policy.yaml Source: https://docs.openappsec.io/getting-started/start-with-docker/deprecated-deployment-options/install-with-docker-locally-managed Download the example local_policy.yaml file for APISIX agent configuration. This file defines the declarative configuration for the agent. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/examples/local_policy.yaml -O appsec-localconfig/local_policy.yaml ``` -------------------------------- ### Example output of open-appsec agent status Source: https://docs.openappsec.io/integrations/nginx-proxy-manager/frequently-asked-questions Sample output showing the status of various Nano Services and policy load information. ```text ---- open-appsec Nano Agent ---- Version: 1.1.3-open-source Status: Running Management mode: Local management Policy files: /etc/cp/conf/local_policy.yaml Policy load status: Success Last policy update: 2023-12-04T11:33:46.083483 AI model version: Simple model V1.0 ---- open-appsec Orchestration Nano Service ---- Type: Public, Version: 1.1.3-open-source, Created at: 2023-10-05T17:46:48+0000 Status: Running ---- open-appsec Attachment Registrator Nano Service ---- Type: Public, Version: 1.1.3-open-source, Created at: 2023-10-05T17:46:48+0000 Status: Running ---- open-appsec Http Transaction Handler Nano Service ---- Type: Public, Version: 1.1.3-open-source, Created at: 2023-10-05T17:46:48+0000 Registered Instances: 2 Status: Running ``` -------------------------------- ### Run Unified Agent Container Source: https://docs.openappsec.io/getting-started/start-with-docker/deprecated-deployment-options/install-with-docker-locally-managed Command to start the open-appsec agent container with required volume mounts and environment configurations. ```bash docker run -d \ --name open-appsec-agent-unified \ --restart unless-stopped \ -p 80:80 \ -p 443:443 \ -v :/etc/cp/conf \ -v :/etc/cp/data \ -v :/var/log/nano_agent \ -v :/ext/appsec \ -e user_email= \ -e https_proxy= \ ghcr.io/openappsec/agent-unified:latest /cp-nano-agent ``` -------------------------------- ### Initialize Declarative Configuration Source: https://docs.openappsec.io/integrations/docker-swag/deprecated-deployment-options/install-docker-swag-with-open-appsec-locally-managed Creates the local directory and downloads the initial policy configuration file. ```bash mkdir ./appsec-localconfig wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/linux/v1beta1/prevent/local_policy.yaml -O ./appsec-localconfig/local_policy.yaml ``` -------------------------------- ### Download and Prepare the Tuning Tool Source: https://docs.openappsec.io/how-to/configuration-and-learning/track-learning-and-local-tuning-in-standalone-deployments Downloads the open-appsec-tuning-tool and grants it execution permissions. ```bash wget https://downloads.openappsec.io/tools/open-appsec-tuning-tool && chmod +x ./open-appsec-tuning-tool ``` -------------------------------- ### Auto Install Open-AppSec with Kong Lua Plugin Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Installs the open-appsec agent automatically, including the `--kong-plugin` flag to skip traditional attachment installation. This is for Kong deployments using the Lua-based plugin. ```bash ./open-appsec-install --auto --kong-plugin ``` -------------------------------- ### Run open-appsec-tuning-tool Source: https://docs.openappsec.io/how-to/configuration-and-learning/track-learning-and-local-tuning-in-standalone-deployments Execute the tool to display the main menu and available options. ```bash ./open-appsec-tuning-tool ``` -------------------------------- ### Download Environment Configuration Source: https://docs.openappsec.io/integrations/nginx-proxy-manager/deploy-nginx-proxy-manager-with-open-appsec-managed-from-npm-webui Fetch the .env file template to configure deployment settings and tokens. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/deployment/docker-compose/nginx-proxy-manager/.env ``` -------------------------------- ### Start Individual Agent Service Source: https://docs.openappsec.io/getting-started/start-with-linux/using-the-open-appsec-ctl-tool Starts a specific agent service for debugging purposes. The short form is -rs. ```bash open-appsec-ctl --start-service ``` ```bash open-appsec-ctl -rs ``` -------------------------------- ### Get OpenAppSec Policies Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds Use `kubectl get policy.openappsec.io` to list available OpenAppSec policies in your Kubernetes cluster. ```bash $ kubectl get policy.openappsec.io NAME AGE open-appsec-best-practice-policy 90m ``` -------------------------------- ### Initialize deployment directory Source: https://docs.openappsec.io/getting-started/start-with-docker/deploy-with-docker-compose Create and enter a new directory for the open-appsec deployment. ```bash mkdir open-appsec-deployment cd ./open-appsec-deployment ``` -------------------------------- ### Policy Resource Example Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 Defines a security policy with default settings and a specific rule for 'example.com'. Use this to set up broad security measures and host-specific overrides. ```yaml apiVersion: openappsec.io/v1beta2 kind: Policy metadata: name: policy-example spec: default: mode: detect-learn accessControlPractices: [access-control-practice-example] threatPreventionPractices: [threat-prevention-practice-example] triggers: [log-trigger-example] customResponse: custom-response-code-example sourceIdentifiers: "" trustedSources: "" exceptions: - exception-example specificRules: - host: "example.com" mode: prevent-learn threatPreventionPractices: [threat-prevention-practice-example] accessControlPractices: [access-control-practice-example] triggers: [log-trigger-example] customResponse: custom-response-code-example sourceIdentifiers: "" trustedSources: "" exceptions: - exception-example ``` -------------------------------- ### Download Environment Configuration Source: https://docs.openappsec.io/integrations/nginx-proxy-manager/deploy-nginx-proxy-manager-with-open-appsec-managed-from-central-webui-saas Fetch the .env file template to configure the open-appsec agent token and user email. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/deployment/docker-compose/nginx-proxy-manager-centrally-managed/.env ``` -------------------------------- ### Auto Install Open-AppSec for NGINX/APISIX/Kong Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Use this command for automatic installation of the open-appsec attachment and agent on NGINX, APISIX, or traditional Kong plugin. ```bash ./open-appsec-install --auto ``` -------------------------------- ### Download default configuration resources Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/integrate-with-envoy-gateway Fetch the default configuration YAML files for v1beta2. Choose between detect-learn or prevent-mode configurations based on your deployment needs. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml ``` ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml ``` -------------------------------- ### Install open-appsec with Ingress NGINX Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm Installs the open-appsec Helm chart with Ingress NGINX. Ensure you have persistent storage enabled if needed by setting 'appsec.persistence.enabled=true'. ```bash helm install open-appsec-k8s-nginx-ingress-latest.tgz \ --name-template=open-appsec \ --set appsec.mode=standalone \ --set controller.ingressClass=appsec-nginx \ --set controller.ingressClassResource.name=appsec-nginx \ --set controller.ingressClassResource.controllerValue="k8s.io/appsec-nginx" \ --set appsec.persistence.enabled=false \ --set controller.service.externalTrafficPolicy=Local \ --set appsec.userEmail="" \ --set appsec.agentToken= -n appsec --create-namespace ``` -------------------------------- ### Configure Container Entry Point Source: https://docs.openappsec.io/deployment-and-upgrade/deploying-open-appsec-waf-on-aws-ecs Set the container entry point to the agent binary. ```bash /cp-nano-agent ``` -------------------------------- ### Ingress Resource Example with OpenAppSec Policy Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds This example demonstrates a Kubernetes Ingress resource with the `openappsec.io/policy` annotation set to `open-appsec-best-practice-policy-detect`. You can switch to `-prevent` for blocking. ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: openappsec.io/policy: open-appsec-best-practice-policy-detect # openappsec.io/policy: open-appsec-best-practice-policy-prevent name: ingress-wildcard-host spec: rules: - host: "foo.bar.com" http: paths: - pathType: Prefix path: "/bar" backend: service: name: service1 port: number: 80 - host: "*.foo.com" http: paths: - pathType: Prefix path: "/foo" backend: service: name: service2 port: number: 80 ``` -------------------------------- ### Download open-appsec-config CLI Tool Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-interactive-cli-tool Download the open-appsec configuration tool using wget. Ensure you have the necessary permissions to download files. ```bash wget https://downloads.openappsec.io/open-appsec-cli/linux/open-appsec-config ``` -------------------------------- ### Install Dependencies for Kong Lua Plugin Source: https://docs.openappsec.io/getting-started/start-with-linux/install-open-appsec-for-linux Installs necessary dependencies for compiling the Kong Lua plugin on Ubuntu. Adjust package names for other operating systems. ```bash sudo apt-get install libbrotli-dev build-essential git curl zlib1g-dev ca-certificates ``` -------------------------------- ### Local Policy v1beta2 Example Source: https://docs.openappsec.io/getting-started/start-with-linux/local-policy-file-v1beta2-beta This YAML snippet demonstrates the structure of a v1beta2 local policy file, including default settings and specific rules for host-based overrides. ```yaml policies: default: mode: detect-learn accessControlPractices: [access-control-practice-example] threatPreventionPractices: [threat-prevention-practice-example] triggers: [log-trigger-example] customResponse: web-user-response-example sourceIdentifiers: "" trustedSources: "" exceptions: - exception-example specificRules: - host: "example.com" mode: prevent-learn threatPreventionPractices: [threat-prevention-practice-example] accessControlPractices: [access-control-practice-example] triggers: [log-trigger-example] customResponse: web-user-response-example sourceIdentifiers: "" trustedSources: "" exceptions: - exception-example ``` -------------------------------- ### Install Open-AppSec for NGINX Ingress Controller Source: https://docs.openappsec.io/deployment-and-upgrade/integration-in-gitops-cd-k8s Use this Helm command to install Open-AppSec for NGINX Ingress Controller in standalone mode. Ensure your GitOps CD tool supports this helm command format. ```bash helm install open-appsec-k8s-nginx-ingress-latest.tgz \ --name-template=open-appsec \ --set appsec.mode=standalone \ --set controller.ingressClass=appsec-nginx \ --set controller.ingressClassResource.name=appsec-nginx \ --set controller.ingressClassResource.controllerValue="k8s.io/appsec-nginx" \ --set appsec.persistence.enabled=false \ --set controller.service.externalTrafficPolicy=Local \ -n appsec --create-namespace ``` -------------------------------- ### Set appsec.className during Helm install Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-special-options-for-large-scale-deployments/using-appsec-class-for-assigning-separate-custom-resources-to-specific-deployments Use the `--set` flag with `appsec.className` when installing open-appsec via Helm to associate a specific class name with the deployment. This ensures the agent only considers custom resources matching this class name. ```bash helm install ... --set appsec.className=myCustomClass1 ... ``` -------------------------------- ### Get Custom Response Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 Retrieves a specific CustomResponse resource by its name. ```APIDOC ## GET /apis/openappsec.io/v1beta2/customresponses/{name} ### Description Retrieves a specific CustomResponse resource. ### Method GET ### Endpoint /apis/openappsec.io/v1beta2/customresponses/{name} ### Parameters #### Path Parameters - **name** (string) - Required - The name of the CustomResponse to retrieve. ### Response #### Success Response (200 OK) - **spec** (object) - The specification of the CustomResponse resource. - **mode** (string) - Defines the response mode for blocked requests. - **appsecClassName** (string) - Optional - Specifies the name of the AppSec class. - **messageTitle** (string) - Optional - Title for the block page. - **messageBody** (string) - Optional - Body message for the block page. - **httpResponseCode** (integer) - HTTP response code returned when blocking. - **redirectUrl** (string) - Optional - URL for redirection. - **redirectAddXEventId** (boolean) - Optional - Adds X-Event-ID header to redirected requests. #### Response Example ```json { "apiVersion": "openappsec.io/v1beta2", "kind": "CustomResponse", "metadata": { "name": "custom-response-example", "creationTimestamp": "2023-10-27T10:00:00Z" }, "spec": { "mode": "response-code-only", "httpResponseCode": 403 } } ``` ``` -------------------------------- ### Download Default Config for v1beta2 (Detect-Learn) Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm-new-flow-beta Use this command to download the default configuration YAML for OpenAppsec custom resources, version v1beta2 (beta), set to detect-learn mode. This is recommended for new deployments to allow the ML engine to learn. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml ``` -------------------------------- ### Download Default Config for v1beta1 (Detect-Learn) Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/install-using-helm-new-flow-beta Use this command to download the default configuration YAML for OpenAppsec custom resources, version v1beta1, set to detect-learn mode. This is recommended for new deployments to allow the ML engine to learn. ```bash wget https://raw.githubusercontent.com/openappsec/openappsec/main/config/k8s/v1beta1/open-appsec-k8s-default-config-v1beta1.yaml ``` -------------------------------- ### Manage Agent Service Source: https://docs.openappsec.io/getting-started/using-the-advanced-machine-learning-model Commands to stop and start the open-appsec agent service. ```bash open-appsec-ctl --stop-agent ``` ```bash open-appsec-ctl --start-agent ``` -------------------------------- ### Download mgmt-connect-linux Tool Source: https://docs.openappsec.io/getting-started/using-the-web-ui-saas/connect-deployed-agents-to-saas-management-docker Run this command inside your existing, running agent container to download and prepare the `mgmt-connect-linux` tool. Adjust `open-appsec-agent` if your container name differs. ```bash docker exec -it open-appsec-agent bash -c "wget https://downloads.openappsec.io/scripts/mgmt-connect-linux && chmod +x mgmt-connect-linux" ``` -------------------------------- ### Define a TrustedSource resource Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 Example configuration for a TrustedSource resource specifying a minimum number of sources. ```haml kind: TrustedSource metadata: name: "trusted-sources-example" spec: minNumOfSources: 3 sourcesIdentifiers: - 1.0.0.27 - 1.0.0.28 - 1.0.0.29 ``` -------------------------------- ### Define a SourcesIdentifier resource Source: https://docs.openappsec.io/getting-started/start-with-kubernetes/configuration-using-crds-v1beta2 Example configuration for a SourcesIdentifier resource using sourceip as the identifier type. ```yaml kind: SourcesIdentifier mapiVersion: openappsec.io/v1beta2 kind: SourcesIdentifier metadata: name: sources-identifier-example spec: sourcesIdentifiers: - identifier: sourceip value: - "0.0.0.0" ``` -------------------------------- ### List All Available Policies Source: https://docs.openappsec.io/getting-started/start-with-linux/using-the-open-appsec-ctl-tool Use this command to list all available policies. The short form is -lp. ```bash open-appsec-ctl --list-policies ``` ```bash open-appsec-ctl -lp ```