### Install Frontend Dependencies and Start Dev Server Source: https://docs.tacticalrmm.com/contributing_using_a_remote_server Install frontend dependencies and start the Quasar development server. ```bash npm install npm install -g @quasar/cli quasar dev ``` -------------------------------- ### Actual Installation Output Example Source: https://docs.tacticalrmm.com/securing_nginx This output confirms the successful download and placement of configuration files during the actual installation of the Nginx blocker script. ```text Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt Creating directory: /etc/nginx/bots.d REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf...OK Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf...OK REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf...OK Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf...OK Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf...OK Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf...OK Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf...OK Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf...OK Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf...OK Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf...OK REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker...OK Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker...OK ``` -------------------------------- ### Download and Run Install Script Source: https://docs.tacticalrmm.com/install_server Download the Tactical RMM installation script, make it executable, and then run it to begin the setup process. ```bash wget https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh chmod +x install.sh ./install.sh ``` -------------------------------- ### Create CRS Setup Configuration Source: https://docs.tacticalrmm.com/securing_nginx Copy the example CRS setup configuration file to create a new configuration file. This file will be edited to customize CRS settings. ```bash cp /etc/nginx/modsec/coreruleset/crs-setup.conf.example /etc/nginx/modsec/coreruleset/crs-setup.conf ``` -------------------------------- ### Switch to Tactical User Source: https://docs.tacticalrmm.com/install_server Before running the installation script, switch to the 'tactical' user. This is a prerequisite for executing the setup. ```bash su - tactical ``` -------------------------------- ### Redis Installation Process Output Source: https://docs.tacticalrmm.com/unsupported_platforms This output shows the process of installing the redis-server package using apt-get. It details package list updates, dependency checks, and the installation of new packages, including the redis-server itself. ```text Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: redis-server 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/98.2 kB of archives. After this operation, 196 kB of additional disk space will be used. Selecting previously unselected package redis-server. (Reading database ... 36187 files and directories currently installed.) Preparing to unpack .../redis-server_5%3a6.0.16-1+deb11u2_amd64.deb ... Unpacking redis-server (5:6.0.16-1+deb11u2) ... Setting up redis-server (5:6.0.16-1+deb11u2) ... Created symlink /etc/systemd/system/redis.service → /lib/systemd/system/redis-server.service. Created symlink /etc/systemd/system/multi-user.target.wants/redis-server.service → /lib/systemd/system/redis-server.service. Job for redis-server.service failed because the control process exited with error code. See "systemctl status redis-server.service" and "journalctl -xe" for details. Processing triggers for man-db (2.9.4-2) ... ``` -------------------------------- ### Install Prerequisites and Update OS Source: https://docs.tacticalrmm.com/install_server Installs necessary packages like wget, curl, and sudo, and applies the latest system updates. Ensure to reboot if a new kernel is installed. ```bash apt update apt install -y wget curl sudo ufw apt -y upgrade ``` -------------------------------- ### Execute Install Script with Download Parameter Source: https://docs.tacticalrmm.com/securing_nginx Run the 'install-ngxblocker' script with the '-x' parameter to download all necessary configuration files from the repository. This performs the actual installation. ```bash cd /usr/local/sbin/ sudo ./install-ngxblocker -x ``` -------------------------------- ### Install Development and Test Requirements Source: https://docs.tacticalrmm.com/contributing_using_a_remote_server Install all necessary Python packages for development and testing. ```bash pip install -r requirements-dev.txt -r requirements-test.txt ``` -------------------------------- ### URL Pattern Example with Variables Source: https://docs.tacticalrmm.com/functions/url_actions This example demonstrates how to construct a URL pattern using variables from the Global Keystore and Agent custom fields. Ensure variable names are case-sensitive. ```text https://remote.example.com/connect?API_KEY={{global.API_KEY}}&agent_id={{agent.Remote ID}} ``` -------------------------------- ### Run Install Script with Own Certificate Source: https://docs.tacticalrmm.com/install_server If you have your own SSL certificate and private key, use this flag to instruct the install script to use them. Ensure the certificate includes the full chain and is trusted. ```bash ./install.sh --use-own-cert ``` -------------------------------- ### Install Agent with Debug Logging Source: https://docs.tacticalrmm.com/install_agent Use the --log debug argument for verbose logging during agent installation, which is helpful for troubleshooting. ```bash --log debug ``` -------------------------------- ### Install Tactical RMM via ScreenConnect Source: https://docs.tacticalrmm.com/3rdparty_screenconnect This PowerShell script installs Tactical RMM silently. It downloads the installer, runs it, waits for completion, and then cleans up the installer file. Ensure `` is replaced with your actual Deployment Download Link. ```powershell #!ps #maxlength=500000 #timeout=600000 Invoke-WebRequest "" -OutFile ( New-Item -Path "c:\ProgramData\TacticalRMM\temp\trmminstall.exe" -Force ) $proc = Start-Process c:\ProgramData\TacticalRMM\temp\trmminstall.exe -ArgumentList '-silent' -PassThru Wait-Process -InputObject $proc if ($proc.ExitCode -ne 0) { Write-Warning "$_ exited with status code $($proc.ExitCode)" } Remove-Item -Path "c:\ProgramData\TacticalRMM\temp\trmminstall.exe" -Force ``` -------------------------------- ### Community Scripts JSON Entry Example Source: https://docs.tacticalrmm.com/contributing_community_scripts An example of a single script entry in the community_scripts.json file. Includes fields like guid, filename, name, description, arguments, and platform support. ```json { "guid": "bfd61545-839b-45da-8b3d-75ffc4d43272", "filename": "Win_Sophos_EndpointProtection_Install.ps1", "submittedBy": "https://github.com/bc24fl/", "name": "Sophos Endpoint Protection Install", "description": "Installs Sophos Endpoint Protection via the Sophos API. Products include Antivirus, InterceptX, MDR, Device Encryption. The script requires API credentials, Custom Fields, and Arguments passed to script. See script comments for details", "args": [ "-ClientId {{client.SophosClientId}}", "-ClientSecret {{client.SophosClientSecret}}", "-TenantName {{client.SophosTenantName}}", "-Products antivirus,intercept" ], "default_timeout": "3600", "supported_platforms": ["windows"], "shell": "powershell", "category": "TRMM (Win):3rd Party Software" } ``` -------------------------------- ### Example cURL Request to Clients Endpoint Source: https://docs.tacticalrmm.com/functions/api A cURL command demonstrating how to make a GET request to the clients endpoint, including the necessary API key in the headers. ```bash curl https://api.example.com/clients/ -H "X-API-KEY: Y57BXCFAA9WBCXH0XTEL6R5KAK69CNCZ" ``` -------------------------------- ### Start Django Development Server Source: https://docs.tacticalrmm.com/contributing_using_a_remote_server Start the Django development server on port 8000. ```bash python manage.py runserver 0:8000 ``` -------------------------------- ### Good Script Filename Examples Source: https://docs.tacticalrmm.com/contributing_community_scripts Examples of well-formatted script filenames adhering to the naming conventions. ```text Win_Azure_Mars_Cloud_Backup_Status.ps1 Win_AzureAD_Check_Connection_Status.ps1 Win_Network_DHCP_Set.bat Win_Network_DNS_Set_to_1.1.1.2.ps1 ``` -------------------------------- ### Install Agent with HTTP Proxy Source: https://docs.tacticalrmm.com/install_agent Specify an HTTP proxy server and port using the --proxy argument when installing the agent. ```bash --proxy "http://proxyserver:port" ``` -------------------------------- ### Install Redis Server Package Source: https://docs.tacticalrmm.com/unsupported_platforms This command installs the redis-server package. It's used after removing a potentially problematic version to ensure a clean installation. ```bash apt-get install redis-server ``` -------------------------------- ### Download and Make Executable Install Script Source: https://docs.tacticalrmm.com/securing_nginx Download the 'install-ngxblocker' script and make it executable. This is the first step in setting up the blocker. ```bash sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker sudo chmod +x /usr/local/sbin/install-ngxblocker ``` -------------------------------- ### Install Amidaware Root CA using PowerShell Source: https://docs.tacticalrmm.com/code_signing Run this PowerShell command as an administrator to download and install the Amidaware Code Signing Root CA. This is optional and helps ensure a smoother installation process for dynamic EXE installers. ```powershell Invoke-WebRequest -Uri "https://amidaware.com/amidaware-root.crt" -OutFile "amida-root.crt"; Import-Certificate -FilePath "amida-root.crt" -CertStoreLocation Cert:\LocalMachine\Root ``` -------------------------------- ### Install RustDesk and Configure Server Settings Source: https://docs.tacticalrmm.com/3rdparty_rustdesk This PowerShell script installs RustDesk, sets up its service, and configures the client to connect to a custom rendezvous server. Replace IPADDRESS and KEY with your server's details. It configures settings for both the current user and the LocalService profile. ```powershell $ErrorActionPreference= 'silentlycontinue' If (!(Test-Path c:\Temp)) { New-Item -ItemType Directory -Force -Path c:\Temp > null } cd c:\Temp powershell Invoke-WebRequest "https://github.com/rustdesk/rustdesk/releases/download/1.2.2/rustdesk-1.2.2-x86_64.exe" -Outfile "rustdesk.exe" Start-Process .\rustdesk.exe --silent-install -wait $ServiceName = 'Rustdesk' $arrService = Get-Service -Name $ServiceName -ErrorAction SilentlyContinue if ($arrService -eq $null) { Start-Sleep -seconds 20 } while ($arrService.Status -ne 'Running') { Start-Service $ServiceName Start-Sleep -seconds 5 $arrService.Refresh() } net stop rustdesk $username = ((Get-WMIObject -ClassName Win32_ComputerSystem).Username).Split('\')[1] Remove-Item C:\Users\$username\AppData\Roaming\RustDesk\config\RustDesk2.toml New-Item C:\Users\$username\AppData\Roaming\RustDesk\config\RustDesk2.toml Set-Content C:\Users\$username\AppData\Roaming\RustDesk\config\RustDesk2.toml "rendezvous_server = 'IPADDRESS' `nnat_type = 1`nserial = 0`n`n[options]`ncustom-rendezvous-server = 'IPADDRESS'`nkey = 'KEY='`nrelay-server = 'IPADDRESS'`napi-server = 'https://IPADDRESS'" Remove-Item C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk\config\RustDesk2.toml New-Item C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk\config\RustDesk2.toml Set-Content C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\RustDesk\config\RustDesk2.toml "rendezvous_server = 'IPADDRESS' `nnat_type = 1`nserial = 0`n`n[options]`ncustom-rendezvous-server = 'IPADDRESS'`nkey = 'KEY='`nrelay-server = 'IPADDRESS'`napi-server = 'https://IPADDRESS'" net start rustdesk ``` -------------------------------- ### Update Script for Standard Install Source: https://docs.tacticalrmm.com/ee/reporting/functions/faq Run this script to update your instance and enable reporting. Ensure you have a code signing token configured. ```bash cd ~ wget -N https://raw.githubusercontent.com/amidaware/tacticalrmm/master/update.sh chmod +x update.sh ./update.sh --force ``` -------------------------------- ### Log Tactical RMM Installation Source: https://docs.tacticalrmm.com/troubleshooting Execute the installation script with bash -x to log detailed installation progress. This is useful for diagnosing issues after a new server install. The log file contains sensitive information; handle it with care. ```bash bash -x install.sh 2>&1 | tee install.log ``` -------------------------------- ### Deploy Linux Agent Script Source: https://docs.tacticalrmm.com/install_agent Use this script to download, make executable, and run the Linux agent installer. Ensure any install tokens are removed after use. ```bash wget scripturl chmod +x rmm.sh ./rmm.sh ``` -------------------------------- ### Run BitDefender GravityZone Install Script Source: https://docs.tacticalrmm.com/3rdparty_bitdefender_gravityzone This script is used to deploy the BitDefender GravityZone agent to target clients. Ensure the timeout is set appropriately for the installation. ```N/A **Run Script** Select **BitDefender GravityZone Install** and set timeout for 1800 seconds. ``` -------------------------------- ### Docker Install Configuration Update Source: https://docs.tacticalrmm.com/functions/permissions For Docker installations, update the `.env` file and then restart the Docker containers to apply configuration changes. This is the equivalent of restarting services for standard installs. ```bash docker compose down && docker compose up -d ``` -------------------------------- ### Install dnsutils Package Source: https://docs.tacticalrmm.com/troubleshooting Ensure the 'dig' command is available by installing the 'dnsutils' package. This is a prerequisite for running server troubleshooting scripts. ```bash sudo apt update && sudo apt install -y dnsutils ``` -------------------------------- ### PowerShell Comment-Based Help Example Source: https://docs.tacticalrmm.com/contributing_community_scripts Standardized comment header for PowerShell scripts, including SYNOPSIS, DESCRIPTION, PARAMETER, OUTPUTS, EXAMPLE, and NOTES sections. ```powershell <# .SYNOPSIS Short description eg Check IP address .DESCRIPTION Long description eg Checks IP address on all local network adapters, and returns results .PARAMETER xx Inputs to this cmdlet (if any) .PARAMETER yy Inputs to this cmdlet (if any) .OUTPUTS Output from this cmdlet (if any) .EXAMPLE Example of how to use this cmdlet .EXAMPLE Another example of how to use this cmdlet .NOTES v1.0 1/1/2020 username notes General notes #> ``` -------------------------------- ### Script Arguments Example Source: https://docs.tacticalrmm.com/functions/scripting Demonstrates how to pass named and environment variables as arguments to scripts. Note that named arguments require specific formatting. ```shell -hello world -foo bar -data {{agent.public_ip}} ``` ```shell ehello=eworld efoo=ebar edata={{agent.hostname}} ``` -------------------------------- ### Scripted Agent Installation using CMD Source: https://docs.tacticalrmm.com/install_agent This CMD script automates the installation of the Tactical RMM agent, checking if it's already installed and setting up necessary exclusions. Replace '!!!REPLACEME!!!' with your actual deployment URL. ```batch @echo off REM Setup deployment URL set "DeploymentURL=!!!REPLACEME!!!" for /f "delims=" %%g in ('powershell -NoProfile -Command "(Get-Service -Name tacticalrmm -ErrorAction SilentlyContinue).Name"') do ( set "Name=%%g ) if not defined Name ( echo Tactical RMM not found, installing now. if not exist "C:\ProgramData\TacticalRMM\temp" md "C:\ProgramData\TacticalRMM\temp" powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force powershell Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*" powershell Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*" powershell Add-MpPreference -ExclusionPath "C:\ProgramData\TacticalRMM\*" powershell Add-MpPreference -ExclusionProcess "C:\Windows\Temp\is-*.tmp\tacticalagent*" cd /d "C:\ProgramData\TacticalRMM\temp" powershell Invoke-WebRequest "%DeploymentURL%" -Outfile tactical.exe tactical.exe ) else ( echo Tactical RMM already installed Exiting exit 0 ) ``` -------------------------------- ### Install GeoIP Packages and NGINX Module Source: https://docs.tacticalrmm.com/securing_nginx Installs the necessary packages and NGINX module for GeoIP functionality. Ensure you have the correct package manager commands for your system. ```bash # apt-get install geoip-database libgeoip1 libnginx-mod-http-geoip ``` -------------------------------- ### Example of !now Processor Output Source: https://docs.tacticalrmm.com/ee/reporting/functions/reporting_variables This shows how the !now processor might render if a dependency value of 5 was provided for 'last_seen'. Note the double exclamation mark. ```yaml last_seen_time: !!now 'hours=-5' ``` -------------------------------- ### Start Docker Environment Source: https://docs.tacticalrmm.com/install_docker Starts the Tactical RMM Docker containers in detached mode. Running without '-d' will keep containers in the foreground for debugging. ```bash docker compose up -d ``` -------------------------------- ### Run Install Script in Dry-Mode Source: https://docs.tacticalrmm.com/securing_nginx Execute the 'install-ngxblocker' script in dry-run mode to preview changes without making any modifications. This helps understand what the script will do. ```bash cd /usr/local/sbin sudo ./install-ngxblocker ``` -------------------------------- ### Install Nginx ModSecurity Prerequisite Packages (Ubuntu/Debian) Source: https://docs.tacticalrmm.com/securing_nginx Install necessary packages for compiling ModSecurity on Ubuntu/Debian systems. Ensure your system is up-to-date before running this command. ```bash apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev ``` -------------------------------- ### API Request Headers Example Source: https://docs.tacticalrmm.com/functions/api Example of the required headers for making API requests. Ensure 'Content-Type' is 'application/json' and 'X-API-KEY' contains your generated API key. ```json { "Content-Type": "application/json", "X-API-KEY": "J57BXCFDA2WBCXH0XTELBR5KAI69CNCZ" } ``` -------------------------------- ### Install Agent with Custom Mesh Directory Source: https://docs.tacticalrmm.com/install_agent Use the --meshdir argument to specify a custom installation path for the Mesh Agent, typically used with custom branding. ```bash --meshdir "C:\Program Files\Your Company Name\Mesh Agent" ``` -------------------------------- ### Run Redis Server as Redis User Source: https://docs.tacticalrmm.com/unsupported_platforms This command starts the Redis server as the 'redis' user, ensuring correct permissions and environment. It's a way to test if Redis starts correctly after manual directory creation and permission adjustments. ```bash su -s /bin/bash -c '/usr/bin/redis-server /etc/redis/redis.conf' redis ``` -------------------------------- ### Create .env File from Example Source: https://docs.tacticalrmm.com/contributing_using_docker Duplicate the .env.example file to .env and customize it with your local host configurations. This is necessary for the development environment to function correctly. ```bash cp .env.example .env ``` -------------------------------- ### PowerShell Example to Get All Agents Source: https://docs.tacticalrmm.com/functions/api A PowerShell script to retrieve a list of all agents using the Tactical RMM API. It demonstrates setting headers and using Invoke-RestMethod for a GET request. ```powershell # Example - Get all agents using API $headers = @{ 'X-API-KEY' = 'ABC1234567890987654321' } $url = "https://api.yourdomain.com/agents/" $agentsResult = Invoke-RestMethod -Method 'Get' -Uri $url -Headers $headers -ContentType "application/json" foreach ($agent in $agentsResult) { Write-Host $agent #Write-Host $agent.hostname } ``` -------------------------------- ### Get Nginx Version Source: https://docs.tacticalrmm.com/securing_nginx Determine the currently installed Nginx version. This information is needed to download the corresponding Nginx source code for compiling the dynamic module. ```bash $ nginx -v nginx version: nginx/1.18.0 (Ubuntu) ``` -------------------------------- ### Use !now Processor for Past Timestamps Source: https://docs.tacticalrmm.com/ee/reporting/functions/reporting_variables Specify a past timestamp by providing a supported time interval and a negative value. For example, to get a timestamp 4 hours ago. ```yaml four_hours_ago: !now hours=-4 ``` -------------------------------- ### Execute PowerShell 7 Command Source: https://docs.tacticalrmm.com/functions/scripting This command starts a PowerShell 7 process that prints a dot every second for two minutes. Ensure PowerShell 7 is installed and accessible. ```powershell Start-Process nohup 'pwsh -noprofile -c "1..120 | % { Write-Host . -NoNewline; sleep 1 }"' ``` -------------------------------- ### Download and Run Server Troubleshooting Script Source: https://docs.tacticalrmm.com/troubleshooting Download, make executable, and run the server troubleshooting script. Send a screenshot of the output when seeking support. ```bash wget -N https://raw.githubusercontent.com/amidaware/tacticalrmm/develop/troubleshoot_server.sh chmod +x troubleshoot_server.sh ./troubleshoot_server.sh ``` -------------------------------- ### Use !now Processor for Future Timestamps Source: https://docs.tacticalrmm.com/ee/reporting/functions/reporting_variables Specify a future timestamp by providing a supported time interval (weeks, days, hours, minutes, seconds, microseconds) and a positive value. For example, to get a timestamp 5 days from now. ```yaml five_days_from_now: !now days=5 ``` -------------------------------- ### Set and Get RustDesk Password Source: https://docs.tacticalrmm.com/3rdparty_rustdesk This PowerShell script stops the RustDesk service, generates a random 12-character password, starts RustDesk with the new password, outputs the password, and creates a confirmation file. It's designed to run on check failure in Tactical RMM to set a new password and update custom agent fields. ```powershell $ErrorActionPreference= 'silentlycontinue' $confirmation_file = "C:\program files\RustDesk\rdrunonce.txt" net stop rustdesk > null $ProcessActive = Get-Process rustdesk -ErrorAction SilentlyContinue if($ProcessActive -ne $null) { stop-process -ProcessName rustdesk -Force } $rustdesk_pw = (-join ((65..90) + (97..122) | Get-Random -Count 12 | % {[char]$_})) Start-Process "$env:ProgramFiles\RustDesk\RustDesk.exe" "--password $rustdesk_pw" -wait Write-Output $rustdesk_pw net start rustdesk > null New-Item $confirmation_file > null ``` -------------------------------- ### Dry-Run Output Example Source: https://docs.tacticalrmm.com/securing_nginx This output shows the expected actions during a dry run of the 'install-ngxblocker' script, indicating files to be downloaded and directories to be created without actual changes. ```text ** Dry Run ** | not updating files | run as 'install-ngxblocker -x' to install files. Creating directory: /etc/nginx/bots.d REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker ``` -------------------------------- ### Download Docker Compose and Environment Files Source: https://docs.tacticalrmm.com/install_docker Fetches the docker-compose.yml and .env.example files for setting up the Tactical RMM environment. The .env.example file is then renamed to .env for configuration. ```bash wget https://raw.githubusercontent.com/amidaware/tacticalrmm/master/docker/docker-compose.yml wget https://raw.githubusercontent.com/amidaware/tacticalrmm/master/docker/.env.example mv .env.example .env ``` -------------------------------- ### Launch Development VM with Docker Compose Source: https://docs.tacticalrmm.com/contributing_using_docker Use the docker-compose.yml file to build and start the development virtual machine. This process may take a significant amount of time as Docker downloads and configures all necessary modules. ```bash docker compose up ``` -------------------------------- ### Enable Debug Logging for Linux Agent Install Source: https://docs.tacticalrmm.com/install_agent Use this flag when running the Linux agent installation script to enable verbose logging. This is helpful for diagnosing installation problems. ```bash -- debug ``` -------------------------------- ### Install Mesh Agent if Not Installed Source: https://docs.tacticalrmm.com/mesh_integration Execute this command from the Tactical RMM Script Library to install the Mesh Agent if it is currently missing. This is a troubleshooting step for agent connectivity issues. ```bash TacticalRMM - Install Mesh Agent if it's not installed ``` -------------------------------- ### Python Hello World using env Source: https://docs.tacticalrmm.com/functions/scripting This script uses `#!/usr/bin/env python3` to find the first 'python3' executable in the system's PATH, offering better portability. ```python #!/usr/bin/env python3 print("Hello World!") ``` -------------------------------- ### Install Fail2ban Source: https://docs.tacticalrmm.com/unsupported_scripts Installs fail2ban and the python3-systemd package. This is a prerequisite for using fail2ban with Tactical RMM. ```bash sudo apt install -y fail2ban python3-systemd ``` -------------------------------- ### Enable Beta API Configuration Source: https://docs.tacticalrmm.com/functions/api Add this line to your local_settings.py file to enable the beta API, which supports filtering and pagination. ```python BETA_API_ENABLED = True ``` -------------------------------- ### Configure Frontend .env File Source: https://docs.tacticalrmm.com/contributing_using_a_remote_server Set up the .env file for the frontend application with development and production URLs. ```env PROD_URL = "https://api.example.com" DEV_URL = "http://api.example.com:8000" APP_URL = "http://rmm.example.com:8080" DEV_PORT = "8080" USE_HTTPS = false ``` -------------------------------- ### Install Agent Silently Source: https://docs.tacticalrmm.com/install_agent The --silent argument suppresses all message boxes during installation, including success and error messages. ```bash --silent ``` -------------------------------- ### Batch Script with Arguments and Environment Variables Source: https://docs.tacticalrmm.com/functions/scripting A Batch script example showing how to access positional parameters and environment variables. Batch scripts primarily use positional parameters. ```batch @echo off setlocal rem Parameters. Batch only accepts positional params not named ones set hello=%1 set foo=%2 set data=%3 echo Script Args echo hello: %hello% echo foo: %foo% echo data: %data% echo. echo Environment Vars echo ehello: %ehello% echo efoo: %efoo% echo edata: %edata% endlocal ``` -------------------------------- ### Bash Script with Arguments and Environment Variables Source: https://docs.tacticalrmm.com/functions/scripting A Bash script example demonstrating how to access positional parameters and environment variables. Bash scripts primarily use positional parameters. ```bash #!/bin/bash #Bash only accepts positional params not named ones hello="$1" foo="$2" data="$3" echo "Script Args" echo "hello: $hello" echo "foo: $foo" echo "data: $data" echo "" echo "Environment Vars" echo "ehello: $ehello" echo "efoo: $efoo" echo "edata: $edata" ``` -------------------------------- ### Find Agents with Specific Software Installed Source: https://docs.tacticalrmm.com/management_cmds Searches all agents for installations of a specified software. Replace 'adobe' with the software name you are looking for. ```python python manage.py find_software "adobe" ``` -------------------------------- ### Request Wildcard Let's Encrypt Certificate Source: https://docs.tacticalrmm.com/install_docker Generates wildcard SSL certificates using the DNS-01 challenge method with Certbot. Replace 'example.com' with your actual domain. ```bash sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --preferred-challenges dns ``` -------------------------------- ### Install Certbot Source: https://docs.tacticalrmm.com/install_docker Installs Certbot, a tool for obtaining and renewing Let's Encrypt certificates. Ensure you are using a Debian-based distribution. ```bash sudo apt-get install certbot ``` -------------------------------- ### Agent Installation via Group Policy (Batch File) Source: https://docs.tacticalrmm.com/install_agent This batch script is designed for Active Directory Group Policy deployment. It checks if the Tactical RMM service is already installed and proceeds with the installation only if it's missing. Remember to replace 'snip' with your actual deployment URL. ```batch @echo off REM Setup deployment URL set "DeploymentURL=snip" SC query "TacticalRMM" >nul 2>&1 IF %ERRORLEVEL% EQU 1060 ( echo Tactical RMM not found, installing now. if not exist c:\ProgramData\TacticalRMM\temp md c:\ProgramData\TacticalRMM\temp powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted powershell Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*" powershell Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*" powershell Add-MpPreference -ExclusionPath C:\ProgramData\TacticalRMM\* powershell Add-MpPreference -ExclusionProcess "C:\Windows\Temp\is-*.tmp\tacticalagent*" cd c:\ProgramData\TacticalRMM\temp powershell Invoke-WebRequest "%DeploymentURL%" -Outfile tactical.exe tactical.exe exit /b 0 ) ELSE ( REM Service exists (it might be running or stopped, but it is installed) EXIT /B 0 ) ``` -------------------------------- ### Gather System Information (Deno) Source: https://docs.tacticalrmm.com/functions/scripting This Deno script gathers and prints basic system information, including OS, architecture, total memory, and free memory. It uses Deno's built-in APIs for system access. ```typescript async function gatherSystemInfo() { const os = Deno.build.os; const arch = Deno.build.arch; const memory = Deno.systemMemoryInfo(); const info = ` OS: ${os} Architecture: ${arch} Total Memory: ${(await memory).total / 1024 / 1024} MB Free Memory: ${(await memory).free / 1024 / 1024} MB `; console.log(info); } gatherSystemInfo().catch(console.error); ``` -------------------------------- ### Disable SSO in Tactical RMM (Docker Install) Source: https://docs.tacticalrmm.com/ee/sso/sso For Docker installations, add this variable to your `.env` file and then restart the Docker Compose services. ```dotenv TRMM_DISABLE_SSO=True ``` -------------------------------- ### Webhook Request Header Example Source: https://docs.tacticalrmm.com/functions/webhooks Example of a Content-Type header for JSON data in webhook requests. Ensure your endpoint is configured to accept JSON. ```json { "Content-Type": "application/json" } ``` -------------------------------- ### Install Agent without MeshCentral Source: https://docs.tacticalrmm.com/install_agent The --nomesh argument prevents the installation of the MeshCentral agent, which will disable Take Control and File Browser features. ```bash --nomesh ``` -------------------------------- ### List Software on All Agents (Python) Source: https://docs.tacticalrmm.com/functions/api Fetches a list of all installed software for every agent connected to the API. Requires agent IDs to be retrieved first. ```python import requests API = "https://api.example.com" HEADERS = { "Content-Type": "application/json", "X-API-KEY": "9SI43IFUMPEVRWOZR4NC8PGP4ZLA9PYX", } def get_software(): agents = requests.get(f"{API}/agents/?detail=false", headers=HEADERS) # get a list of all agents for agent in agents.json(): # loop thru all agents and print list of installed software r = requests.get(f"{API}/software/{agent['agent_id']}/", headers=HEADERS) print(r.json()) if __name__ == "__main__": get_software() ``` -------------------------------- ### Process Alert Example Source: https://docs.tacticalrmm.com/3rdparty_bitdefender_gravityzone This is an example of a process alert indicating a detected exploit. It includes details about the detected process, company, computer, and exploit type. ```N/A Detected Exploit Details | ---|--- Company: | ACME Company, Inc. Computer Name: | PC-Desktop01 Computer IP: | 192.168.1.69 Installed Agent: | Bitdefender Endpoint Security Tools Command Line: | C:\Program Files\TacticalAgent\tacticalrmm.exe -m svc Parent Process Path: | C:\Windows\System32\services.exe Parent PID: | 852 Exploit Type: | ATC Application Exploit Path: | C:\Program Files\TacticalAgent\tacticalrmm.exe Exploit Status: | ATC/IDS Disinfected Last Blocked: | 08 December 2022 08:55:59 Logged User: | SYSTEM ``` -------------------------------- ### Configure GeoIP Country Mapping (Allow by Default) Source: https://docs.tacticalrmm.com/securing_nginx Sets up a map to define which countries are allowed or denied. This example uses an 'allow by default, deny by exception' strategy. Modify 'COUNTRY_CODE_X' with actual country codes to block. ```nginx http { ## # Basic Settings ## # Load GeoIP Database geoip_country /usr/share/GeoIP/GeoIP.dat; # map the list of denied countries map $geoip_country_code $allowed_country { default yes; # BLOCKED_COUNTRY_1 COUNTRY_CODE_1 no; # BLOCKED_COUNTRY_2 COUNTRY_CODE_2 no; # BLOCKED_COUNTRY_3 COUNTRY_CODE_3 no; } } ``` -------------------------------- ### Run Install Script in Insecure Mode Source: https://docs.tacticalrmm.com/install_server Use this option for testing or when you want to use any DNS name with self-signed certificates. Note that this disables SSL certificate validation and makes communication vulnerable. ```bash ./install.sh --insecure ``` -------------------------------- ### Install Tactical RMM Agent on Linux Source: https://docs.tacticalrmm.com/install_agent This script is used to install the Tactical RMM agent on Linux machines. Ensure the script has execute permissions before running. ```bash chmod +x rmm-clientname-sitename-type.sh sudo ./rmm-clientname-sitename-type.sh ``` -------------------------------- ### List Tactical Agent Processes on macOS Source: https://docs.tacticalrmm.com/howitallworks Use launchtl to list processes related to mesh and tacticalagent on macOS. This helps in verifying agent status. ```bash sudo launchtl list | grep -e mesh -e tacticalagent ``` -------------------------------- ### Configure Fail2ban Backend for Debian 12 Source: https://docs.tacticalrmm.com/unsupported_scripts Creates the jail.local file with the systemd backend if it does not exist. This addresses a known issue on Debian 12 where fail2ban may not start. ```bash echo -e "[sshd]\nbackend=systemd\nenabled=true" | sudo tee /etc/fail2ban/jail.local ``` -------------------------------- ### Apply Django Migrations Source: https://docs.tacticalrmm.com/contributing_using_a_remote_server Apply database migrations to set up the development database schema. ```bash python manage.py migrate ``` -------------------------------- ### Schedule Daily Backups Source: https://docs.tacticalrmm.com/backup Run the backup script with the --schedule flag to automate daily, weekly, and monthly backups. This requires passwordless sudo to be enabled for your user. Verify the setup with a dry run. ```bash ./backup.sh --schedule ``` -------------------------------- ### Python Hello World with Custom PATH in Shebang Source: https://docs.tacticalrmm.com/functions/scripting This example demonstrates how to use `env` with a modified PATH to specify a custom Python interpreter location, ensuring a specific version is used. ```python #!/usr/bin/env PATH="/opt/my-python/3.8/:$PATH" python3 print("Hello World!") ``` -------------------------------- ### Enable Swagger UI Configuration Source: https://docs.tacticalrmm.com/functions/api Add this line to your local_settings.py file to enable the Swagger UI for API documentation and exploration. ```python SWAGGER_ENABLED = True ``` -------------------------------- ### Example Monitoring Endpoint Response Source: https://docs.tacticalrmm.com/tipsntricks This is an example of the JSON response you can expect from the monitoring endpoint, providing various metrics about your RMM instance's health and status. ```json { "version": "1.0.0", "latest_agent_version": "2.8.0", "agent_count": 345, "client_count": 14, "site_count":34, "disk_usage_percent": 43, "mem_usage_percent": 54, "days_until_cert_expires": 43, "cert_expired": false, "redis_ping": true, "celery_queue_len": 0, "celery_queue_health": "healthy", "nats_std_ping": true, "nats_ws_ping": true, "mesh_ping": true, "services_running": { "mesh": true, "daphne": true, "celery": true, "celerybeat": true, "redis": true, "nats": true, "nats-api": true } } ``` -------------------------------- ### PowerShell Example to Send Command to Agent Source: https://docs.tacticalrmm.com/functions/api This PowerShell script shows how to send a command (e.g., 'dir c:\users') to a specific agent using the API. It includes setting the shell, command, and timeout. ```powershell # Example - Send PowerShell command to agent. Make sure to pass {{agent.agent_id}} as a parameter param( $AgentId ) $headers = @{ 'X-API-KEY' = 'ABC1234567890987654321' } $url = "https://api.yourdomain.com/agents/$AgentId/cmd/" $body = @{ "shell" = "powershell" "cmd" = "dir c:\users" "timeout" = 30 } $commandResult = Invoke-RestMethod -Method 'Post' -Uri $url -Body ($body|ConvertTo-Json) -Headers $headers -ContentType "application/json" Write-Host $commandResult ``` -------------------------------- ### Python SNMP GET Function Source: https://docs.tacticalrmm.com/functions/snmp_checks Use this function to perform an SNMP GET request. It handles retries and timeouts, returning error status and bound variables. ```python def snmp_get(ip, oid, community=COMMUNITY, version=SNMP_VERSION, port=PORT, timeout=TIMEOUT, retries=RETRIES): """Return (error_status, error_index, [(oid, value), ...]) for one GET.""" request_id = random.randint(1, 0x7FFFFFFF) packet = _build_get(community, oid, request_id, version) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(timeout) try: for attempt in range(retries + 1): sock.sendto(packet, (ip, port)) try: while True: data, _ = sock.recvfrom(65535) rid, est, eix, binds = _parse_response(data) if rid == request_id: # ignore stray/late packets return est, eix, binds except socket.timeout: if attempt == retries: raise finally: sock.close() ``` -------------------------------- ### Set File Permissions for SSL Certificate and Key Source: https://docs.tacticalrmm.com/functions/settings_override Ensure the SSL certificate and private key files are readable by the tactical Linux user by setting ownership and permissions. ```bash sudo chown tactical:tactical /path/to/your/fullchain.pem /path/to/your/privkey.pem sudo chmod 440 /path/to/your/fullchain.pem /path/to/your/privkey.pem ```