VISULOX addon command line interface (CMD Connect / Guard, etc)
OverviewThe VISULOX addons are Command Connect, Command Guard and FT Client. These addons have assigned hosts and scripts. The VISULOX addon command line interface allows to create entries for Command Connnect, Command Guard, FT Client, hosts and scripts. |
Usage
The primary command is:
visulox addon <subcommand> <subcommand> <options>The addon has subcommands:
cmdconnect Handle cmdconnect
cmdguard Handle cmdguard
export Handle export
ftclient Handle ftclient
host Handle host
privathost Handle privathost
purge Handle purge
script Handle script
template Handle templateEach subcommand has additional subcommands:
visulox addon (cmdconnect|cmdguard|export|ftclient|host|privathost|purge|script|template) (list|add|edit|delete|export|import|fields)
visulox addon template (host|guard) The options are related to usage:
visulox addon <subcommand> <subcomand> -?Available fields in the database can be displayed with:
visulox addon cmdconnect fields
visulox addon cmdconnect fields -raw
Assigned hosts for Command Connect:
visulox addon cmdconnect listhosts
Assigned private hosts for Command Connect:
visulox addon cmdconnect listprivatehosts
Assigned scripts for Command Guard:
visulox addon cmdguard listscriptsExport into a script:
visulox addon export
visulox addon privathost export
Available options:
| Option | Description |
|---|---|
| -grant <value> | Add -grant <value> in import script |
| -addcomment <value> | Add an import comment <> |
| -overwrite <value> | Add -force to import script |
- visulox addon export to export all data into a script
- visulox addon <segment> export to export a single segment into a script, e.g. privathost
Assignments
The subcommand cmdconnect and ftclient need assigned endpoints (hosts), additionally the server side scripts to cmdguard.
The assignment is a list of endpoints / scripts. The assignment is not done additional, it is done fully. Already assigned elements are removed if they are not on the request.
Create a Group with two servers
visulox addon host add -name "server1" -endpoint sysadm@server1 -mode on -comment "ADMIN SERVER1"
visulox addon host add -name "server2" -endpoint sysadm@server2 -mode on -comment "ADMIN SERVER2"
visulox addon cmdconnect add -name adminServer -mode on -comment "group of admin Server" \
-hosts server1,server2Configuration
For Command Connect and Command Guard, the user can add private hosts, if hostrules are provided. Command Guard needs also the guardrules. These rules can be applied by the command line.
visulox addon cmdconnect edit -name adminServer -hostrules <path to defintion>
visulox addon cmdguard edit -name adminServer -hostrules <path to defintion> -guardrules <path to defintion>visulox addon template hosts|guard provides a template for these configuration files
List of available Command Connect / Guard parameters
| Parameter | Description |
|---|---|
| -name <value> | Name of this definition <> |
-comment <value> | Comment for this definition <> |
| -mode <value> | Enable/disable the definition <on> |
| -color <value> | Frame color for all session within this definition <white> |
| -term <value> | TERM to shell <> |
| -resource <value> | Resource in passcache <>
If an owner is set for the ressource, the owner must be set also for Command Connect in the ressorce name field: <ressource-name>%OWNER%
|
| -sshkeymask <value> | Filtermask for SSH-keys provided in the sessions <> |
| -hostrules <value> | File with rules to set private hosts <> Rules that can be set: rulemode, rulematchtype, userexpr, hostexpr, protocol, port |
| -ftmode <value> | File Transfer with Command Guard <on> |
| -object <value> | User/group filter allowed to use this definition <> |
| -remoteip <value> | Remote IP from where this definition can be used <> |
| -accesspoint <value> | Access Point over which this definition can be used <> |
| -hosts <value> | List of hosts assigned to this definition <> |
| -grant <value> | Set granted user in database record <> |
Known issues and comments
Any option except -script <path>, -hostrules <path> and -guardrules <path> can be provided via stdin from a remote host.