diff --git a/README.md b/README.md index 7b8fcfcb..2aa479ee 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Demo database resets every hour. A lot of features are disabled for obvious reas ### [Discord Chat](https://discord.gg/upGTkWp) -### [Documentation](https://wh1te909.github.io/tacticalrmm/) +### [Documentation](https://docs.tacticalrmm.com) ## Features @@ -34,4 +34,4 @@ Demo database resets every hour. A lot of features are disabled for obvious reas ## Installation / Backup / Restore / Usage -### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/) +### Refer to the [documentation](https://docs.tacticalrmm.com) diff --git a/SECURITY.md b/SECURITY.md index d1851993..6a71e378 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -9,4 +9,4 @@ ## Reporting a Vulnerability -https://wh1te909.github.io/tacticalrmm/security/ +https://docs.tacticalrmm.com/security diff --git a/api/tacticalrmm/agents/tasks.py b/api/tacticalrmm/agents/tasks.py index ca33c594..8da257ee 100644 --- a/api/tacticalrmm/agents/tasks.py +++ b/api/tacticalrmm/agents/tasks.py @@ -271,7 +271,7 @@ def run_script_email_results_task( @app.task def clear_faults_task(older_than_days: int) -> None: - # https://github.com/wh1te909/tacticalrmm/issues/484 + # https://github.com/amidaware/tacticalrmm/issues/484 agents = Agent.objects.exclude(last_seen__isnull=True).filter( last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days) ) diff --git a/api/tacticalrmm/agents/tests.py b/api/tacticalrmm/agents/tests.py index 99f1ab9e..4142c18b 100644 --- a/api/tacticalrmm/agents/tests.py +++ b/api/tacticalrmm/agents/tests.py @@ -1430,7 +1430,7 @@ class TestAgentTasks(TacticalTestCase): self.assertEqual(action.status, "pending") self.assertEqual( action.details["url"], - f"https://github.com/wh1te909/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe", + f"https://github.com/amidaware/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe", ) self.assertEqual( action.details["inno"], f"winagent-v{settings.LATEST_AGENT_VER}.exe" @@ -1440,7 +1440,7 @@ class TestAgentTasks(TacticalTestCase): { "func": "agentupdate", "payload": { - "url": f"https://github.com/wh1te909/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe", + "url": f"https://github.com/amidaware/rmmagent/releases/download/v{settings.LATEST_AGENT_VER}/winagent-v{settings.LATEST_AGENT_VER}.exe", "version": settings.LATEST_AGENT_VER, "inno": f"winagent-v{settings.LATEST_AGENT_VER}.exe", }, diff --git a/api/tacticalrmm/tacticalrmm/settings.py b/api/tacticalrmm/tacticalrmm/settings.py index 0b31c6a3..8e96b50a 100644 --- a/api/tacticalrmm/tacticalrmm/settings.py +++ b/api/tacticalrmm/tacticalrmm/settings.py @@ -23,8 +23,8 @@ TRMM_VERSION = "0.12.0" # to alert user they need to manually refresh their browser APP_VER = "0.0.157" -# https://github.com/wh1te909/rmmagent -LATEST_AGENT_VER = "2.0.1" +# https://github.com/amidaware/rmmagent +LATEST_AGENT_VER = "2.0.0" MESH_VER = "0.9.98" @@ -37,8 +37,8 @@ NPM_VER = "29" SETUPTOOLS_VER = "59.6.0" WHEEL_VER = "0.37.1" -DL_64 = f"https://github.com/wh1te909/rmmagent/releases/download/v{LATEST_AGENT_VER}/winagent-v{LATEST_AGENT_VER}.exe" -DL_32 = f"https://github.com/wh1te909/rmmagent/releases/download/v{LATEST_AGENT_VER}/winagent-v{LATEST_AGENT_VER}-x86.exe" +DL_64 = f"https://github.com/amidaware/rmmagent/releases/download/v{LATEST_AGENT_VER}/winagent-v{LATEST_AGENT_VER}.exe" +DL_32 = f"https://github.com/amidaware/rmmagent/releases/download/v{LATEST_AGENT_VER}/winagent-v{LATEST_AGENT_VER}-x86.exe" EXE_GEN_URL = "https://agents.tacticalrmm.com" diff --git a/api/tacticalrmm/tacticalrmm/utils.py b/api/tacticalrmm/tacticalrmm/utils.py index 0ea8d008..7942a06b 100644 --- a/api/tacticalrmm/tacticalrmm/utils.py +++ b/api/tacticalrmm/tacticalrmm/utils.py @@ -232,7 +232,7 @@ KnoxAuthMiddlewareStack = lambda inner: KnoxAuthMiddlewareInstance( def get_latest_trmm_ver() -> str: - url = "https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py" + url = "https://raw.githubusercontent.com/amidaware/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py" try: r = requests.get(url, timeout=5) except: diff --git a/backup.sh b/backup.sh index 1e08029d..989968f4 100755 --- a/backup.sh +++ b/backup.sh @@ -1,7 +1,7 @@ #!/bin/bash SCRIPT_VERSION="17" -SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh' +SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/backup.sh' GREEN='\033[0;32m' YELLOW='\033[1;33m' diff --git a/docker/install.sh b/docker/install.sh index 0b81b7cf..8c9357c4 100755 --- a/docker/install.sh +++ b/docker/install.sh @@ -8,7 +8,7 @@ temp="/tmp/tactical" args="$*" version="latest" branch="master" -repo="wh1te909" +repo="amidaware" branchRegex=" --branch ([^ ]+)" if [[ " ${args}" =~ ${branchRegex} ]]; then diff --git a/docker/readme.md b/docker/readme.md index a51ecba7..78c85476 100644 --- a/docker/readme.md +++ b/docker/readme.md @@ -25,8 +25,8 @@ You will need to add DNS entries so that the three subdomains resolve to the IP Get the docker-compose and .env.example file on the host you which to install on ``` -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example +wget https://raw.githubusercontent.com/amidaware/tacticalrmm/master/docker/docker-compose.yml +wget https://raw.githubusercontent.com/amidaware/tacticalrmm/master/docker/.env.example mv .env.example .env ``` diff --git a/docker/tactical-cli b/docker/tactical-cli index 2dd645d3..b810b72f 100644 --- a/docker/tactical-cli +++ b/docker/tactical-cli @@ -150,7 +150,7 @@ FIRST_ARG="$1" # defaults DOCKER_REPO="tacticalrmm/" -REPO="wh1te909" +REPO="amidaware" BRANCH="master" VERSION="latest" diff --git a/docs/docs/3rdparty_anydesk.md b/docs/docs/3rdparty_anydesk.md deleted file mode 100644 index 1d934b15..00000000 --- a/docs/docs/3rdparty_anydesk.md +++ /dev/null @@ -1,46 +0,0 @@ -# AnyDesk - -## AnyDesk Integration - -!!!info - You can setup a full automation policy to collect the machine GUID but this example will collect from just one agent for testing purposes. - -From the UI go to **Settings > Global Settings > CUSTOM FIELDS > Agents** - -Add Custom Field
-**Target** = `Agent`
-**Name** = `AnyNetID`
-**Field Type** = `Text`
- -![Service Name](images/3rdparty_anydesk1.png) - -While in Global Settings go to **URL ACTIONS** - -Add a URL Action
-**Name** = `AnyDesk Control`
-**Description** = `Connect to a AnyDesk Session`
-**URL Pattern** = - -```html -anydesk:{{agent.AnyNetID}} -``` - -Navigate to an agent with AnyDesk running (or apply using **Settings > Automation Manager**).
-Go to Tasks.
-Add Task
-**Select Script** = `AnyDesk - Get AnyNetID for client` (this is a builtin script from script library)
-**Descriptive name of task** = `Collects the AnyNetID for AnyDesk.`
-**Collector Task** = `CHECKED`
-**Custom Field to update** = `AnyNetID`
- -![Service Name](images/3rdparty_anydesk2.png) - -Click **Next**
-Check **Manual**
-Click **Add Task** - -Right click on the newly created task and click **Run Task Now**. - -Give it a second to execute then right click the agent that you are working with and go to **Run URL Action > AnyDesk Control** - -It launch the session in AnyDesk. diff --git a/docs/docs/3rdparty_bitdefender_gravityzone.md b/docs/docs/3rdparty_bitdefender_gravityzone.md deleted file mode 100644 index 450eb427..00000000 --- a/docs/docs/3rdparty_bitdefender_gravityzone.md +++ /dev/null @@ -1,34 +0,0 @@ -# BitDefender GravityZone Deployment - -## How to Deploy BitDefender GravityZone - -From the UI go to **Settings > Global Settings > CUSTOM FIELDS > Clients** - -Add a Custom Field
- -First:
-**Target** = `CLIENTS`
-**Name** = `bdurl`
-**Field Type** = `Text`
- -![Service Name](images/3rdparty_bdg_RmmCustField.png) - -Log into your GravityZone and on the left hand side, select "Packages" under "Network". - -![Service Name](images/3rdparty_bdg_Packages.png) - -Select the client you are working with and click "Send Download Links" at the top.
- -![Service Name](images/3rdparty_bdg_DownloadLink.png) - -Copy the appropriate download link - -![Service Name](images/3rdparty_bdg_LinkCopy.png) - -Paste download link into the `bdurl` when you right click your target clients name in the RMM. - -![Service Name](images/3rdparty_bdg_CustFieldLink.png) - -Right click the Agent you want to deploy to and **Run Script**. Select **BitDefender GravityZone Install** and set timeout for 1800 seconds. - -**Install time will vary based on internet speed and other AV removal by BitDefender BEST deployment** diff --git a/docs/docs/3rdparty_grafana.md b/docs/docs/3rdparty_grafana.md deleted file mode 100644 index 8799043a..00000000 --- a/docs/docs/3rdparty_grafana.md +++ /dev/null @@ -1,9 +0,0 @@ -# Adding Grafana to Tactical RMM - -Adding graphical Dashboards to Tactical. - -See - -![Example1](images/3rdparty_grafana_ex1.png) - -![Example1](images/3rdparty_grafana_ex2.png) diff --git a/docs/docs/3rdparty_screenconnect.md b/docs/docs/3rdparty_screenconnect.md deleted file mode 100644 index 539eb668..00000000 --- a/docs/docs/3rdparty_screenconnect.md +++ /dev/null @@ -1,109 +0,0 @@ -# Screenconnect / Connectwise Control - -## Connectwise Control Integration - -!!!info - To make this work you will need the name of a the Service from one of your agents running a Screen Connect Guest. - -!!!info - You can setup a full automation policy to collect the machine GUID but this example will collect from just one agent for testing purposes. - -From the UI go to **Settings > Global Settings > CUSTOM FIELDS > Agents** - -Add Custom Field
-**Target** = `Client`
-**Name** = `ScreenConnectService`
-**Field Type** = `Text`
-**Default Value** = `The name of your SC Service eg. ScreenConnect Client (XXXXXXXXXXXXXXXXX)`
- -![Service Name](images/3rdparty_screenconnect1.png) - -Add Custom Field
-**Target** = `Agent`
-**Name** = `ScreenConnectGUID`
-**Field Type** = `Text`
- -![Service Name](images/3rdparty_screenconnect2.png) - -While in Global Settings go to **URL ACTIONS** - -Add a URL Action
-**Name** = `ScreenConnect`
-**Description** = `Launch Screen Connect Session`
-**URL Pattern** = - -```html -https:///Host#Access/All%20Machines//{{agent.ScreenConnectGUID}}/Join -``` - -![Service Name](images/3rdparty_screenconnect3.png) - -Navigate to an agent with ConnectWise Service running (or apply using **Settings > Automation Manager**).
-Go to Tasks.
-Add Task
-**Select Script** = `ScreenConnect - Get GUID for client` (this is a builtin script from script library)
-**Script argument** = `-serviceName {{client.ScreenConnectService}}`
-**Descriptive name of task** = `Collects the Machine GUID for ScreenConnect.`
-**Collector Task** = `CHECKED`
-**Custom Field to update** = `ScreenConectGUID`
- -![Service Name](images/3rdparty_screenconnect4.png) - -Click **Next**
-Check **Manual**
-Click **Add Task** - -Right click on the newly created task and click **Run Task Now**. - -Give it a second to execute then right click the agent that you are working with and go to **Run URL Action > ScreenConnect** - -It should ask you to sign into your Connectwise Control server if you are not already logged in and launch the session. - -***** - -## Install Screenconnect via Tactical - -Use the [Screenconnect AIO script](https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_ScreenConnectAIO.ps1) - -![AIO](images/3rdparty_sc_aio.png) - -## Install Tactical RMM via Screeconnect commands window - -1. Create a Deplopment under **Agents > Manage Deployments** -2. Replace `` below with your Deployment Download Link. - -**x64** - -```cmd -#!ps -#maxlength=500000 -#timeout=600000 - -Invoke-WebRequest "" -OutFile ( New-Item -Path "C:\temp\trmminstallx64.exe" -Force ) -$proc = Start-Process c:\temp\trmminstallx64.exe -ArgumentList '-silent' -PassThru -Wait-Process -InputObject $proc - -if ($proc.ExitCode -ne 0) { - Write-Warning "$_ exited with status code $($proc.ExitCode)" -} -Remove-Item -Path "c:\temp\trmminstallx64.exe" -Force -``` - -**x86** - -```cmd -#!ps -#maxlength=500000 -#timeout=600000 - -Invoke-WebRequest "" -OutFile ( New-Item -Path "C:\temp\trmminstallx86.exe" -Force ) -$proc = Start-Process c:\temp\trmminstallx86.exe -ArgumentList '-silent' -PassThru -Wait-Process -InputObject $proc - -if ($proc.ExitCode -ne 0) { - Write-Warning "$_ exited with status code $($proc.ExitCode)" -} -Remove-Item -Path "c:\temp\trmminstallx86.exe" -Force -``` - -***** diff --git a/docs/docs/3rdparty_splashtop.md b/docs/docs/3rdparty_splashtop.md deleted file mode 100644 index 6bb2d15b..00000000 --- a/docs/docs/3rdparty_splashtop.md +++ /dev/null @@ -1,42 +0,0 @@ -# Splashtop - -## Splashtop Integration - - -From the UI go to **Settings > Global Settings > CUSTOM FIELDS > Agents** - -Add Custom Field
-**Target** = `Agent`
-**Name** = `SplashtopSUUID`
-**Field Type** = `Text`
- -![Service Name](images/3rdparty_splashtop1.png) - -While in Global Settings go to **URL ACTIONS** - -Add a URL Action
-**Name** = `Splashtop`
-**Description** = `Connect to a Splashtop client`
-**URL Pattern** = - -```html -st-business://com.splashtop.business?account=&uuid={{agent.SplashtopSUUID}}&sessiontype=remote -``` - -Navigate to an agent with Splashtop running (or apply using **Settings > Automation Manager**).
-Go to Tasks.
-Add Task
-**Select Script** = `Splashtop - Get SUUID for client` (this is a builtin script from script library)
-**Descriptive name of task** = `Obtain Splashtop SUUID from device registry.`
-**Collector Task** = `CHECKED`
-**Custom Field to update** = `SplashtopSUUID`
- -![Service Name](images/3rdparty_splashtop2.png) - -Click **Next**
-Check **Manual**
-Click **Add Task** - -Right click on the newly created task and click **Run Task Now**. - -Give it a second to execute then right click the agent that you are working with and go to **Run URL Action > Splashtop** \ No newline at end of file diff --git a/docs/docs/3rdparty_teamviewer.md b/docs/docs/3rdparty_teamviewer.md deleted file mode 100644 index dae2a987..00000000 --- a/docs/docs/3rdparty_teamviewer.md +++ /dev/null @@ -1,46 +0,0 @@ -# TeamViewer - -## TeamViewer Integration - -!!!info - You can setup a full automation policy to collect the machine GUID but this example will collect from just one agent for testing purposes. - -From the UI go to **Settings > Global Settings > CUSTOM FIELDS > Agents** - -Add Custom Field
-**Target** = `Agent`
-**Name** = `TeamViewerClientID`
-**Field Type** = `Text`
- -![Service Name](images/3rdparty_teamviewer1.png) - -While in Global Settings go to **URL ACTIONS** - -Add a URL Action
-**Name** = `TeamViewer Control`
-**Description** = `Connect to a Team Viewer Session`
-**URL Pattern** = - -```html -https://start.teamviewer.com/device/{{agent.TeamViewerClientID}}/authorization/password/mode/control -``` - -Navigate to an agent with TeamViewer running (or apply using **Settings > Automation Manager**).
-Go to Tasks.
-Add Task
-**Select Script** = `TeamViewer - Get ClientID for client` (this is a builtin script from script library)
-**Descriptive name of task** = `Collects the ClientID for TeamViewer.`
-**Collector Task** = `CHECKED`
-**Custom Field to update** = `TeamViewerClientID`
- -![Service Name](images/3rdparty_teamviewer2.png) - -Click **Next**
-Check **Manual**
-Click **Add Task** - -Right click on the newly created task and click **Run Task Now**. - -Give it a second to execute then right click the agent that you are working with and go to **Run URL Action > TeamViewer Control** - -It launch the session and possibly promt for password in TeamViewer. diff --git a/docs/docs/av.md b/docs/docs/av.md deleted file mode 100644 index ed0f473c..00000000 --- a/docs/docs/av.md +++ /dev/null @@ -1,144 +0,0 @@ - -# Antivirus - -They are usually fraught with false-positives because we live in a world of complex greys, not black and white. - -At the moment, Microsoft Windows Defender thinks a go executable with virtually nothing in it is the "Trojan:Win32/Wacatac.B!ml" virus - -At Tactical we recommend: - -1. No 3rd party AV -2. Use the `Defender Status Report` script (Task > Run Daily - Use Automation manager) to monitor machines: -3. If you want to lock a system down, run the `Defender Enable` script (test in your environment, because it can stop Microsoft Office from opening docs) that will turn on Protected Folders: and you will be extremely safe. Annoyed, but safe. Use [this](https://github.com/amidaware/trmm-awesome/blob/main/scripts/Windows_Defender_Allowed_List.ps1) as an Exclusion List for Protected Folders items. - -Be aware there is also [a powershell script](https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_TRMM_AV_Update_Exclusion.ps1) to add TRMM exclusions specific to Windows Defender - -!!!note - If you need to use 3rd party AV, add the necessary exclusions (see below for examples) and submit the exe's as safe - -## Bitdefender Gravityzone - -Admin URL: - -To exclude URLs: Policies > {policy name} > Network Protection > Content Control > Settings > Exclusions - -![Web Exclusions](images/avbitdefender_gravityzone_exclusions0.png) - -![Web Exclusions](images/avbitdefender_gravityzone_exclusions1.png) - -![Web Exclusions](images/avbitdefender_gravityzone_exclusions2.png) - -## Webroot - -Admin URL: - -![Web Exclusions](images/avwebroot.png) - -![Web Exclusions](images/avwebroot5.png) - -![Web Exclusions](images/avwebroot4.png) - -![Web Exclusions](images/avwebroot3.png) - -![Web Exclusions](images/avwebroot2.png) - -![Web Exclusions](images/avwebroot1.png) - -## Sophos - -### Sophos Central Admin - -Go To Global Settings >> General >> Global Exclusions >> Add Exclusion - -![Agent Exclusions](images/sophoscascreen1.png) - -![Agent Exclusions](images/sophoscascreen2.png) - -![Agent Exclusions](images/sophoscascreen3.png) - -![Agent Exclusions](images/sophoscascreen4.png) - -![Agent Exclusions](images/sophoscascreen5.png) - -![Agent Exclusions](images/sophoscascreen6.png) - -![Agent Exclusions](images/sophoscascreen7.png) - -### Sophos XG Firewall - -![Agent Exclusions](images/sophoscascreen1.png) - -Log into Sophos Central Admin - -Admin URL: - -Log into the Sophos XG Firewall - -Go To System >> Hosts and services >> FQDN Host Group and create a new group - -![FW Exclusions](images/sophosxgscreen1.png) - -Go To System >> Hosts and services >> FQDN Host - -Create the following 3 hosts and add each to your FQDN host group. - -- api.yourdomain.com -- mesh.yourdomain.com -- rmm.yourdomain.com (Optional if you want your client to have GUI access to Tactical RMM) - -![FW Exclusions](images/sophosxgscreen2.png) - -![FW Exclusions](images/sophosxgscreen3.png) - -Go To Hosts and services >> Services and create the following services - -- Name: Tactical-Service-4222 - - Protocol: TCP - - Source port: 1:65535 - - Destination port: 4222 -- Name: Tactical-Service-443 - - Protocol: TCP - - Source port: 1:65535 - - Destination port: 443 - -![FW Exclusions](images/sophosxgscreen4.png) - -![FW Exclusions](images/sophosxgscreen5.png) - -Go To Hosts and services >> Service group and create the following service group - -![FW Exclusions](images/sophosxgscreen6.png) - -Go To Protect >> Rules and policies and add a firewall rule - -- Rule name: Tactical Rule -- Rule position: Top -- Source zones: LAN -- Source networks: ANY -- Destination zones: WAN -- Destination networks: Your FQDN Host Group -- Services: Tactical Services - -![FW Exclusions](images/sophosxgscreen7.png) - -![FW Exclusions](images/sophosxgscreen8.png) - -Optionally select Log Firewall Traffic checkbox for troubleshooting. - -## ESET ESMC Console - -There are two spots: - -1. In the Detection Engine -> Performance Exclusions -2. Web Access Protection -> URL Address Management - - -![Web Exclusions](images/esetesmc1.png) - -![Web Exclusions](images/esetesmc2.png) - -![Web Exclusions](images/esetesmc3.png) - -![Web Exclusions](images/esetesmc4.png) - -![Web Exclusions](images/esetesmc5.png) diff --git a/docs/docs/backup.md b/docs/docs/backup.md deleted file mode 100644 index 50faa0ed..00000000 --- a/docs/docs/backup.md +++ /dev/null @@ -1,47 +0,0 @@ -## Backing up the RMM - -!!!note - This is only applicable for the standard install, not Docker installs. - -A backup script is provided for quick and easy way to backup all settings into one file to move to another server. - -Download the backup script: - -```bash -wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh -``` - -From the Web UI, click **Tools > Server Maintenance** - -Choose **Prune DB Tables** from the dropdown and check the `Audit Log` and `Pending Actions` checkboxes, and then click **Submit** - -Doing a prune first before running the backup will significantly speed up the postgres vacuum command that is run during backup. - -Run the backup script - -```bash -chmod +x backup.sh -./backup.sh -``` - -The backup tar file will be saved in `/rmmbackups` with the following format: - -`rmm-backup-CURRENTDATETIME.tar` - -## Schedule to run daily via cron - -Make a symlink in `/etc/cron.d` (daily cron jobs) with these contents `00 18 * * * tactical /rmm/backup.sh` to run at 6pm daily. - -```bash -echo -e "\n" >> /rmm/backup.sh -sudo ln -s /rmm/backup.sh /etc/cron.daily/ -``` - -!!!warning - Currently the backup script doesn't have any pruning functions so the folder will grow forever without periodic cleanup - -## Video Walkthru - -
- -
diff --git a/docs/docs/code_signing.md b/docs/docs/code_signing.md deleted file mode 100644 index 1a2adc16..00000000 --- a/docs/docs/code_signing.md +++ /dev/null @@ -1,21 +0,0 @@ -# Code Signing - -*Version added: Tactical RMM v0.6.0 / Agent v1.5.0* - -Tactical RMM agents are now [code signed](https://comodosslstore.com/resources/what-is-microsoft-authenticode-code-signing-certificate/)! - -To get access to code signed agents, you must be a [Github Sponsor](https://github.com/sponsors/wh1te909) with a minumum **monthly** donation of $50.00. If you signup for the $50, and then downgrade your auth token _**will be**_ invalidated and stop working. - -Once you have become a sponsor, please email **support@amidaware.com** with your Github username (and Discord username if you're on our [Discord](https://discord.gg/upGTkWp)) - -Please allow up to 24 hours for a response - -You will then be sent a code signing auth token, which you should enter into Tactical's web UI from *Settings > Code Signing* - -## How does it work? - -Everytime you generate an agent or an agent does a self-update, your self-hosted instance sends a request to Tactical's code signing servers with your auth token. - -If the token is valid, the server sends you back a code signed agent. If not, it sends you back the un-signed agent. - -If you think your auth token has been compromised or stolen then please email support or contact wh1te909 on discord to get a new token / invalidate the old one. diff --git a/docs/docs/contributing.md b/docs/docs/contributing.md deleted file mode 100644 index d633c1c5..00000000 --- a/docs/docs/contributing.md +++ /dev/null @@ -1,29 +0,0 @@ -# Contributing - -## Contributing to the docs - -Docs are built with [MKDocs for Material](https://squidfunk.github.io/mkdocs-material/) - -To setup a local environment to add/edit to this documentation site: - -```bash -mkdir ~/rmmdocs && cd ~/rmmdocs -git clone https://github.com/wh1te909/tacticalrmm.git . -python3 -m venv env -source env/bin/activate -pip install --upgrade pip -pip install --upgrade setuptools wheel -pip install -r api/tacticalrmm/requirements-dev.txt -cd docs -mkdocs serve -``` - -Open your browser and navigate to `http://yourserverip:8005` - -Add/edit markdown files in the `docs/docs` folder and you'll see live changes at the url above. - -Edit `docs/mkdocs.yml` to edit structure and add new files. - -Full mkdocs documentation [here](https://squidfunk.github.io/mkdocs-material/getting-started/) - -Once finished, [create a pull request](https://www.digitalocean.com/community/tutorials/how-to-create-a-pull-request-on-github) to the `develop` branch for review. diff --git a/docs/docs/contributing_community_scripts.md b/docs/docs/contributing_community_scripts.md deleted file mode 100644 index b570d3e6..00000000 --- a/docs/docs/contributing_community_scripts.md +++ /dev/null @@ -1,154 +0,0 @@ -# Community Scripts - -## Script Library Naming Conventions - -### File names - -Under `/scripts` the file name should generally follow this format: - -```text -(Platform)_(Category or Function)_(What It Does).xxx -``` - -!!!info - Although Tactical RMM only has a Windows agent for now, we're planning for a future with more platform support - -Platform for now are: - -```text -Win -OSX -Linux -iOS -Android -``` - -Good filename examples include: - -```text -Win_Azure_Mars_Cloud_Backup_Status.ps1 -Win_AzureAD_Check_Connection_Status.ps1 -Win_Network_DHCP_Set.bat -Win_Network_DNS_Set_to_1.1.1.2.ps1 -``` - -!!!info - This is so that at a glance you can see if there is already a script with that function, and you can avoid duplication of functionality. If you can improve a script or allow Script Arguments/Parameters update existing if possible - -### Name field (in community_scripts.json) - -Consider they are viewed in 3 different locations: - -Script Manager - -- List View (sortable by any column) - -- Folder View (Grouped by Categories) - -Run or Add script - -- Running scripts manually or adding tasks (or adding in Automation Manager) - -!!!info - A good max length is 50-60 chars or less for display in these 3 locations - -Make sure your Name roughly follows the order of file naming as above - -```text -Category or Function - What It Does -``` - - Consider how the alphabetic sort will affect display - -![json_name_examples](images/community_scripts_name_field_example1.png) - -***** - -## Making Script Files - -### Good Habits - -- Try and make them fully self-contained. - -- If they pull data from elsewhere, create comment notes at the top with references for others to audit/validate - -- Good folder locations to use for standardized things: - -```text -c:\ProgramData\TacticalRMM\ -c:\ProgramData\TacticalRMM\scripts -c:\ProgramData\TacticalRMM\toolbox -c:\ProgramData\TacticalRMM\logs -c:\ProgramData\TacticalRMM\temp -c:\ProgramData\TacticalRMM\ -``` - -- Command Parameters are good. Optional command parameters for extra functions are better. - -- Add standardized Comment headers to scripts (include the first 2, more if appropriate): - -```powershell -<# -.Synopsis - Short description - eg Check IP address -.DESCRIPTION - Long description - eg Checks IP address on all local network adapters, and returns results -.EXAMPLE - Example of how to use this cmdlet -.EXAMPLE - Another example of how to use this cmdlet -.INPUTS - Inputs to this cmdlet (if any) -.OUTPUTS - Output from this cmdlet (if any) -.NOTES - General notes - eg v1.0 -.COMPONENT - The component this cmdlet belongs to -.ROLE - The role this cmdlet belongs to -.FUNCTIONALITY - The functionality that best describes this cmdlet -#> -``` - -### Bad Habits - -- Assumes non-standard configurations - -- Doesn't play well with other community scripts (reused names etc.) - -***** - -## Script Parameters - - - -## Useful Reference Script Examples - -RunAsUser (since Tactical RMM runs as system) -[https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_Display_Message_To_User.ps1](https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_Display_Message_To_User.ps1) - -Command Paramater Ninja -[https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_ScreenConnectAIO.ps1](https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_ScreenConnectAIO.ps1) - -Optional Command Parameters and testing for errors -[https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_Rename_Computer.ps1](https://github.com/wh1te909/tacticalrmm/blob/develop/scripts/Win_Rename_Computer.ps1) - -***** - -## Volunteers Needed - -If you want to contribute back to the project there are a lot of scripts that need some TLC (Tender Loving Care) please paruse thru them in The Script WIP (Work In Progress): [https://github.com/wh1te909/tacticalrmm/tree/develop/scripts_wip](https://github.com/wh1te909/tacticalrmm/tree/develop/scripts_wip) - -Discuss/ask questions in the Discord group [here](https://discord.com/channels/736478043522072608/744281869499105290) - -What you can add is: - -- Add standardized Comment headers per above -- Parameterize scripts where appropriate -- Add $ExitCode and error conditions as appropriate -- Contact @silversword in Discord if you need help doing Github additions/edits/adding to the community Library and have questions about [Script Library Naming Conventions](#script-library-naming-conventions) diff --git a/docs/docs/contributing_using_a_remote_server.md b/docs/docs/contributing_using_a_remote_server.md deleted file mode 100644 index 461e947b..00000000 --- a/docs/docs/contributing_using_a_remote_server.md +++ /dev/null @@ -1,116 +0,0 @@ -# Contributing Using a Remote Server - -The below instructions are for a non-production server that has Tactical RMM installed and configured with a real domain. You can then use your own GitHub to push changes to and then submit a PR request to the TRMM `develop` branch (). - -!!!warning - Do not attempt development of this kind on your production server. - -## Install Tacticall RMM - -### 1. Traditional install - -This guide assumes you have done a [Traditional Install](install_server.md). - -### 2. Install VSCode and Extensions -Download VSCode [here](https://code.visualstudio.com/download) - -Download the Remote SSH Development Pack [here](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack) - -## Configure the Remote Development Server -### 1. Connect - -The remote development server should already have Tactical RMM installed via the traditional install method. - -After the extension pack is installed in VSCode you will have a new button at the bottom-left of VSCode. You can select it and add your remote SSH host information. - -![RemoteSSH](images/Remote_SSH_connection.png) - -### 2. Configure - -Configuring a remote server for development work is necessary so that as you make changes to the code base it will automatically refresh and you can see the changes. It may be necessary to do a full browser refresh if changing styles. - -Disable RMM and Daphne services - -```bash -sudo systemctl disable --now rmm.service && sudo systemctl disable --now daphne.service -``` - -Open /rmm/web/.env and make it look like the following - -```bash -DEV_URL = "http://api.EXAMPLE.COM:8000" -APP_URL = "http://rmm.EXAMPLE.COM:8080" -``` - -Open /rmm/api/tacticalrmm/tacticalrmm/local_settings.py - -```bash -change DEBUG = True -``` -Remove -```bash -CORS_ORIGIN_WHITELIST list -``` -Add -```bash -CORS_ORIGIN_ALLOW_ALL = True -``` - -Add the following to the ALLOWED HOSTS -```bash -rmm.EXAMPLE.COM -``` -cd /rmm/api/tacticalrmm/ - -```bash -source ../env/bin/activate -``` - -Install requirements - -```bash -pip install -r requirements-dev.txt -r requirements-test.txt -``` - -Start Django backend - -```bash -python manage.py runserver 0:8000 -``` - -Open a new terminal and compile quasar frontend - -```bash -cd /rmm/web -npm install -npm install -g @quasar/cli -quasar dev -``` - -!!!info - If you receive a CORS error when trying to log into your server via localhost or IP, try the following -```bash -rm -rf node_modules .quasar -npm install -quasar dev -``` -You should now have a localhost and IP based URL to view that has a live reload feature. - -## Configure GitHub with VSCode -!!!info Make sure you are submitting Pull Requests to the develop branch. -Follow this guide for a good introduction to GitHub: - -Make sure u are on develop branch -```bash -git checkout develop -``` -git remote -v should look like the following -```bash -origin https://github.com/yourusername/tacticalrmm.git (fetch) -origin https://github.com/yourusername/tacticalrmm.git (push) -upstream https://github.com/wh1te909/tacticalrmm.git (fetch) -upstream https://github.com/wh1te909/tacticalrmm.git (push) -``` -You will commit the change to your GitHub and from within GitHub you can then submit a PR to the develop branch of wh1te909 Tactical RMM. - -More to come... \ No newline at end of file diff --git a/docs/docs/contributing_using_browser.md b/docs/docs/contributing_using_browser.md deleted file mode 100644 index 2ec6fb17..00000000 --- a/docs/docs/contributing_using_browser.md +++ /dev/null @@ -1,51 +0,0 @@ -# Contributing Using Web Browser - -## Getting Started - -### 1. Fork Project in Github - -This is making a duplicate of the code under your Github that you can edit - - - -![ForkIt](images/vscode-forkit.png) - -### 2. Make Edits - -Make some changes - -![Edit](images/contribute_browser_make_changes.png) - -![Edit](images/contribute_browser_make_changes2.png) - -### 3. Request your changes to be pulled into the primary repo (Pull Request) - -![Changes you've made need integration with master repo](images/trmm_contribute-notice.png) - -This is taking your changes and requesting they be integrated into the Tactical RMM develop branch. - -#### 3a. Check the status of your PR - -Look at a summary of the changes you've requested, monitor for them to be accepted, or commented on. - - - -Once they're accepted you can either: -* Delete your fork -* Sync your local fork - -#### 4. Sync your fork - - - -Bring changes from original repo to your fork so you're current with changes made in original Github repo - -![Sync Fork](images/trmm_need_sync_local_fork.png) - -#### 5. Lather, Rinse, Repeat - -Goto Step 2. and contribute some more - -## Notes - -After your changes are accepted, they won't be live in Tactical RMM until there is a new [release](https://github.com/wh1te909/tacticalrmm/releases). #BePatient diff --git a/docs/docs/contributing_using_devbox.md b/docs/docs/contributing_using_devbox.md deleted file mode 100644 index 0aabfe19..00000000 --- a/docs/docs/contributing_using_devbox.md +++ /dev/null @@ -1,113 +0,0 @@ - -Hidden docs, needs work - -For local Hyper-v Devbox notes - -From https://raw.githubusercontent.com/silversword411/tacticalrmm-devdocs - -Needs an official install_devbox.sh script - -# Setup local devbox in hyper-v VM - - - - -## Install Ubuntu 20.04 LTS -Don't forget to - -```bash -sudo apt-get updates && sudo apt-get upgrade -``` - -### Optional -Set all users in sudo group not to require password every time: - -```bash -sudo visudo -``` - -Add this: - -``` -%sudo ALL=(ALL) NOPASSWD: ALL -``` - -## Download customized install script and tweak - -Create folder to dump into - -```bash -sudo mkdir /rmm -sudo chown ${USER}:${USER} -R /rmm -cd /rmm -``` - -Get dev install script -```bash -wget https://raw.githubusercontent.com/silversword411/tacticalrmm-devdocs/blob/main/install_devbox.sh -``` - -Edit, and search for `REPLACEMEWITHYOURFORKEDREPOURL` - -and replace with your forked repo URL (example commented out below) - -## Run it - -```bash -./install_devbox.sh -``` -## Watch for - -![Image](images/installcomplete.png) - -!!!Note Unlike regular installs, don't worry about the QR code - -## Celebrate - -![Image](images/celebrate.gif) - - - - - - - -# Misc commands - -### Start mkdocs on dev box - -```bash -cd /rmm/api -source env/bin/activate -pip install --upgrade pip -pip install --upgrade setuptools wheel -pip install -r tacticalrmm/requirements-dev.txt -cd /rmm/docs -mkdocs serve -``` - -### Running tests locally - -Prep and update - -```bash -source /rmm/api/env/bin/activate -cd /rmm/api/tacticalrmm -pip install -r requirements.txt -``` - -Then run tests - -```bash -python manage.py test -``` - -## Misc Notes - -### Spinning up front end web interface in development - - -```bash -cd /web -npm run serve -``` \ No newline at end of file diff --git a/docs/docs/contributing_using_docker.md b/docs/docs/contributing_using_docker.md deleted file mode 100644 index 25a3c882..00000000 --- a/docs/docs/contributing_using_docker.md +++ /dev/null @@ -1,89 +0,0 @@ -# Contributing using Docker - -## Install WSL2 - - - -## Install Docker Desktop - - - -### Configure Docker - -Make sure it doesn't look like this -![img](images/docker_WSL2_distros_missing.png) - -This is better - -![img](images/docker_with_ubuntu-20.04.png) - -### Check and make sure WSL is v2 and set Ubuntu as default - -[https://docs.microsoft.com/en-us/windows/wsl/install-win10#set-your-distribution-version-to-wsl-1-or-wsl-2](https://docs.microsoft.com/en-us/windows/wsl/install-win10#set-your-distribution-version-to-wsl-1-or-wsl-2) - -![img](images/wls2_upgrade_and_set_default.png) - -## Install VSCode Extensions - -[Remote - Containers](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers) - -[Docker](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker) - -## Connect to WSL and clone your Github fork - -![Connect to WSL](images/vscode_wsl_docker_setup1.png) - -![Clone Repo](images/vscode_wsl_docker_setup2.png) - -## Create .env file - -Under .devcontainer duplicate - -```text -.env.example -``` - -as - -```text -.env -``` - -Customize to your tastes (it doesn't need to be internet configured, just add records in your `hosts` file) eg - -```conf -127.0.0.1 rmm.example.com -127.0.0.1 api.example.com -127.0.0.1 mesh.example.com -``` - -## Launch your Dev VM in Docker - -Right-click `docker-compose.yml` and choose `Compose Up` - -Wait, it'll take a while as docker downloads all the modules and gets running. - -## Develop - -You're operational! - -!!!note - Self-signed certs are in your dev environment. Navigate to and and accept the self signed certs to get rid of errors. - -### View mkdocks live edits in browser - -Change stuff in `/docs/docs/` - -mkdocs is Exposed on Port: 8005 - -Open: [http://rmm.example.com:8005/](http://rmm.example.com:8005/) - -!!!note - If you add new mkdocs extensions you might need to:
- - docker-compose down.
- - Then delete the `/api/tacticalrmm/env/` folder.
- - Then docker-compose up and it will download/rebuild new extensions - -### View django administration - -Open: [http://rmm.example.com:8000/admin/](http://rmm.example.com:8000/admin/) diff --git a/docs/docs/contributing_using_vscode.md b/docs/docs/contributing_using_vscode.md deleted file mode 100644 index e917a7e2..00000000 --- a/docs/docs/contributing_using_vscode.md +++ /dev/null @@ -1,119 +0,0 @@ -# Contributing Using VSCode - -## Getting Started - -### 1. Install vscode - - - -### 2. Fork Project in Github - -This is making a duplicate of the code under your Github that you can edit - - - -![ForkIt](images/vscode-forkit.png) - -### 3. Add your (forked) repo to vscode - -Clone repository - -Login to your Github - -Choose local folder - -#### 3a. Install extra vscode Extensions - -GitLens - -Remote - SSH - -### 4. Open Terminal - - - -```text -Ctrl+` -``` - -### 5. Configure a remote for your fork (in vscode) - - - -Configure your local fork and tell it where the original code repo is so you can compare and merge updates later when official repo is updated - -Check repos - -```bash -git remote -v -``` - -Add upstream repo - -```bash -git remote add upstream https://github.com/wh1te909/tacticalrmm -``` - -Confirm changes - -```bash -git remote -v -``` - -### 6. Contribute code - -Make changes to something. - -`Commit` (update something) and notate what you did - -`Push` (from your local vscode to your github fork) - -Open browser and look at your repo (It should reflect your commit) - -#### 6a. Request your changes to be pulled into the primary repo (Pull Request) - -![Changes you've made need integration with master repo](images/trmm_contribute-notice.png) - -In browser create pull request - -### 7. Sync your local fork - - - -Bring changes from original repo to your local vscode copy so you're current with changes made in original Github repo - -![Sync Fork](images/trmm_need_sync_local_fork.png) - -In VSCode open TERMINAL - -```text -Ctrl+` -``` - -Tell git to pull from the GitHub upstream repo all new changes into your local directory - -```bash -git pull --rebase upstream develop -``` - -#### 7a. Push your local updated copy to your Github fork - -Then you're `push`ing that updated local repo to your online Github fork - -![Sync push/pulls](images/trmm_vscode_git_pending.png) - -### 8. Verify and Repeat - -Check your Github fork in browser, should be up to date now with original. Repeat 6 or 7 as necessary - -***** - -## Reference - -### Customizing the Admin Web Interface - -Created using quasar, it's all your .vue files in `web/src/components/modals/agents/RunScript.vue` - -Learn stuff here - - diff --git a/docs/docs/example_nginx.md b/docs/docs/example_nginx.md deleted file mode 100644 index 27e67d90..00000000 --- a/docs/docs/example_nginx.md +++ /dev/null @@ -1,74 +0,0 @@ -example of `/etc/nginx/sites-available/rmm.conf` - -**DO NOT COPY PASTE INTO YOUR SERVER ONLY USE AS A REFERENCE** - -``` -server_tokens off; - -upstream tacticalrmm { - server unix:////rmm/api/tacticalrmm/tacticalrmm.sock; -} - -map $http_user_agent $ignore_ua { - "~python-requests.*" 0; - "~go-resty.*" 0; - default 1; -} - -server { - listen 80; - server_name api.example.com; - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl; - server_name api.example.com; - client_max_body_size 300M; - access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=$ignore_ua; - error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; - - location /static/ { - root /rmm/api/tacticalrmm; - } - - location /private/ { - internal; - add_header "Access-Control-Allow-Origin" "https://rmm.example.com"; - alias /rmm/api/tacticalrmm/tacticalrmm/private/; - } - - location ~ ^/(natsapi) { - allow 127.0.0.1; - deny all; - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 500s; - uwsgi_ignore_client_abort on; - } - - location ~ ^/ws/ { - proxy_pass http://unix:/rmm/daphne.sock; - - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - } - - location / { - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 9999s; - uwsgi_ignore_client_abort on; - } -} -``` \ No newline at end of file diff --git a/docs/docs/faq.md b/docs/docs/faq.md deleted file mode 100644 index 4753af3d..00000000 --- a/docs/docs/faq.md +++ /dev/null @@ -1,134 +0,0 @@ -# FAQ - -## Is Tactical RMM vulnerable to Log4j - -No - -## Why isn't the agent source available? - - - -It's one of those "this is why we can't have nice things". Unfortunately there are a ton of shady people out there only looking to steal and make a profit off of someone else's work and they tried very hard with tactical. - -## Why isn't the Code Signing free? - -It's one way we're trying to monetize and get dev's paid. We had github sponsors up for many months before code signing. Very few people donated, some $5 and $10. maybe $40 a month. Once we announced code signing, sponsors came in like crazy, and many people upgraded their $5 to a $50 so while I would like to believe people would gladly donate, that's just not the case. We already tried. - -## Who is Amidaware LLC? - -The Legal entity behind Tactical RMM - -## Is it possible to use XXX with Tactical RMM - -While it _may be possible_ to use XXX, we have not configured it and therefore it is [Unsupported](../unsupported_guidelines). We cannot help you configure XXX as it pertains to **your environment**. - -## Is it possible to use XXX proxy server with Tactical RMM - -If you wish to stray from the [easy install](../install_server/#option-1-easy-install) of a standard install in a VPS, you need to have the knowledge on how to troubleshoot your own custom environment. - -The most common reasons you're running a proxy is: - -1. Because you only have a single public IP and you already have something on Port 443. **Workaround**: Get another public IP from your ISP -2. Because you want to monitor traffic for security reasons: You're a [Networking Wizard](../unsupported_guidelines). - -There are some [implementations](../unsupported_scripts) that others have done, but be aware it is [Unsupported](../unsupported_guidelines) and if you're requesting help in Discord please let us know in advance. - -## How do I do X feature in the web UI? - -A lot of features in the web UI are hidden behind right-click menus; almost everything has a right click menu so if you don't see something, try right clicking on it. - -## Where are the Linux / Mac agents? - -Linux / Mac agents are currently under development. - -## Can I run Tactical RMM locally behind NAT **without** exposing my RMM server to the internet? - -Yes, you will just need to setup local DNS for the 3 subdomains, either by editing host files on all your agents or through a local DNS server. - -Similarly asked: Can I use onsite DNS servers (I don’t want my server accessible from the internet). - -Yes, you can use (only) internal DNS (if you want) for api, mesh and rmm domains. You don't have to put these records in your public DNS servers - -**Note:** You still **must** have an internet resolvable domain name and add the DNS `TXT` record to its public DNS server for the Let's Encrypt wildcard cert request process that is part of the install process. This **does not** require any inbound connection from the internet (port forwarding etc) to be enabled. This does not expose your RMM server to the internet in any way. The Let's Encrypt wildcard is done for [nats](#self-signed-certs) - -## I am locked out of the web UI. How do I reset my password? - -SSH into your server and run: - -```bash -/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reset_password -``` - -## How do I reset password or 2 factor token? - -From the web UI, click **Settings > User Administration** and then right-click on a user: -![reset2fa](images/reset2fa.png) - -???+ note "Reset Password or 2FA token" - - === ":material-ubuntu: standard" - - ```bash - /rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reset_2fa - ``` - === ":material-docker: docker" - ```bash - docker exec -it trmm-backend /bin/bash - ``` - -Then simply log out of the web UI and next time the user logs in they will be redirected to the 2FA setup page which will present a barcode to be scanned with the Authenticator app. - -## How do I recover my MeshCentral login credentials? - -From Tactical's web UI: *Settings > Global Settings > MeshCentral* - -Copy the username then ssh into the server and run: - -```bash -cd /meshcentral/ -sudo systemctl stop meshcentral.service -node node_modules/meshcentral --resetaccount --pass -sudo systemctl start meshcentral.service -``` - -## Help! I've been hacked there are weird agents appearing in my Tactical RMM - -No, you haven't. - -1. Your installer was scanned by an antivirus. - -2. It didn't recognize the exe. - -3. You have the option enabled to submit unknown applications for analysis. - - ![AV Option1](images/faq_av_option1.png) - -4. They ran it against their virtualization testing cluster. - -5. You allow anyone to connect to your rmm server (you should look into techniques to hide your server from the internet). - -6. Here are some examples of what that looks like. - -![AV Sandbox1](images/faq_av_sandbox1.png) - -![AV Sandbox1](images/faq_av_sandbox2.png) - -![AV Sandbox1](images/faq_av_sandbox3.png) - -![AV Sandbox1](images/faq_av_sandbox4.png) - -## DNS can't find record - -Q. My dns isn’t working - -A. Make sure it’s correctly formatted, most DNS providers add in the domain automatically. - -![DNS Examples](images/trmmdnsexample.png) - -## Self-Signed Certs - -Q. Why can’t I use a self signed certificate for web etc. - -A. NATS over TLS needs a real certificate signed with a trusted root certificate. - -If you aren't a dev in a non-production environment, don't run nats with self signed certs: diff --git a/docs/docs/functions/alerting.md b/docs/docs/functions/alerting.md deleted file mode 100644 index c2f54386..00000000 --- a/docs/docs/functions/alerting.md +++ /dev/null @@ -1,99 +0,0 @@ -# Alerting Overview - -Alerting and notifications can be managed centrally using Alert Templates. All an alert template does is configure the Email, Text and Dashboard alert check boxes on Agents, Checks, and Automated Tasks. - -Using Alert Templates also enables additional feature like: - -- Periodic notifications if an alert is left unresolved -- Being able to notify on certain alert severities -- Sending notifications when an alert is resolved -- Executing scripts when an alert is triggered or resolved - -[Setting up Email Alert Examples](email_alert.md) -## Supported Notifications - -- **Email Alerts** - Sends email to configured set of email addresses -- **SMS Alerts** - Sends text messages to configured set of numbers -- **Dashboard Alerts** - A notification popup will show up and be visible in the dashboard - -## Alert Severities - -!!!info - Agent overdue alerts are always of severity Error - -Alert severities are configured directly on the Check or Automated Task. When the Check/Automated Task fails, it will create an alert of the specified severity. The severity types are: - -- Informational -- Warning -- Error - -## Adding Alert Templates - -To create an alert template, go to **Settings > Alerts Manager**. Then click **New** - -The available options are: - -### General Settings - -- **Name** - The name that is used to identify the Alert Template in the dashboard -- **Email Recipients** - Sets the list of email recipients. If this isn't set the email recipients will global settings will be used. -- **From Email** - Sets the From email address of the notification. If this isn't set the From address from global settings is used. -- **SMS Recipients** - Sets the list of text recipients. If this isn't set the sms list from global settings is used. - -### Action Settings - -- **Failure Action** - Runs the selected script once on any agent. This is useful for running one-time tasks like sending an http request to an external system to create a ticket. -- **Failure Action Args** - Optionally pass in arguments to the failure script. -- **Failure Action Timeout** - Sets the timeout for the script. -- **Resolved Action** - Runs the selected script once on any agent if the alert is resolved. This is useful for running one-time tasks like sending an http request to an external system to close the ticket that was created. -- **Resolved Action Args** - Optionally pass in arguments to the resolved script. -- **Resolved Action Timeout** - Sets the timeout for the script. - -#### Run actions only on: -- **Agents** - If Enabled, will run script failure/resolved actions on agent overdue alerts else no alert actions will be triggered for agent overdue alerts -- **Checks** - If Enabled, will run script failure/resolved actions on check alerts else no alert actions will be triggered check alerts -- **Tasks** - If Enabled, will run script failure/resolved actions on automated task alerts else no alert actions will be triggered automated task alerts - - -### Agent/Check/Task Failure Settings - -- **Email** - When **Enabled**, will send an email notification and override the Email Alert checkbox on the Agent/Check/Task. When **Not Configured**, the Email Alert checkbox on the Agent/Check/Task will take effect. If **Disabled**, no email notifications will be sent and will override any Email alert checkbox on the Agent/Check/Task -- **Text** - When **Enabled**, will send a text notification and override the SMS Alert checkbox on the Agent/Check/Task. When **Not Configured**, the SMS Alert checkbox on the Agent/Check/Task will take effect. If **Disabled**, no SMS notifications will be sent and will override any SMS Alert checkbox on the Agent/Check/Task -- **Dashboard** - When **Enabled**, will send a dashboard notification and override the Dashboard Alert checkbox on the Agent/Check/Task. When **Not Configured**, the Dashboard Alert checkbox on the Agent/Check/Task will take effect. If **Disabled**, no SMS notifications will be sent and will override any Dashboard Alert checkbox on the Agent/Check/Task -- **Alert again if not resolved after (days)** - This sends another notification if the alert isn't resolved after the set amount of days. Set to 0 to disable this -- **Alert on severity** - Only applicable to Check and Task alert notifications. This will only send alerts when they are of the configured severity. - - !!!info - Alert on Severity needs to be configured for check and task notifications to be sent! - -### Agent/Check/Task Resolved Settings - -- **Email** - If enabled, sends an email notification when an alert is resolved -- **Text** - If enabled, sends a text messaged when an alert is resolved - -## Applying Alert Templates - -Alert templates can be configured Globally, through an Automation Policy, or set directly on the Client or Site. - -- To apply **Globally**, navigate to **Settings > Global Settings**. Set the **Alert Template** dropdown and save. -- You can configure an alert template on an automation policy by navigating to **Settings > Automation Manager**, and clicking the **Assign Alert Template** click on the policy, or right-clicking the policy and selecting **Assign Alert Template** -- To configure on a Client or Site, right-click on one in the Client/Site tree view and select **Assign Alert Template** - -## Alert Template Exclusions - -You can exclude Clients, Sites, and Agents from alert templates. To do this you can: - -- right-click on the **Alert Template** in **Alerts Manager** and select **Exclusions** -- select the **Alert Exclusions** link in the Alert Template row. - -You can also **Exclude Desktops** from the alert template. This is useful if you only care about servers. - -## Alert Template inheritance - -Alerts are applied in the following order. The agent picks the closest matching alert template. - -1. Policy w/ Alert Template applied to Site -2. Site -3. Policy w/ Alert Template applied to Client -4. Client -5. Default Alert Template diff --git a/docs/docs/functions/api.md b/docs/docs/functions/api.md deleted file mode 100644 index accc3adf..00000000 --- a/docs/docs/functions/api.md +++ /dev/null @@ -1,112 +0,0 @@ -## API Access - -*Version added: v0.8.3* - -API Keys can be created to access any of TacticalRMM's api endpoints, which will bypass 2fa authentication - -When creating the key you'll need to choose a user, which will reflect what permissions the key has based on the user's role. - -Navigate to Settings > Global Settings > API Keys to generate a key - -Headers: - -```json -{ - "Content-Type": "application/json", - "X-API-KEY": "J57BXCFDA2WBCXH0XTELBR5KAI69CNCZ" -} -``` - -Example curl request: - -```bash -curl https://api.example.com/clients/ -H "X-API-KEY: Y57BXCFAA9WBCXH0XTEL6R5KAK69CNCZ" -``` - -## Enable Swagger - -This will let you add a browser interface to see how you can use the api better. - -Open `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` and add - -```conf -SWAGGER_ENABLED = True -``` - -Restart django: `sudo systemctl restart rmm.service` - -Then visit `https://api.example.com/api/schema/swagger-ui/` to see it in action. - -???+ abstract "Example Code" - - === ":fontawesome-brands-python: Python" - - Requests Windows Update check to run against agent ID - - ```python - import requests - - API = "http://api.example.com" - HEADERS = { - "Content-Type": "application/json", - "X-API-KEY": "DKNRPTHSAPCKT8A36MCAMNZREWWWFPWI", - } - - - def trigger_update_scan(): - agents = requests.get(f"{API}/agents/?detail=false", headers=HEADERS) - for agent in agents.json(): - r = requests.post(f"{API}/winupdate/{agent['agent_id']}/scan/", headers=HEADERS) - print(r.json()) - - - if __name__ == "__main__": - trigger_update_scan() - ``` - - === ":material-powershell: Powershell" - - ```powershell - # Example - Get all agents using API - - $headers = @{ - 'X-API-KEY' = 'ABC1234567890987654321' - } - - $url = "https://api.yourdomain.com/agents/" - - $agentsResult = Invoke-RestMethod -Method 'Get' -Uri $url -Headers $headers -ContentType "application/json" - - foreach ($agent in $agentsResult) { - Write-Host $agent - - #Write-Host $agent.hostname - } - ``` - - === ":material-powershell: Powershell" - - ```powershell - # Example - Send powershell command to agent. Make sure to pass {{agent.agent_id}} as a parameter - - param( - $AgentId - ) - - $headers = @{ - 'X-API-KEY' = 'ABC1234567890987654321' - } - - $url = "https://api.yourdomain.com/agents/$AgentId/cmd/" - - $body = @{ - "shell" = "powershell" - "cmd" = "dir c:\\users" - "timeout" = 30 - } - - - $commandResult = Invoke-RestMethod -Method 'Post' -Uri $url -Body ($body|ConvertTo-Json) -Headers $headers -ContentType "application/json" - - Write-Host $commandResult - ``` diff --git a/docs/docs/functions/automated_tasks.md b/docs/docs/functions/automated_tasks.md deleted file mode 100644 index 2d7a2e8e..00000000 --- a/docs/docs/functions/automated_tasks.md +++ /dev/null @@ -1,9 +0,0 @@ -# Automated Tasks - -## Collector Tasks - -Collector tasks allow saving data from script output directly to a custom field. The collector task will only save the last line of standard output of the script. - -You can create collector tasks by adding it to an Automation Policy or adding it directly to an agent. During creation, select the **Collector** checkbox and select the custom field to save to. You can only save to agent custom fields at this time. - -See [Custom Fields](custom_fields.md) and [Scripting](scripting.md) for more information \ No newline at end of file diff --git a/docs/docs/functions/automation_policies.md b/docs/docs/functions/automation_policies.md deleted file mode 100644 index 1fe9af19..00000000 --- a/docs/docs/functions/automation_policies.md +++ /dev/null @@ -1,36 +0,0 @@ -# Automation Policies - -Automation policies in Tactical RMM allow for mass deployment of Checks, Automated Tasks, Patch Policies, and Alert Templates. You can apply Automation Policies to: - -- Global Settings -- Client -- Site -- Agent - -You can also see a list of Relations that show what policy is applied to what Clients | Sites | Agents -## Creating Automation Policies - -In the dashboard, navigate to **Settings > Automation Manager**. Use the **Add** button to create a blank Automation Policy. The options available are: - -- **Name** - The name that will be used to identify the automation policy in the dashboard -- **Description** - Optional description of the automation policy -- **Enabled** - Specifies if the automation policy is active or not -- **Enforced** - Specifies that the automation policy should overwrite any conflicting checks configured directly on the agent - -## Policy Inheritance - -They get applied in this order: - -1. Global Settings -2. Client -3. Site -4. Agent - -and at each level you can Block policy inheritance from the level above using checkboxes in the appropriate screens. - -## Adding Windows Patch Management Policy - -Under the Automation Manager you can create a Patch Policy and control what patches are applied, when, and if the computer is rebooted after. - -!!!note - Most "regular" Windows patches are listed in the "Other" category. diff --git a/docs/docs/functions/custom_fields.md b/docs/docs/functions/custom_fields.md deleted file mode 100644 index 2e769d17..00000000 --- a/docs/docs/functions/custom_fields.md +++ /dev/null @@ -1,56 +0,0 @@ -# Custom Fields - -!!!info - v0.5.0 adds support for custom fields to be used in the dashboard and in scripts. - -#### Adding Custom Fields - -In the dashboard, go to **Settings > Global Settings > Custom Fields** and click **Add Custom Field**. - -!!!info - Everything between {{}} is CaSe sEnSiTive - -The following options are available to configure on custom fields: - -- **Model** - This is the object that the custom field will be added to. The available options are: - - Agent - - Site - - Client -- **Name** - Sets the name of the custom field. This will be used to identify the custom field in the dashboard and in scripts. -- **Field Type** - Sets the type of field. Below are the allowed types. - - Text - - Number - - Single select dropdown - - Multi-select dropdown - - Checkbox - - DateTime -- **Input Options** - *Only available on Single and Multiple-select dropdowns*. Sets the options to choose from. -- **Default Value** - If no value is found when looking up the custom field; this value will instead be supplied. -- **Required** - This makes the field required when adding new Clients, Sites, and Agents. *If this is set a default value will need to be set as well* -- **Hide in Dashboard** - This will not show the custom field in Client, Site, and Agent forms in the dashboard. This is useful if the custom field's value is updated by a collector task and only supplied to scripts. - -#### Using Custom Fields in the Dashboard - -Once the custom fields are added, they will show up in the Client, Site, and Agent Add/Edit forms. - -#### Using Custom Fields in Scripts - -Tactical RMM allows for passing various database fields for Clients, Sites, and Agents in scripts. This includes custom fields as well! - -!!!warning - The characters within the brackets is case-sensitive! - -In your script's arguments, use the notation `{{client.AV_KEY}}`. This will lookup the client for the agent that the script is running on and find the custom field named `AV_KEY` and replace that with the value. - -The same is also true for `{{site.no_patching}}` and `{{agent.Another Field}}` - -For more information see SCRIPTING PAGE - -#### Populating Custom Fields automatically - -Tactical RMM supports automatically collecting information and saving them directly to custom fields. This is made possible by creating **Collector Tasks**. These are just normal Automated Tasks, but instead they will save the last line of the standard output to the custom field that is selected. - -!!!info - To populate a multiple select custom field, return a string with the options separated by a comma `"This,will,be,an,array"` - -For more information See [Collector Tasks](automated_tasks.md#Collector Tasks) diff --git a/docs/docs/functions/database_maintenance.md b/docs/docs/functions/database_maintenance.md deleted file mode 100644 index da539cb8..00000000 --- a/docs/docs/functions/database_maintenance.md +++ /dev/null @@ -1,17 +0,0 @@ -# Database Maintenance - -Tactical RMM ships with data retention defaults that will work fine for most environments. There are situations, depending on the number of agents and checks configured, that these defaults need to be tweaked to improve performance. - -## Adjusting Data Retention - -In the dashboard, go to **Settings > Global Settings > Retention** - -The options are: - -- **Check History** - Will delete check history older than the days specified (default is 30 days). -- **Resolved Alerts** - Will delete alerts that have been resolved older than the days specified (default is disabled). -- **Agent History** - Will delete agent command/script history older than the days specified (default is 60 days). -- **Debug Logs** - Will delete agent debug logs older than the days specified (default is 30 days) -- **Audit Logs** Will delete Tactical RMM audit logs older than the days specified (default is disabled) - -To disable database pruning on a table, set the days to 0. diff --git a/docs/docs/functions/django_admin.md b/docs/docs/functions/django_admin.md deleted file mode 100644 index 11f8a841..00000000 --- a/docs/docs/functions/django_admin.md +++ /dev/null @@ -1,19 +0,0 @@ -# Django Admin - -!!!warning - Do not use the django admin unless you really know what you're doing.
You should never need to access it unless you are familiar with django or are instructed to do something here by one of the developers. - -The django admin is basically a web interface for the postgres database. - -As of Tactical RMM v0.4.19, the django admin is disabled by default. - -To enable it, edit `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` and change `ADMIN_ENABLED` from `False` to `True` then `sudo systemctl restart rmm.service` - -Login to the django admin using the same credentials as your normal web ui login. - -If you did not save the django admin url (which was printed out at the end of the install script), check the `local_settings.py` file referenced above for the `ADMIN_URL` variable. Then simply append the value of this variable to your api domain (`https://api.EXAMPLE.COM/`) to get the full url. - -Example of a full django admin url: -``` -https://api.example.com/JwboKNYb3v6K93Fvtcz0G3vUM17LMTSZggOUAxa97jQfAh0P5xosEk7u2PPkjEfdOtucUp/ -``` \ No newline at end of file diff --git a/docs/docs/functions/email_alert.md b/docs/docs/functions/email_alert.md deleted file mode 100644 index 65f358f8..00000000 --- a/docs/docs/functions/email_alert.md +++ /dev/null @@ -1,46 +0,0 @@ -# Email Setup - -Under **Settings > Global Settings > Email Alerts** - -## Setting up Tactical RMM Alerts using Open Relay - -MS 365 in this example - -1. Log into Tactical RMM -2. Go to Settings -3. Go to Global Settings -4. Click on Alerts -5. Enter the email address (or addresses) you want to receive alerts to eg info@EXAMPLE.COM -6. Enter the from email address (this will need to be part of your domain on 365, however it doesn’t need a license) eg rmm@EXAMPLE.COM -7. Go to MXToolbox.com and enter your domain name in, copy the hostname from there and paste into Host -8. Change the port to 25 -9. Click Save -10. Login to admin.microsoft.com -11. Go to Exchange Admin Centre -12. Go to “Connectors” under “Mail Flow” -13. Click to + button -14. In From: select “Your organisations email server” -15. In To: select “Office 365” -16. Click Next -17. In the Name type in RMM -18. Click By Verifying that the IP address…… -19. Click + -20. Enter your IP and Click OK -21. Click Next -22. Click OK - -## Setting up Tactical RMM Alerts using username & password - -Gmail in this example - -1. Log into Tactical RMM -2. Go to Settings -3. Go to Global Settings -4. Click on Alerts -5. Enter the email address (or addresses) you want to receive alerts to eg info@EXAMPLE.COM -6. Enter the from email address myrmm@gmail.com -7. Tick the box “My server requires Authentication” -8. Enter your username e.g. myrmm@gmail.com -9. Enter your password -10. Change the port to 587 -11. Click Save diff --git a/docs/docs/functions/examples.md b/docs/docs/functions/examples.md deleted file mode 100644 index f45b5295..00000000 --- a/docs/docs/functions/examples.md +++ /dev/null @@ -1,39 +0,0 @@ -# Examples - -## Create Run URL Action to Computer support page - -This will create a URL link that will take you to the support page for a computer based on the computers Serial Number - -1. Goto `Settings | Global Settings | Custom Fields` - - Under Agents tab Add Custom Field (CaSe SeNsItIve) - - ![Custom Field](../images/example1_customfield.png) - -2. Create Task (best to use `Settings | Automation Manager` if you want to apply it to all computers). Add script that has an output of the data you want. - - ![Collector Script](../images/example1_taskcollectorscript.png) - -3. Create URL Action (under `Settings | Global Settings | URL ACTIONS`) for Manufacturer websites - - ![URL Actions](../images/example1_urlaction.png) - -Dell Support Page - -``` -https://www.dell.com/support/home/en-us/product-support/servicetag/{{agent.SerialNumber}}/overview -``` - -Lenovo Support Page - -``` -https://pcsupport.lenovo.com/us/en/products/{{agent.SerialNumber}} -``` - -HP Support Page - -It gives an errors because the product model doesn't match the serial number. If you figure out a better link please let us know! :) - -``` -https://support.hp.com/us-en/product/hp-pro-3500-microtower-pc/5270849/model/5270850?serialnumber={{agent.SerialNumber}} -``` diff --git a/docs/docs/functions/keystore.md b/docs/docs/functions/keystore.md deleted file mode 100644 index ef10581a..00000000 --- a/docs/docs/functions/keystore.md +++ /dev/null @@ -1,12 +0,0 @@ -# Global Key Store - -The key store is used to store values that need to be referenced from multiple scripts. This also allows for easy updating of values since scripts reference the values at runtime. - -To Add/Edit values in the Global Key Store, browse to **Settings > Global Settings > KeyStore**. - -You can reference values from the key store in script arguments by using the {{global.key_name}} syntax. - -!!!info - Everything between {{}} is CaSe sEnSiTive - -See [Scripts](scripting.md) for more information. \ No newline at end of file diff --git a/docs/docs/functions/maintenance_mode.md b/docs/docs/functions/maintenance_mode.md deleted file mode 100644 index ab6a0899..00000000 --- a/docs/docs/functions/maintenance_mode.md +++ /dev/null @@ -1,12 +0,0 @@ -# Maintenance Mode - -Enabling maintenance mode for an agent will prevent any overdue/check/task email/sms alerts from being sent. - -It will also prevent clients/sites/agents from showing up as red in the dashboard if they have any failing checks or are overdue. - -To enable maintenance mode for all agents in a client/site, **Right Click** on a client / site and choose **Enable Maintenance Mode** - -![maint_mode](../images/maint_mode.png) - -To enable maintenance mode for a single agent, **Right Click** on the agent and choose **Enable Maintenance Mode** - diff --git a/docs/docs/functions/permissions.md b/docs/docs/functions/permissions.md deleted file mode 100644 index 36823e41..00000000 --- a/docs/docs/functions/permissions.md +++ /dev/null @@ -1,18 +0,0 @@ -# User Roles and Permissions - -## Permission Manager - -Make sure you've setup at least 1 valid (Super User aka Administrator) role under _Settings > Permission Manager_ - -1. Login as usual Tactical user -2. Go to Settings - Permissions Manager -3. Click New Role -4. You can all the role anything, I called it Admins -5. Tick the Super User Box/or relevant permissions required -6. Click Save then exit Permissions Manager -7. Go to Settings - Users -8. Open current logged in user/or any other user and assign role (created above step 6) in the Role drop down box. -9. Click Save - -Once you've set that up a Super User role and assigned your primary user, you can create other Roles with more limited access. - diff --git a/docs/docs/functions/remote_bg.md b/docs/docs/functions/remote_bg.md deleted file mode 100644 index 431043cd..00000000 --- a/docs/docs/functions/remote_bg.md +++ /dev/null @@ -1,21 +0,0 @@ -# Remote Background - -To access: **Right click** on an agent > **Remote Background** - -#### Services Tab - -Right click on a service to show the context menu where you can start/stop/restart services: - -![services_contextmenu](../images/services_contextmenu.png) - -Click *Service Details* to bring up the details tab where you can edit more service options: - -![service_detail](../images/service_detail.png) - -#### Processes Tab - -A very basic task manager that shows real time process usage. - -**Right click** on a process to end the task: - -![taskmanager](../images/taskmanager.png) diff --git a/docs/docs/functions/scripting.md b/docs/docs/functions/scripting.md deleted file mode 100644 index 8bdb404a..00000000 --- a/docs/docs/functions/scripting.md +++ /dev/null @@ -1,155 +0,0 @@ -# Scripting - -Tactical RMM supports uploading existing scripts or adding new scripts right in the dashboard. Languages supported are: - -- Powershell -- Windows Batch -- Python - -## Adding Scripts - -In the dashboard, browse to **Settings > Scripts Manager**. Click the **New** button and select either Upload Script or New Script. The available options for scripts are: - -- **Name** - This identifies the script in the dashboard -- **Description** - Optional description for the script -- **Category** - Optional way to group similar scripts together. -- **Type** - This sets the language of the script. Available options are: - - Powershell - - Windows Batch - - Python -- **Script Arguments** - Optional way to set default arguments for scripts. These will auto populate when running scripts and can be changed at runtime. -- **Default Timeout** - Sets the default timeout of the script and will stop script execution if the duration surpasses the configured timeout. Can be changed at script runtime -- **Favorite** - Favorites the script. - -## Downloading Scripts - -To download a Tactical RMM Script, click on the script in the Script Manager to select it. Then click the **Download Script** button on the top. You can also right-click on the script and select download - -## Community Scripts - -These are script that are built into Tactical RMM. They are provided and maintained by the Tactical RMM community. These scripts are updated whenever Tactical RMM is updated and can't be modified or deleted in the dashboard. - -### Hiding Community Scripts -You can choose to hide community script throughout the dashboard by opening **Script Manager** and clicking the **Show/Hide Community Scripts** toggle button. - -## Using Scripts - -### Manual run on agent - -In the **Agent Table**, you can right-click on an agent and select **Run Script**. You have the options of: - -- **Wait for Output** - Runs the script and waits for the script to finish running and displays the output. -- **Fire and Forget** - Starts the script and does not wait for output. -- **Email Output** - Starts the script and will email the output. Allows for using the default email address in the global settings or adding a new email address. -- **Save as Note** - Saves the output as a Note that can be views in the agent Notes tab -- **Collector** - Saves to output to the specified custom field. - -There is also an option on the agent context menu called **Run Favorited Script**. This will pre-populate the script run dialog with the script of your choice. - -[Script Execution Process](../../howitallworks/#windows-agent) - -### Script Arguments - -The `Script Arguments` field should be pre-filled with information for any script that can accept or requires parameters. - -

<Required Parameter Name> <string>
[-<Optional Parameter Name> <string>]
[-<string> {(<default string if not specified>) | <string2> | <string3>}]

- -Where `[]` indicates an optional parameter - -and `{}` indicates a parameter with several preconfigured parameter - -and `()` indicates a default parameter if none is specified - -### Bulk Run on agents - -Under the tools menu -> Run Bulk Script you can execute scripts against Clients/Sites/Selected Agents/All based on All/Servers/Workstations - -### Automated Tasks - -Tactical RMM allows scheduling tasks to run on agents. This leverages the Windows Task Scheduler and has the same scheduling options. - -See [Automated Tasks](automated_tasks.md) for configuring automated tasks - -### Script Checks - -Scripts can also be run periodically on an agent and trigger an alert if it fails. - -### Alert Failure/Resolve Actions - -Scripts can be triggered when an alert is triggered and resolved. This script will run on any online agent and supports passing the alert information as arguments. - -For configuring **Alert Templates**, see [Alerting](./alerting.md) - -See below for populating dashboard data in scripts and the available options. - -## Using dashboard data in scripts - -Tactical RMM allows passing in dashboard data to scripts as arguments. The below powershell arguments will get the client name of the agent and also the agent's public IP address - -``` --ClientName {{client.name}} -PublicIP {{agent.public_ip}} -``` - -!!!info - Everything between {{}} is CaSe sEnSiTive - -See a full list of possible built-in variables [Here](../script_variables.md) - -### Getting Custom Field values - -Tactical RMM supports pulling data from custom fields using the {{model.custom_field_name}} syntax. - -See [Using Custom Fields in Scripts](custom_fields.md#Using Custom Fields in Scripts) - -### Getting values from the Global Keystore - -Tactical RMM supports getting values from the global key store using the {{global.key_name}} syntax - -See [Global Keystore](keystore.md). - -### Example Powershell Script - -The below script takes five named values. The arguments will look like this: `-SiteName {{site.name}} -ClientName {{client.name}} -PublicIP {{agent.public_ip}} -CustomField {{client.AV_KEY}} -Global {{global.API_KEY}}` - -```powershell -param ( - [string] $SiteName, - [string] $ClientName, - [string] $PublicIp, - [string] $CustomField, - [string] $Global -) - -Write-Output "Site: $SiteName" -Write-Output "Client: $ClientName" -Write-Output "Public IP: $PublicIp" -Write-Output "Custom Fields: $CustomField" -Write-Output "Global: $Global" -``` - -## Script Snippets - -Script Snippets allow you to create common code blocks or comments and apply them to all of your scripts. This could be initialization code, common error checking, or even code comments. - -### Adding Script Snippets - -In the dashboard, browse to **Settings > Scripts Manager**. Click the **Script Snippets** button. - -- **Name** - This identifies the script snippet in the dashboard -- **Description** - Optional description for the script snippet -- **Shell** - This sets the language of the script. Available options are: - - Powershell - - Windows Batch - - Python - -### Using Script Snippets - -When editing a script, you can add template tags to the script body that contains the script snippet name. For example, if a script snippet exists with the name "Check WMF", you would put {{Check WMF}} in the script body and the snippet code will be replaced. - -!!!info - Everything between {{}} is CaSe sEnSiTive - -The template tags will only be visible when Editing the script. When downloading or viewing the script code the template tags will be replaced with the script snippet code. diff --git a/docs/docs/functions/settings_override.md b/docs/docs/functions/settings_override.md deleted file mode 100644 index a878c650..00000000 --- a/docs/docs/functions/settings_override.md +++ /dev/null @@ -1,19 +0,0 @@ -# Settings Override - -### Browser token expiration - -The default browser token expiration is set to 5 hours. See this [ticket](https://github.com/wh1te909/tacticalrmm/issues/503) for reference. - -To change it, add the following code block to the end of `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` - -```python -from datetime import timedelta - -REST_KNOX = { - "TOKEN_TTL": timedelta(days=30), - "AUTO_REFRESH": True, - "MIN_REFRESH_INTERVAL": 600, -} -``` - -Change `(days=30)` to whatever you prefer. Then run `sudo systemctl restart rmm.service` for changes to take effect. diff --git a/docs/docs/functions/url_actions.md b/docs/docs/functions/url_actions.md deleted file mode 100644 index a3a94d54..00000000 --- a/docs/docs/functions/url_actions.md +++ /dev/null @@ -1,26 +0,0 @@ -# URL Actions - -URL Actions will run against an agent and open a configured URL in a new browser tab or window. This allows for integrations with various remote viewing softwares. - -## Adding URL Actions - -In the dashboard, browse to **Settings > Global Settings > URL Actions**. The available options are: - -- **Name** - This identifies the URL Action in other parts of the dashboard -- **Description** - Optional description for the URL Action -- **Pattern** - This is the actual URL pattern that will open in the new browser tab/window. This field supports variables from the [Global Keystore](keystore.md) and [Script Variables](../script_variables.md). - -### URL Pattern Example - -!!!info - Variable names are *case sensitive*! - -``` -https://remote.example.com/connect?API_KEY={{global.API_KEY}}&agent_id={{agent.Remote ID}} -``` - -The above example uses a value defined in the **global keystore** named *API_KEY* and an **Agent custom field** called *remote id*. The URLs are properly encoded to work with any special characters or spaces returned in the values. - -## Running URL Actions - -In the agent table, right-click on the Agent and select **Run URL Action** and select the action to run \ No newline at end of file diff --git a/docs/docs/functions/user_ui.md b/docs/docs/functions/user_ui.md deleted file mode 100644 index d7a70cf3..00000000 --- a/docs/docs/functions/user_ui.md +++ /dev/null @@ -1,8 +0,0 @@ -# User Interface Preferences - -Click on your username at the top right of the dashboard > Preferences: - -![user_prefs](../images/user_prefs.png) - - -![user_prefs2](../images/user_prefs2.png) \ No newline at end of file diff --git a/docs/docs/guide_gettingstarted.md b/docs/docs/guide_gettingstarted.md deleted file mode 100644 index 0108e9b4..00000000 --- a/docs/docs/guide_gettingstarted.md +++ /dev/null @@ -1,25 +0,0 @@ - -# TLRD Version - -## At Install - -Setup Email Alerts -Setup SMS Alerts -Setup Server Preferences -General -Time Zone -Clear faults on agents that haven't checked in after (days) - -Setup Automation Manager -Default Profile for workstations - - -## Every 75 days - -OS updates -reboot -Backup -TRMM Update - -## Biannually - diff --git a/docs/docs/howitallworks.md b/docs/docs/howitallworks.md deleted file mode 100644 index 5989cee4..00000000 --- a/docs/docs/howitallworks.md +++ /dev/null @@ -1,576 +0,0 @@ -# How It All Works - -## Understanding TRMM - -Anything you configure: scripts, tasks, patching etc is queued and scheduled on the server to do something. -Everything that is queued, happens immediately when agents are online. -The agent gets a nats command, server tells it to do xyz and it does it. - -When agents are not connected to the server nothing happens. The windows task scheduler says do x at some time, what it's asked to do is get x command from the server. If server is offline, nothing happens. -If an agent comes online, every x interval (windows update, pending tasks etc) check and see is there something for me to do that I missed while I was offline. When that time occurs (eg agent sees if it needs to update itself at 35mins past every hr https://wh1te909.github.io/tacticalrmm/update_agents/ ) it'll get requested on the online agent. - -That's the simplified general rule for everything TRMM. - -[![Network Design](images/TacticalRMM-Network.png)](images/TacticalRMM-Network.png) - -Still need graphics for - - 1. Agent installer steps - - 2. Agent checks/tasks and how they work on the workstation/interact with server - -## Server - -Has a postgres database located here: - -[Django Admin](https://wh1te909.github.io/tacticalrmm/functions/django_admin.html) - -!!!description - A web interface for the postgres database - -All Tactical RMM dependencies are listed [here](https://github.com/wh1te909/tacticalrmm/blob/develop/api/tacticalrmm/requirements.txt) - -### Outbound Firewall Rules - -If you have strict firewall rules these are the only outbound rules from the server needed for all functionality: - -1. Outbound traffic to all agent IP scopes for reflect traffic from agents - -#### Server without Code Signing key - -No additional rules needed - -#### Server with Code Signing key - -No additional rules needed - -### System Services - -This lists the system services used by the server. - -#### nginx web server - -Nginx is the web server for the `rmm`, `api`, and `mesh` domains. All sites redirect port 80 (HTTP) to port 443 (HTTPS). - -!!! warning - - nginx does not serve the NATS service on port 4222. - -???+ abstract "nginx configuration (a.k.a. sites available)" - - - [nginx configuration docs](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/) - - === ":material-web: `rmm.example.com`" - - This serves the frontend website that you interact with. - - - Config: `/etc/nginx/sites-enabled/frontend.conf` - - root: `/var/www/rmm/dist` - - Access log: `/var/log/nginx/frontend-access.log` - - Error log: `/var/log/nginx/frontend-error.log` - - TLS certificate: `/etc/letsencrypt/live/example.com/fullchain.pem` - - === ":material-web: `api.example.com`" - - This serves the TRMM API for the frontend and agents. - - - Config: `/etc/nginx/sites-enabled/rmm.conf` - - roots: - - `/rmm/api/tacticalrmm/static/` - - `/rmm/api/tacticalrmm/tacticalrmm/private/` - - Upstreams: - - `unix://rmm/api/tacticalrmm/tacticalrmm.sock` - - `unix://rmm/daphne.sock` - - Access log: `/rmm/api/tacticalrmm/tacticalrmm/private/log/access.log` - - Error log: `/rmm/api/tacticalrmm/tacticalrmm/private/log/error.log` - - TLS certificate: `/etc/letsencrypt/live/example.com/fullchain.pem` - - === ":material-web: `mesh.example.com`" - - This serves MeshCentral for remote access. - - - Config: `/etc/nginx/sites-enabled/meshcentral.conf` - - Upstream: `http://127.0.0.1:4430/` - - Access log: `/var/log/nginx/access.log` (uses default) - - Error log: `/var/log/nginx/error.log` (uses default) - - TLS certificate: `/etc/letsencrypt/live/example.com/fullchain.pem` - - === ":material-web: default" - - This is the default site installed with nginx. This listens on port 80 only. - - - Config: `/etc/nginx/sites-enabled/default` - - root: `/var/www/rmm/dist` - - Access log: `/var/log/nginx/access.log` (uses default) - - Error log: `/var/log/nginx/error.log` (uses default) - -???+ note "systemd config" - - === ":material-console-line: status commands" - - - Status: `systemctl status --full nginx.service` - - Stop: `systemctl stop nginx.service` - - Start: `systemctl start nginx.service` - - Restart: `systemctl restart nginx.service` - - Restart: `systemctl reload nginx.service` reloads the config without restarting - - Test config: `nginx -t` - - Listening process: `ss -tulnp | grep nginx` - - === ":material-ubuntu: standard" - - - Service: `nginx.service` - - Address: `0.0.0.0` - - Port: 443 - - Exec: `/usr/sbin/nginx -g 'daemon on; master_process on;'` - - Version: 1.18.0 - - === ":material-docker: docker" - - TBD - To Be Documented - -#### Tactical RMM (Django uWSGI) service - -Built on the Django framework, the Tactical RMM service is the heart of the system by serving the API for the frontend and agents. - -???+ note "systemd config" - - - [uWSGI docs](https://uwsgi-docs.readthedocs.io/en/latest/index.html) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full rmm.service` - - Stop: `systemctl stop rmm.service` - - Start: `systemctl start rmm.service` - - Restart: `systemctl restart rmm.service` - - journalctl: - - "tail" the logs: `journalctl --identifier uwsgi --follow` - - View the logs: `journalctl --identifier uwsgi --since "30 minutes ago" | less` - - === ":material-ubuntu: standard" - - - Service: `rmm.service` - - Socket: `/rmm/api/tacticalrmm/tacticalrmm.sock` - - uWSGI config: `/rmm/api/tacticalrmm/app.ini` - - Log: None - - Journal identifier: `uwsgi` - - Version: 2.0.18 - - === ":material-docker: docker" - - TBD - To Be Documented - -#### Daphne: Django channels daemon - -[Daphne](https://github.com/django/daphne) is the official ASGI HTTP/WebSocket server maintained by the [Channels project](https://channels.readthedocs.io/en/stable/index.html). - -???+ note "systemd config" - - - Django [Channels configuration docs](https://channels.readthedocs.io/en/stable/topics/channel_layers.html) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full daphne.service` - - Stop: `systemctl stop daphne.service` - - Start: `systemctl start daphne.service` - - Restart: `systemctl restart daphne.service` - - journalctl (this provides only system start/stop logs, not the actual logs): - - "tail" the logs: `journalctl --identifier daphne --follow` - - View the logs: `journalctl --identifier daphne --since "30 minutes ago" | less` - - === ":material-ubuntu: standard" - - - Service: `daphne.service` - - Socket: `/rmm/daphne.sock` - - Exec: `/rmm/api/env/bin/daphne -u /rmm/daphne.sock tacticalrmm.asgi:application` - - Config: `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` - - Log: `/rmm/api/tacticalrmm/tacticalrmm/private/log/debug.log` - - === ":material-docker: docker" - - TBD - To Be Documented - -#### NATS server service - -[NATS](https://nats.io/) is a messaging bus for "live" communication between the agent and server. NATS provides the framework for the server to push commands to the agent and receive information back. - -???+ note "systemd config" - - - [NATS server configuration docs](https://docs.nats.io/running-a-nats-service/configuration) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full nats.service` - - Stop: `systemctl stop nats.service` - - Start: `systemctl start nats.service` - - Restart: `systemctl restart nats.service` - - Restart: `systemctl reload nats.service` reloads the config without restarting - - journalctl: - - "tail" the logs: `journalctl --identifier nats-server --follow` - - View the logs: `journalctl --identifier nats-server --since "30 minutes ago" | less` - - Listening process: `ss -tulnp | grep nats-server` - - === ":material-ubuntu: standard" - - - Service: `nats.service` - - Address: `0.0.0.0` - - Port: `4222` - - Exec: `/usr/local/bin/nats-server --config /rmm/api/tacticalrmm/nats-rmm.conf` - - Config: `/rmm/api/tacticalrmm/nats-rmm.conf` - - TLS: `/etc/letsencrypt/live/example.com/fullchain.pem` - - Log: None - - Version: v2.3.3 - - === ":material-docker: docker" - - - Get into bash in your docker with: `sudo docker-compose exec tactical-nats /bin/bash` - - Log: `nats-api -log debug` - -#### NATS API service - -The NATS API service is a very light golang wrapper to replace traditional http requests sent to django. The agent sends the data to nats-api which is always listening for agent requests (on Port 4222). It then saves the data to postgres directly. - -???+ note "systemd config" - - === ":material-console-line: status commands" - - - Status: `systemctl status --full nats-api.service` - - Stop: `systemctl stop nats-api.service` - - Start: `systemctl start nats-api.service` - - Restart: `systemctl restart nats-api.service` - - journalctl: This application does not appear to log anything. - - === ":material-ubuntu: standard" - - - Service: `nats-api.service` - - Exec: `/usr/local/bin/nats-api --config /rmm/api/tacticalrmm/nats-api.conf` - - Config: `/rmm/api/tacticalrmm/nats-api.conf` - - TLS: `/etc/letsencrypt/live/example.com/fullchain.pem` - - Log: None - - === ":material-docker: docker" - - TBD - To Be Documented - -#### Celery service - -[Celery](https://github.com/celery/celery) is a task queue focused on real-time processing and is responsible for scheduling tasks to be sent to agents. - -Log located at `/var/log/celery` - -???+ note "systemd config" - - - [Celery docs](https://docs.celeryproject.org/en/stable/index.html) - - [Celery configuration docs](https://docs.celeryproject.org/en/stable/userguide/configuration.html) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full celery.service` - - Stop: `systemctl stop celery.service` - - Start: `systemctl start celery.service` - - Restart: `systemctl restart celery.service` - - journalctl: Celery executes `sh` causing the systemd identifier to be `sh`, thus mixing the `celery` and `celerybeat` logs together. - - "tail" the logs: `journalctl --identifier sh --follow` - - View the logs: `journalctl --identifier sh --since "30 minutes ago" | less` - - Tail logs: `tail -F /var/log/celery/w*-*.log` - - === ":material-ubuntu: standard" - - - Service: `celery.service` - - Exec: `/bin/sh -c '${CELERY_BIN} -A $CELERY_APP multi start $CELERYD_NODES --pidfile=${CELERYD_PID_FILE} --logfile=${CELERYD_LOG_FILE} --loglevel="${CELERYD_LOG_LEVEL}" $CELERYD_OPTS'` - - Config: `/etc/conf.d/celery.conf` - - Log: `/var/log/celery/w*-*.log` - - === ":material-docker: docker" - - TBD - To Be Documented - -#### Celery Beat service - -[celery beat](https://github.com/celery/django-celery-beat) is a scheduler; It kicks off tasks at regular intervals, that are then executed by available worker nodes in the cluster. - -???+ note "systemd config" - - - [Celery beat docs](https://docs.celeryproject.org/en/stable/userguide/periodic-tasks.html) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full celerybeat.service` - - Stop: `systemctl stop celerybeat.service` - - Start: `systemctl start celerybeat.service` - - Restart: `systemctl restart celerybeat.service` - - journalctl: Celery executes `sh` causing the systemd identifier to be `sh`, thus mixing the `celery` and `celerybeat` logs together. - - "tail" the logs: `journalctl --identifier sh --follow` - - View the logs: `journalctl --identifier sh --since "30 minutes ago" | less` - - Tail logs: `tail -F /var/log/celery/beat.log` - - === ":material-ubuntu: standard" - - - Service: `celerybeat.service` - - Exec: `/bin/sh -c '${CELERY_BIN} -A ${CELERY_APP} beat --pidfile=${CELERYBEAT_PID_FILE} --logfile=${CELERYBEAT_LOG_FILE} --loglevel=${CELERYD_LOG_LEVEL}'` - - Config: `/etc/conf.d/celery.conf` - - Log: `/var/log/celery/beat.log` - - === ":material-docker: docker" - - TBD - To Be Documented - -#### MeshCentral - -[MeshCentral](https://github.com/Ylianst/MeshCentral) is used for: "Take Control" (connecting to machine for remote access), and 2 screens of the "Remote Background" (Terminal, and File Browser). - -???+ note "meshcentral" - - - [MeshCentral docs](https://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) - - === ":material-console-line: status commands" - - - Status: `systemctl status --full meshcentral` - - Stop: `systemctl stop meshcentral` - - Start: `systemctl start meshcentral` - - Restart: `systemctl restart meshcentral` - - === ":material-remote-desktop: Debugging" - - - Open either "Take Control" or "Remote Background" to get mesh login token - - Open https://mesh.example.com to open native mesh admin interface - - Left-side "My Server" > Choose "Console" > type `agentstats` - - To view detailed logging goto "Trace" > click Tracing button and choose categories - -### Other Dependencies - -[Django](https://www.djangoproject.com/) - Framework to integrate the server to interact with browser. - -
- Django dependencies - -```text -future==0.18.2 -loguru==0.5.3 -msgpack==1.0.2 -packaging==20.9 -psycopg2-binary==2.9.1 -pycparser==2.20 -pycryptodome==3.10.1 -pyotp==2.6.0 -pyparsing==2.4.7 -pytz==2021.1 -``` -
- -[qrcode](https://pypi.org/project/qrcode/) - Creating QR codes for 2FA. - -
- qrcode dependencies - -```text -redis==3.5.3 -requests==2.25.1 -six==1.16.0 -sqlparse==0.4.1 -``` -
- -[twilio](https://www.twilio.com/) - Python SMS notification integration. - -
- twilio dependencies - -```text -urllib3==1.26.5 -uWSGI==2.0.19.1 -validators==0.18.2 -vine==5.0.0 -websockets==9.1 -zipp==3.4.1 -``` -
- - -## Windows Agent - -Found in `%programfiles%\TacticalAgent` - -When scripts/checks execute, they are: - -1. transferred from the server via nats -2. saved to a randomly created file in `c:\windows\temp\trmm\` -3. executed -4. Return info is captured and returned to the server via nats -5. File in `c:\windows\temp\trmm\` are removed automatically after execution/timeout. - -### Outbound Firewall Rules - -If you have strict firewall rules these are the only outbound rules from the agent needed for all functionality: - -1. All agents have to be able to connect outbound to TRMM server on the 3 domain names on ports: 443 (agent and mesh) and 4222 (nats for checks/tasks/data) - -2. The agent uses `https://icanhazip.tacticalrmm.io/` to get public IP info. If this site is down for whatever reason, the agent will fallback to `https://icanhazip.com` and then `https://ifconfig.co/ip` - -#### Unsigned Agents - -Unsigned agents require access to: `https://github.com/wh1te909/rmmagent/releases/*` - -#### Signed Agents - -Signed agents will require: `https://exe.tacticalrmm.io/` and `https://exe2.tacticalrmm.io/` for downloading/updating agents - -### Services - -3 services exist on all clients - -* `Mesh Agent` -![MeshService](images/trmm_services_mesh.png) -![MeshAgentTaskManager](images/trmm_services__taskmanager_mesh.png) - -**AND** - -* `TacticalAgent` and `Tactical RMM RPC Service` -![TacticalAgentServices](images/trmm_services.png) -![TacticalAgentTaskManager](images/trmm_services__taskmanager_agent.png) - -The [MeshCentral](https://meshcentral.com/) system which is accessible from `https://mesh.example.com` and is used - -* It runs 2 goroutines - * one is the checkrunner which runs all the checks and then just sleeps until it's time to run more checks - * 2nd goroutine periodically sends info about the agent to the rmm and also handles agent recovery - -!!!note - In Task Manager you will see additional `Tactical RMM Agent` processes appear and disappear. These are your Checks and Tasks running at scheduled intervals - -`Tactical RMM RPC Service` - -* Uses the pub/sub model so anytime you do anything realtime from rmm (like a send command or run script) -* It maintains a persistent connection to your to the api.example.com rmm server on `port:4222` and is listening for events (using [nats](https://nats.io/)) -* It handles your Agent updates (Auto triggers at 35mins past every hour or when run manually from server Agents | Update Agents menu) - -*** - -### Agent Installation Process - -* Adds Defender AV exclusions -* Copies temp files to `c:\windows\temp\tacticalxxx` folder. -* INNO setup installs app into `%ProgramData%\TacticalAgent\` folder - -*** - -### Agent Update Process - -Downloads latest `winagent-vx.x.x-x86/64.exe` to `%programfiles%` - -Executes the file (INNO setup exe) - -Files create `c:\Windows\temp\Tacticalxxxx\` folder for install (and log files) - -*** - -### Agent Debugging - -You can temporarily log to screen, or log to file - -???+ note "Debugging Options" - - === ":material-math-log: Manual One Time" - - Stop the services - - ```cmd - net stop tacticalagent - net stop tacticalrpc - ``` - - Then run either Agent: - - Run the tacticalagent service manually with debug logging: - - ```cmd - "C:\Program Files\TacticalAgent\tacticalrmm.exe" -m winagentsvc -log debug -logto stdout - ``` - - Run the tacticalrpc service manually with debug logging: - - ```cmd - "C:\Program Files\TacticalAgent\tacticalrmm.exe" -m rpc -log debug -logto stdout - ``` - - === ":material-math-log: Log debug to file" - - TacticalAgent - - Stop the service - - ```cmd - net stop tacticalagent - ``` - - Edit the service: `TacticalAgent` - - ```cmd - cd "c:\Program Files\TacticalAgent" - nssm.exe edit tacticalagent - ``` - - Add options `-m winagentsvc -log debug` - - TacticalAgent: Start the service - ```cmd - net start tacticalagent - ``` - - It will debug log to `"C:\Program Files\TacticalAgent\agent.log"` - - **AND/OR** - - Tacticalrpc - - Stop the service - - ```cmd - net stop tacticalrpc - ``` - - Edit the service: `Tacticalrpc` - - ```cmd - cd "c:\Program Files\Tacticalrpc" - nssm.exe edit tacticalrpc - ``` - - Add options `-m rpc -log debug` - - Tacticalrpc: Start the service - ```cmd - net start tacticalrpc - ``` - - It will debug log to `"C:\Program Files\TacticalAgent\agent.log"` - - -#### Mesh Agent Recovery - -Tactical Agent just runs `mesh_agent.exe -something` to get the mesh agent id and saves it to the django database. - -#### Tactical RPC Recovery - -#### Tactical Agent Recovery - -### Windows Update Management - -Tactical RMM Agent sets: - -```reg -HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -AUOptions (REG_DWORD): -1: Keep my computer up to date is disabled in Automatic Updates. -``` - -Uses this Microsoft API to handle updates: [https://docs.microsoft.com/en-us/windows/win32/api/_wua/](https://docs.microsoft.com/en-us/windows/win32/api/_wua/) - -### Log files - -You can find 3 sets of detailed logs at `/rmm/api/tacticalrmm/tacticalrmm/private/log` - -* `error.log` nginx log for all errors on all TRMM URL's: rmm, api and mesh - -* `access.log` nginx log for access auditing on all URL's: rmm, api and mesh (_this is a large file, and should be cleaned periodically_) - -* `django_debug.log` created by django webapp diff --git a/docs/docs/images/3rdparty_anydesk1.png b/docs/docs/images/3rdparty_anydesk1.png deleted file mode 100644 index 0d3fc749..00000000 Binary files a/docs/docs/images/3rdparty_anydesk1.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_anydesk2.png b/docs/docs/images/3rdparty_anydesk2.png deleted file mode 100644 index dc47f8f2..00000000 Binary files a/docs/docs/images/3rdparty_anydesk2.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_bdg_CustFieldLink.png b/docs/docs/images/3rdparty_bdg_CustFieldLink.png deleted file mode 100644 index ebf21e4e..00000000 Binary files a/docs/docs/images/3rdparty_bdg_CustFieldLink.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_bdg_DownloadLink.png b/docs/docs/images/3rdparty_bdg_DownloadLink.png deleted file mode 100644 index 186f0f64..00000000 Binary files a/docs/docs/images/3rdparty_bdg_DownloadLink.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_bdg_LinkCopy.png b/docs/docs/images/3rdparty_bdg_LinkCopy.png deleted file mode 100644 index 12e0fa8a..00000000 Binary files a/docs/docs/images/3rdparty_bdg_LinkCopy.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_bdg_Packages.png b/docs/docs/images/3rdparty_bdg_Packages.png deleted file mode 100644 index 1f84ee30..00000000 Binary files a/docs/docs/images/3rdparty_bdg_Packages.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_bdg_RmmCustField.png b/docs/docs/images/3rdparty_bdg_RmmCustField.png deleted file mode 100644 index a2c69d43..00000000 Binary files a/docs/docs/images/3rdparty_bdg_RmmCustField.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_grafana_ex1.png b/docs/docs/images/3rdparty_grafana_ex1.png deleted file mode 100644 index ae229692..00000000 Binary files a/docs/docs/images/3rdparty_grafana_ex1.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_grafana_ex2.png b/docs/docs/images/3rdparty_grafana_ex2.png deleted file mode 100644 index bd0cc837..00000000 Binary files a/docs/docs/images/3rdparty_grafana_ex2.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_sc_aio.png b/docs/docs/images/3rdparty_sc_aio.png deleted file mode 100644 index 9af689d1..00000000 Binary files a/docs/docs/images/3rdparty_sc_aio.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_screenconnect1.png b/docs/docs/images/3rdparty_screenconnect1.png deleted file mode 100644 index ba9dee77..00000000 Binary files a/docs/docs/images/3rdparty_screenconnect1.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_screenconnect2.png b/docs/docs/images/3rdparty_screenconnect2.png deleted file mode 100644 index 157e1ce9..00000000 Binary files a/docs/docs/images/3rdparty_screenconnect2.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_screenconnect3.png b/docs/docs/images/3rdparty_screenconnect3.png deleted file mode 100644 index 742117e1..00000000 Binary files a/docs/docs/images/3rdparty_screenconnect3.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_screenconnect4.png b/docs/docs/images/3rdparty_screenconnect4.png deleted file mode 100644 index a119a083..00000000 Binary files a/docs/docs/images/3rdparty_screenconnect4.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_splashtop1.png b/docs/docs/images/3rdparty_splashtop1.png deleted file mode 100644 index 310c880c..00000000 Binary files a/docs/docs/images/3rdparty_splashtop1.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_splashtop2.png b/docs/docs/images/3rdparty_splashtop2.png deleted file mode 100644 index 0fdb2fb1..00000000 Binary files a/docs/docs/images/3rdparty_splashtop2.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_teamviewer1.png b/docs/docs/images/3rdparty_teamviewer1.png deleted file mode 100644 index 53fcdcf5..00000000 Binary files a/docs/docs/images/3rdparty_teamviewer1.png and /dev/null differ diff --git a/docs/docs/images/3rdparty_teamviewer2.png b/docs/docs/images/3rdparty_teamviewer2.png deleted file mode 100644 index bd885d24..00000000 Binary files a/docs/docs/images/3rdparty_teamviewer2.png and /dev/null differ diff --git a/docs/docs/images/Remote_SSH_connection.png b/docs/docs/images/Remote_SSH_connection.png deleted file mode 100644 index 55fe5ae3..00000000 Binary files a/docs/docs/images/Remote_SSH_connection.png and /dev/null differ diff --git a/docs/docs/images/TacticalRMM-Network.drawio b/docs/docs/images/TacticalRMM-Network.drawio deleted file mode 100644 index 0bcd2c21..00000000 --- a/docs/docs/images/TacticalRMM-Network.drawio +++ /dev/null @@ -1 +0,0 @@ -7R1rc5u49td4prsz9vAGf2yc5u6d224zTXr38WWHgGyzwYgLuEn2118dIfEQwmAbYjtt2klAEhLSOTo6byb6YvP8r8SN15+wj8KJpvjPE/16ommGaSvkD5S85CWq5jh5ySoJfFZWFtwF/yBWyB5cbQMfpbWGGcZhFsT1Qg9HEfKyWpmbJPip3myJw/qosbtCjYI7zw2bpb8FfrZmpaqilBW/oGC1ZkM7Jqt4cL3HVYK3ERsvwhHKazYu74Y1Tdeuj58qRfqHib5IMM7yq83zAoWwrnzF8uduWmqLV05QlPV54OvTR3MVfv3zxfxzvd18CLzr//415QD45oZbtha/4eQxzdwswFE6gT5vyO87lHxDCbm3QjLY1RKTMcmUshe2gtb/tphXTFMK3/ekgWrEz2UluVqxv7SXh0QsIYPlXfNirTaKRlcawYQUUv20DjJ0F7se1D4R1CRl62wTkjuVvQtDNdWB+yAMFzjECe1L913kLD1SvkpcPyCLWKmzkWshGCLNEvyIKjWW56CHJQyEk+AfMoLLhyPrkwUEpd6HwSoiZRmG98Hk9YIM9oWhFDOCpui5FY5qgR1kxyG8QVnyQpqwB6aq4zCose3Gb5+qqMsxdF1B2wIXXbZfVkXvJeKQC4Y7cjz68z/B9c10+fjL/dfPzubD4sPn+7+mltPAowbwUOS/h71K7rzQTdPAq8Or2CCwUL6brimgaU3mJhyUFrknPVXuchjxfasKkKY7kjzyHGS/Q98zzWS3f7DWcH39zMalNy/8JiJr8ztvBjd/0C5Mfls+Ru/4cw2sublRyE8B/wawyTrhbeKhHStsc7roJiuU7WhozPOGyK/RvCY+VdBFhiy8LEEhIQbf6pRShkBshFscUOLA0dU26tiqqwIS5lNnj1UJmNiTqoldGUJX+eI0uqIoXcz8CCy3zh3LOcIqNYTtQNdyb/TfGidFccs4LxS35vZMm5c/dg1LCX2eOXql+kD0tzUB+0VqPhz2S3kFu4H80SqInttP8+O4BGA5Ao81Ebr0Crwrn9IB/2Bx29gN9uzS9epvc5fjpaYsCGNL/twmuNqJ4ruZO81fOfFqT66zDBjU95RHopxLOlthvAqRGwfpzMMbUuylpMnN0t0EIQCOj3aVj3YljJa/cvqSZmjjZWFl6g3e6PJmRbjKbfp25kNGnQKE6DaYpQxfd0+vpbjcPB/xKu2P855nWSCkVBbiMlbu5ptLpnwT4hX5zejITe9FOoW8gCxf8ZHs6JvPLdUxD5EJdEUuf/imrc/9oeQFU6kfHKbaV2BQndEEBgknlcM0jd2o16mhwqmhMKSndfkjUBnhZOOG9eonNjGoN2BJWGWIsgwl0xSgEq2kz5PVz6ZuDkSo9sjao6ReHRBMi1j3SuXVaGWWuFG6JJ3y7kFNwBo84cSvj159vNQwTBkFgBbJ6uGdZpqUShAAKML1T8XjfpDGofuSPxVEYVAZeBliN6u+0EWfnG1MgUgg86ltULqeoWd3E4eIDqe/Nwy9m3jn2FkvbsVYAWBKAaLKVQkqulB8tuwAIO+Xz0M3YNVQ+A0BQWnUCBvhxyZ5zU2ivPvl/v727qdWNBFFRCK23LFbnGRrvMKRG34oS6/q51bZ5iOGA4QeLX8TgLyw48rdZrh+lpWCYKmsGEsUPFzgU/sKfI7dU+A7VpJTtflw2gqhK0N5XW2FqreesW+QoJNhRHqulRNuEHTl3f3ittixJWf57tf393cFeY0e0rhC6F1gjxK03DFzH3vpLHLJ7AMMnC25msYJzjCZTPNenMRtUaNck44qb+/yJj+dhJwcQBYOJUFHkBNtaBVpb3JyFC+sypTne6pQHJkKheFyP5mqqm+Ro/9+ypczpy5vU9Gyn2ZsH4XMW4L6hCtugE7309uU+2SBo2WwOnCbeB6cXxe4YDfJBh4m/ZDfmetRtUZeRs80ckn6j5b9lxEl2T66XcvS9UtcN5R5oOdCWYoiL3mJM7iDI4VUVdgV7ebnWYw2+yu24BDuUGy1nqgNvdIuo7MtKpHmDSVSYY+r6ZDGOzfn3eY4kArj/gtQuJi4D7wHpWthdK22MKrW1K5p3GJVWxh7LOUaZ4QqCzP06Z7jJScE7gpRZO239a+r4vY964Jcfvn0ifx+X+2rfIjsLw+lTDVeIUCE6UfN1hLGnjz2K6bM1DYB8kA2jbeGW07/FZk4MAFPnkcEnjDZGpX4EWBQ+RA+ufWxnPlSvsGj13+70Yq1FRA0XbsxXMZ8fl27udR1fN5mVFXRtst3b5ruvc/tl9pMtxxDUxVTs3TVdHqit2HPoLntzA0bOjDGwvamLpkjFcUoYcFB1VRf0bpCn5nSJdZ1ptu6Zoqtpnp/E/g+FbhkIKwLYcNDi9XOjQZ4bKsJnRagDg4cTgxPS6MNPuoZ0Wi1sTDj0OhPKF2LZHU/Ei3roYUwQ1PaLifLJ6Z1BfK9HVrXdMKoQ+eSid0e4OLETmvAx5GwoK9F7PTmnq6LFrutTuWeuv8IrIMHIlI3RPtDKkFp8A+jmgCXGFTPdBHMq4l5DX1tM5wyG/hE8E+Dm1sXzEARLdGUJj6BPcrS57o/adjPl/OljfwxscEQiLzRJPKqDD30sWi81qmB76nivghhV6KBB9zOdQatanhuOrs0pfZE38cjuJW76VRqa4x5G84pknNFysw2OH95qN2MN8HLZYpGsWJp5jkwkMr5MZBaU+wZV8hPYu8g/rH+Jg15/8st2OPv6lrYH3L/4Lyw2bIbLpYX1pq88JuR+/eA1pnK/T10s942+VZwl51xExAd0WxBi2+CUOL4YhDMqxzS6kyx7I5jumQJDM2pMAUFH7AjFqIamlEL8kgfUeati/HqQR1CyAfp9hYlAYEBIFr5hmLh4fwE11Z38hNcmDmXIAu1cFvl/jSHu+YYluDlYwldtbjmEPxzXyrNmAC1z0srtShNcpH3OSjPpDfljk9f7+7pmZbRwy9Ykl8rDM50jUMsWxOStYJW4O9CzqfnF5m3AByKuZz6eQlOcj7tTAki6al8qD9NEC3xDMRmIL6JGzL5hOyuCMYka38DCpBFXqsJt1/JIf8viC2exf6yVTUGrcgf2rDC4biTNusbbImP7gMKxxPE+54TbfrhvXlcZaZZZp3JnWrGuUsHnJq9GY1Luzqlhy6mv8blAAOwLkQdS6MIXlW9ohsSHuMNOOvIHRzrL5BLQH3d10+gXDnSAZmrYXqoZCQ8kzzu5nCmiWsSux2VlZ5MU0F1LdtRh2GQTNF1WYwP7eSPxqfXRpNeN7BzdG2OKVAyqTJHt4ig1CRmRZjU4NSM49iupYFdXSHwQCoWi1Z856WUVbklpwzVXujXDzjLgGRchUJFcZ41DrjKzsa59mFRpGJRmifPgv7IjjPLcdQrfdKMemOyNi++DhKmbYGqBMAiyFlaLmdRJcrmeQWZaWYRyp4gfcksdOO2Pb8bL/trR/bAmdFOQKNpcLqCbDjAz54PF8NAOzwoWK3jzFS7El9vNiBjSdiS0XKhGE3pa/fZXQa+VkWm7wd+hi6FH+czJWymNLnNaPCUWSDerBWv3nGLTa+vj+8aeY+TigY9xSFcLTHI24vPX0DmQkmCk/RoHrWmZTuGYd03109N1VdVUrJtU9VQFm0GSmZ0FJP8CuzwATZJzeZ6/aP5YV2ueutS8r0qP9wZ+nPeNKON9M3nMhF2GwXPxfjFWdgSVlC19aUY6Mg4wu2xhOMUBEDO7x8f9LtHbrQjqEdfjwajb9RvIUyDeDEM8TDMOvGw52dIPJoGUIF4HBg3yM3WB0QOitE8Jwm6OShwrWWtdiZkSDkt9nJaHNP3EVMz7Ao65CF4eUAapXWHx6P1TBn09kLQ3DieBVG7m1nvJEvnvRJ9c0Cxaes38L9XdOdpgjDfeRR3c7+cPYyC26d0FUxpqH2CXHJSInpNI+5RBAF2boZSiLT7HNM8tjN6Xmt6iFcr0I2I71KUS2x/1KKpMAz7qTeK9WVXOrx+6oF+rYfuPoYcRdAT23pTwtZlGpO5OTNHkrHtpiKLL2Df7DrV7C7t+XVaUuMcmkCmkbTQ3QAu+3jjlobwiTxtEODKhUzrImFxUaRd7kK9ZzoqgbQULoZu4oYhIkQucUHtH1cUAbW6ioagM1le8Iy42NIzUqDNOt1u8h6E3KkCJ6/L7NaahNyJPkHDETvr5EJrRVS095IVR5F2ayYtlka4lxx8uBDKNVPdQqjVUwg9VuJ05spMqfwIWnAxbfDIyaNs+5xw9LtEUZ6lqBNFef6gM0ln5DTt1q+OOq+Yr+qtoBt3iuh2DDbPC93OIkBI/MqBIeEyZM5xoyXY5dSjVaLKmUYIv8t539LLd4e8IhMHWOjL/aLSkbKhU6R5Ox/7J8YMwyBOUTf36aZx7ntC2VAJb+l4yPNku+nBMUG129ua7fQPxDgVpDl/2/OrFIxQ7LRgHGidqK78ATZKuQW2i/wOBeHhzuOhv8DSn4kUvhAhSjB9AyQEBdFUDLQYmfd05qdnIL53ZsDuy3v2dXh9JWagaRKrn3BKAMaWGKdp8EB9UWgkTKGH9ifUiBOjJHwZ8XhaLjX58eRbD5ZpDaX60EUPiFMzJU7zqBLAI3WG+4Lg43OobDYWYHwTOb4hA4yjPejWUIAxRGZReT24SD/t05mn4kBDMguwYuFYgxiUz1uNu2f+1VZDcDXi7UeC0l7W4cqS1e+m8D7QL12X2d8pjvqvZZGllAY87lzPS1gnmM/XpH0n5sZOyUpJbOcXvBh7GtLrXyuqI9rPM1o6WtrWI7/9YwhpW1/Z2Cs9bdq//dP7tFHrp81FolublyS8QDG+qtkzhfxTc9frKn80tCPkK4pJ1U9ttX8nSypZHPhpAIlys50TOpX0Ivka83fi3ZUSSphOUQQKV79OY3enFT+ewB4pYxmCjFUY6qqBYTJm3h4Ai+Tf9Na66Ot5Y8QR1LJ0MM/9An03XkdoVPfxM6KaRbxXaf6y93XoHoTayjy85aja5dDtHO3Q/Qpu2E1+5jul2p0fgTg1tZ73IdYyX6AhiPVOY+oP5FkmpG8U+ft9RuQuI1TBgykHIXo7Pt0PmmUtJRmLClH06empPOWCtD2z96m3nKX12HIyAXS0Lcddv1qV0Gdlld5/xRvfiZ+fWOtv9fDQ+GGg3ofB6u29uHcArqM7ncgzjK166qj1oQyxj975/GxDeGkRlYczWO9gY8cIxKPyyyB2k8sJxDvv87rLcsNFzpGMNue9OH0Z1B4hffW7EJPLv4gAlwXRKp3FkoyULUv9I9TvLAhBDaercX8HZwZ91SDA+lueXUTgcUYikWGU2YgMmVQ8oo1ox0e9JixzvEQUjHw3IbKk8u+IEOUwbLb5FZKxx1I2n0dL5XmWfLzNfX+bS94Bnz6RUIIir5kljf5ImFcT/k2a2dOAraT/Jm3GFExeOMgAwroyEN5oquAo2Dey6gBJA84KDNu15Nsg49snQnWgxf8B \ No newline at end of file diff --git a/docs/docs/images/TacticalRMM-Network.png b/docs/docs/images/TacticalRMM-Network.png deleted file mode 100644 index f14acd70..00000000 Binary files a/docs/docs/images/TacticalRMM-Network.png and /dev/null differ diff --git a/docs/docs/images/arecords.png b/docs/docs/images/arecords.png deleted file mode 100644 index 64c2e5b7..00000000 Binary files a/docs/docs/images/arecords.png and /dev/null differ diff --git a/docs/docs/images/autoagentupdate.png b/docs/docs/images/autoagentupdate.png deleted file mode 100644 index b0b4aad8..00000000 Binary files a/docs/docs/images/autoagentupdate.png and /dev/null differ diff --git a/docs/docs/images/avbitdefender_gravityzone_exclusions0.png b/docs/docs/images/avbitdefender_gravityzone_exclusions0.png deleted file mode 100644 index cbe2bd26..00000000 Binary files a/docs/docs/images/avbitdefender_gravityzone_exclusions0.png and /dev/null differ diff --git a/docs/docs/images/avbitdefender_gravityzone_exclusions1.png b/docs/docs/images/avbitdefender_gravityzone_exclusions1.png deleted file mode 100644 index 1d7a7fe8..00000000 Binary files a/docs/docs/images/avbitdefender_gravityzone_exclusions1.png and /dev/null differ diff --git a/docs/docs/images/avbitdefender_gravityzone_exclusions2.png b/docs/docs/images/avbitdefender_gravityzone_exclusions2.png deleted file mode 100644 index 6c7613a7..00000000 Binary files a/docs/docs/images/avbitdefender_gravityzone_exclusions2.png and /dev/null differ diff --git a/docs/docs/images/avwebroot.png b/docs/docs/images/avwebroot.png deleted file mode 100644 index d8d689eb..00000000 Binary files a/docs/docs/images/avwebroot.png and /dev/null differ diff --git a/docs/docs/images/avwebroot1.png b/docs/docs/images/avwebroot1.png deleted file mode 100644 index e74ef733..00000000 Binary files a/docs/docs/images/avwebroot1.png and /dev/null differ diff --git a/docs/docs/images/avwebroot2.png b/docs/docs/images/avwebroot2.png deleted file mode 100644 index 150a6d2b..00000000 Binary files a/docs/docs/images/avwebroot2.png and /dev/null differ diff --git a/docs/docs/images/avwebroot3.png b/docs/docs/images/avwebroot3.png deleted file mode 100644 index 5033f031..00000000 Binary files a/docs/docs/images/avwebroot3.png and /dev/null differ diff --git a/docs/docs/images/avwebroot4.png b/docs/docs/images/avwebroot4.png deleted file mode 100644 index 175e230f..00000000 Binary files a/docs/docs/images/avwebroot4.png and /dev/null differ diff --git a/docs/docs/images/avwebroot5.png b/docs/docs/images/avwebroot5.png deleted file mode 100644 index d03c8e65..00000000 Binary files a/docs/docs/images/avwebroot5.png and /dev/null differ diff --git a/docs/docs/images/celebrate.gif b/docs/docs/images/celebrate.gif deleted file mode 100644 index 16551e91..00000000 Binary files a/docs/docs/images/celebrate.gif and /dev/null differ diff --git a/docs/docs/images/community_scripts_name_field_example1.png b/docs/docs/images/community_scripts_name_field_example1.png deleted file mode 100644 index 40338839..00000000 Binary files a/docs/docs/images/community_scripts_name_field_example1.png and /dev/null differ diff --git a/docs/docs/images/contribute_browser_make_changes.png b/docs/docs/images/contribute_browser_make_changes.png deleted file mode 100644 index cee9dac4..00000000 Binary files a/docs/docs/images/contribute_browser_make_changes.png and /dev/null differ diff --git a/docs/docs/images/contribute_browser_make_changes2.png b/docs/docs/images/contribute_browser_make_changes2.png deleted file mode 100644 index 06dc19fd..00000000 Binary files a/docs/docs/images/contribute_browser_make_changes2.png and /dev/null differ diff --git a/docs/docs/images/dnstxt.png b/docs/docs/images/dnstxt.png deleted file mode 100644 index 1c9ffe60..00000000 Binary files a/docs/docs/images/dnstxt.png and /dev/null differ diff --git a/docs/docs/images/docker_WSL2_distros_missing.png b/docs/docs/images/docker_WSL2_distros_missing.png deleted file mode 100644 index 37e9917f..00000000 Binary files a/docs/docs/images/docker_WSL2_distros_missing.png and /dev/null differ diff --git a/docs/docs/images/docker_with_ubuntu-20.04.png b/docs/docs/images/docker_with_ubuntu-20.04.png deleted file mode 100644 index 08804cac..00000000 Binary files a/docs/docs/images/docker_with_ubuntu-20.04.png and /dev/null differ diff --git a/docs/docs/images/esetesmc1.png b/docs/docs/images/esetesmc1.png deleted file mode 100644 index 1b5c13f8..00000000 Binary files a/docs/docs/images/esetesmc1.png and /dev/null differ diff --git a/docs/docs/images/esetesmc2.png b/docs/docs/images/esetesmc2.png deleted file mode 100644 index 8753f76b..00000000 Binary files a/docs/docs/images/esetesmc2.png and /dev/null differ diff --git a/docs/docs/images/esetesmc3.png b/docs/docs/images/esetesmc3.png deleted file mode 100644 index be08f222..00000000 Binary files a/docs/docs/images/esetesmc3.png and /dev/null differ diff --git a/docs/docs/images/esetesmc4.png b/docs/docs/images/esetesmc4.png deleted file mode 100644 index d8a22983..00000000 Binary files a/docs/docs/images/esetesmc4.png and /dev/null differ diff --git a/docs/docs/images/esetesmc5.png b/docs/docs/images/esetesmc5.png deleted file mode 100644 index bfa246e3..00000000 Binary files a/docs/docs/images/esetesmc5.png and /dev/null differ diff --git a/docs/docs/images/example1_customfield.png b/docs/docs/images/example1_customfield.png deleted file mode 100644 index 6245d2f6..00000000 Binary files a/docs/docs/images/example1_customfield.png and /dev/null differ diff --git a/docs/docs/images/example1_taskcollectorscript.png b/docs/docs/images/example1_taskcollectorscript.png deleted file mode 100644 index fbe5c6d5..00000000 Binary files a/docs/docs/images/example1_taskcollectorscript.png and /dev/null differ diff --git a/docs/docs/images/example1_urlaction.png b/docs/docs/images/example1_urlaction.png deleted file mode 100644 index 6728fd7e..00000000 Binary files a/docs/docs/images/example1_urlaction.png and /dev/null differ diff --git a/docs/docs/images/faq_av_option1.png b/docs/docs/images/faq_av_option1.png deleted file mode 100644 index 718bae37..00000000 Binary files a/docs/docs/images/faq_av_option1.png and /dev/null differ diff --git a/docs/docs/images/faq_av_sandbox1.png b/docs/docs/images/faq_av_sandbox1.png deleted file mode 100644 index 3c7f082c..00000000 Binary files a/docs/docs/images/faq_av_sandbox1.png and /dev/null differ diff --git a/docs/docs/images/faq_av_sandbox2.png b/docs/docs/images/faq_av_sandbox2.png deleted file mode 100644 index 074a7a3b..00000000 Binary files a/docs/docs/images/faq_av_sandbox2.png and /dev/null differ diff --git a/docs/docs/images/faq_av_sandbox3.png b/docs/docs/images/faq_av_sandbox3.png deleted file mode 100644 index b45c2601..00000000 Binary files a/docs/docs/images/faq_av_sandbox3.png and /dev/null differ diff --git a/docs/docs/images/faq_av_sandbox4.png b/docs/docs/images/faq_av_sandbox4.png deleted file mode 100644 index 6d5a30ad..00000000 Binary files a/docs/docs/images/faq_av_sandbox4.png and /dev/null differ diff --git a/docs/docs/images/favicon.ico b/docs/docs/images/favicon.ico deleted file mode 100644 index bbdf1883..00000000 Binary files a/docs/docs/images/favicon.ico and /dev/null differ diff --git a/docs/docs/images/install_questions.png b/docs/docs/images/install_questions.png deleted file mode 100644 index 8d03f046..00000000 Binary files a/docs/docs/images/install_questions.png and /dev/null differ diff --git a/docs/docs/images/installcomplete.png b/docs/docs/images/installcomplete.png deleted file mode 100644 index d599fe12..00000000 Binary files a/docs/docs/images/installcomplete.png and /dev/null differ diff --git a/docs/docs/images/maint_mode.png b/docs/docs/images/maint_mode.png deleted file mode 100644 index 768c8c5a..00000000 Binary files a/docs/docs/images/maint_mode.png and /dev/null differ diff --git a/docs/docs/images/managedeployments.png b/docs/docs/images/managedeployments.png deleted file mode 100644 index d83f6560..00000000 Binary files a/docs/docs/images/managedeployments.png and /dev/null differ diff --git a/docs/docs/images/manualagentupdate.png b/docs/docs/images/manualagentupdate.png deleted file mode 100644 index a007befc..00000000 Binary files a/docs/docs/images/manualagentupdate.png and /dev/null differ diff --git a/docs/docs/images/mesh_agent_onlineoffline.png b/docs/docs/images/mesh_agent_onlineoffline.png deleted file mode 100644 index c0c7640e..00000000 Binary files a/docs/docs/images/mesh_agent_onlineoffline.png and /dev/null differ diff --git a/docs/docs/images/mesh_features.png b/docs/docs/images/mesh_features.png deleted file mode 100644 index 991c58f2..00000000 Binary files a/docs/docs/images/mesh_features.png and /dev/null differ diff --git a/docs/docs/images/mesh_no_data.png b/docs/docs/images/mesh_no_data.png deleted file mode 100644 index 2f1893e3..00000000 Binary files a/docs/docs/images/mesh_no_data.png and /dev/null differ diff --git a/docs/docs/images/mesh_userconsent.png b/docs/docs/images/mesh_userconsent.png deleted file mode 100644 index 443be155..00000000 Binary files a/docs/docs/images/mesh_userconsent.png and /dev/null differ diff --git a/docs/docs/images/meshagentdl.png b/docs/docs/images/meshagentdl.png deleted file mode 100644 index 8bf10fea..00000000 Binary files a/docs/docs/images/meshagentdl.png and /dev/null differ diff --git a/docs/docs/images/onit.ico b/docs/docs/images/onit.ico deleted file mode 100644 index ad4cd15b..00000000 Binary files a/docs/docs/images/onit.ico and /dev/null differ diff --git a/docs/docs/images/owasp_burp.png b/docs/docs/images/owasp_burp.png deleted file mode 100644 index 7276d529..00000000 Binary files a/docs/docs/images/owasp_burp.png and /dev/null differ diff --git a/docs/docs/images/reset2fa.png b/docs/docs/images/reset2fa.png deleted file mode 100644 index 8e1b987e..00000000 Binary files a/docs/docs/images/reset2fa.png and /dev/null differ diff --git a/docs/docs/images/rmmlogin.png b/docs/docs/images/rmmlogin.png deleted file mode 100644 index 1ffaaf29..00000000 Binary files a/docs/docs/images/rmmlogin.png and /dev/null differ diff --git a/docs/docs/images/service_detail.png b/docs/docs/images/service_detail.png deleted file mode 100644 index 23bc0e89..00000000 Binary files a/docs/docs/images/service_detail.png and /dev/null differ diff --git a/docs/docs/images/services_contextmenu.png b/docs/docs/images/services_contextmenu.png deleted file mode 100644 index a5f3233f..00000000 Binary files a/docs/docs/images/services_contextmenu.png and /dev/null differ diff --git a/docs/docs/images/siteagentinstall.png b/docs/docs/images/siteagentinstall.png deleted file mode 100644 index 7ec5f5c6..00000000 Binary files a/docs/docs/images/siteagentinstall.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen1.png b/docs/docs/images/sophoscascreen1.png deleted file mode 100644 index 2eb891c7..00000000 Binary files a/docs/docs/images/sophoscascreen1.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen2.png b/docs/docs/images/sophoscascreen2.png deleted file mode 100644 index d9f6f626..00000000 Binary files a/docs/docs/images/sophoscascreen2.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen3.png b/docs/docs/images/sophoscascreen3.png deleted file mode 100644 index b6768cb9..00000000 Binary files a/docs/docs/images/sophoscascreen3.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen4.png b/docs/docs/images/sophoscascreen4.png deleted file mode 100644 index 5052b2c7..00000000 Binary files a/docs/docs/images/sophoscascreen4.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen5.png b/docs/docs/images/sophoscascreen5.png deleted file mode 100644 index fe740958..00000000 Binary files a/docs/docs/images/sophoscascreen5.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen6.png b/docs/docs/images/sophoscascreen6.png deleted file mode 100644 index 2d4934c8..00000000 Binary files a/docs/docs/images/sophoscascreen6.png and /dev/null differ diff --git a/docs/docs/images/sophoscascreen7.png b/docs/docs/images/sophoscascreen7.png deleted file mode 100644 index a077534f..00000000 Binary files a/docs/docs/images/sophoscascreen7.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen1.png b/docs/docs/images/sophosxgscreen1.png deleted file mode 100644 index 216b6bb6..00000000 Binary files a/docs/docs/images/sophosxgscreen1.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen2.png b/docs/docs/images/sophosxgscreen2.png deleted file mode 100644 index fe3bb056..00000000 Binary files a/docs/docs/images/sophosxgscreen2.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen3.png b/docs/docs/images/sophosxgscreen3.png deleted file mode 100644 index 202ace79..00000000 Binary files a/docs/docs/images/sophosxgscreen3.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen4.png b/docs/docs/images/sophosxgscreen4.png deleted file mode 100644 index b2221ab1..00000000 Binary files a/docs/docs/images/sophosxgscreen4.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen5.png b/docs/docs/images/sophosxgscreen5.png deleted file mode 100644 index b684bb8b..00000000 Binary files a/docs/docs/images/sophosxgscreen5.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen6.png b/docs/docs/images/sophosxgscreen6.png deleted file mode 100644 index 6c88e7c6..00000000 Binary files a/docs/docs/images/sophosxgscreen6.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen7.png b/docs/docs/images/sophosxgscreen7.png deleted file mode 100644 index 66fa27f9..00000000 Binary files a/docs/docs/images/sophosxgscreen7.png and /dev/null differ diff --git a/docs/docs/images/sophosxgscreen8.png b/docs/docs/images/sophosxgscreen8.png deleted file mode 100644 index 9ad30443..00000000 Binary files a/docs/docs/images/sophosxgscreen8.png and /dev/null differ diff --git a/docs/docs/images/synology_docker_ports.jpg b/docs/docs/images/synology_docker_ports.jpg deleted file mode 100644 index 5e1ee183..00000000 Binary files a/docs/docs/images/synology_docker_ports.jpg and /dev/null differ diff --git a/docs/docs/images/synology_docker_reverse.jpg b/docs/docs/images/synology_docker_reverse.jpg deleted file mode 100644 index addba637..00000000 Binary files a/docs/docs/images/synology_docker_reverse.jpg and /dev/null differ diff --git a/docs/docs/images/synology_docker_reverse_details1.jpg b/docs/docs/images/synology_docker_reverse_details1.jpg deleted file mode 100644 index ac2c08a3..00000000 Binary files a/docs/docs/images/synology_docker_reverse_details1.jpg and /dev/null differ diff --git a/docs/docs/images/synology_docker_reverse_details2.jpg b/docs/docs/images/synology_docker_reverse_details2.jpg deleted file mode 100644 index b0391ba5..00000000 Binary files a/docs/docs/images/synology_docker_reverse_details2.jpg and /dev/null differ diff --git a/docs/docs/images/taskmanager.png b/docs/docs/images/taskmanager.png deleted file mode 100644 index 4d37e68c..00000000 Binary files a/docs/docs/images/taskmanager.png and /dev/null differ diff --git a/docs/docs/images/tipsntricks_filters.png b/docs/docs/images/tipsntricks_filters.png deleted file mode 100644 index a1ef4088..00000000 Binary files a/docs/docs/images/tipsntricks_filters.png and /dev/null differ diff --git a/docs/docs/images/tipsntricks_meshcontrol.png b/docs/docs/images/tipsntricks_meshcontrol.png deleted file mode 100644 index 0ed1d159..00000000 Binary files a/docs/docs/images/tipsntricks_meshcontrol.png and /dev/null differ diff --git a/docs/docs/images/tipsntricks_meshterminal.png b/docs/docs/images/tipsntricks_meshterminal.png deleted file mode 100644 index 6c23308f..00000000 Binary files a/docs/docs/images/tipsntricks_meshterminal.png and /dev/null differ diff --git a/docs/docs/images/tipsntricks_script_syntaxhelp.png b/docs/docs/images/tipsntricks_script_syntaxhelp.png deleted file mode 100644 index 07355604..00000000 Binary files a/docs/docs/images/tipsntricks_script_syntaxhelp.png and /dev/null differ diff --git a/docs/docs/images/trmm_contribute-notice.png b/docs/docs/images/trmm_contribute-notice.png deleted file mode 100644 index 8075f068..00000000 Binary files a/docs/docs/images/trmm_contribute-notice.png and /dev/null differ diff --git a/docs/docs/images/trmm_need_sync_local_fork.png b/docs/docs/images/trmm_need_sync_local_fork.png deleted file mode 100644 index f8a5c1c2..00000000 Binary files a/docs/docs/images/trmm_need_sync_local_fork.png and /dev/null differ diff --git a/docs/docs/images/trmm_services.png b/docs/docs/images/trmm_services.png deleted file mode 100644 index a48ca726..00000000 Binary files a/docs/docs/images/trmm_services.png and /dev/null differ diff --git a/docs/docs/images/trmm_services__taskmanager_agent.png b/docs/docs/images/trmm_services__taskmanager_agent.png deleted file mode 100644 index 0c4ee861..00000000 Binary files a/docs/docs/images/trmm_services__taskmanager_agent.png and /dev/null differ diff --git a/docs/docs/images/trmm_services__taskmanager_mesh.png b/docs/docs/images/trmm_services__taskmanager_mesh.png deleted file mode 100644 index 6a79f1d3..00000000 Binary files a/docs/docs/images/trmm_services__taskmanager_mesh.png and /dev/null differ diff --git a/docs/docs/images/trmm_services_mesh.png b/docs/docs/images/trmm_services_mesh.png deleted file mode 100644 index 2d3317b0..00000000 Binary files a/docs/docs/images/trmm_services_mesh.png and /dev/null differ diff --git a/docs/docs/images/trmm_user_preferences.png b/docs/docs/images/trmm_user_preferences.png deleted file mode 100644 index 81e7daa8..00000000 Binary files a/docs/docs/images/trmm_user_preferences.png and /dev/null differ diff --git a/docs/docs/images/trmm_vscode_git_pending.png b/docs/docs/images/trmm_vscode_git_pending.png deleted file mode 100644 index 9f70dbf9..00000000 Binary files a/docs/docs/images/trmm_vscode_git_pending.png and /dev/null differ diff --git a/docs/docs/images/trmmdnsexample.png b/docs/docs/images/trmmdnsexample.png deleted file mode 100644 index 9a6f2e5a..00000000 Binary files a/docs/docs/images/trmmdnsexample.png and /dev/null differ diff --git a/docs/docs/images/txtrecord.png b/docs/docs/images/txtrecord.png deleted file mode 100644 index e8e4af13..00000000 Binary files a/docs/docs/images/txtrecord.png and /dev/null differ diff --git a/docs/docs/images/user_prefs.png b/docs/docs/images/user_prefs.png deleted file mode 100644 index 281e5d04..00000000 Binary files a/docs/docs/images/user_prefs.png and /dev/null differ diff --git a/docs/docs/images/user_prefs2.png b/docs/docs/images/user_prefs2.png deleted file mode 100644 index 5a00eb9e..00000000 Binary files a/docs/docs/images/user_prefs2.png and /dev/null differ diff --git a/docs/docs/images/vscode-forkit.png b/docs/docs/images/vscode-forkit.png deleted file mode 100644 index e442ce7e..00000000 Binary files a/docs/docs/images/vscode-forkit.png and /dev/null differ diff --git a/docs/docs/images/vscode_wsl_docker_setup1.png b/docs/docs/images/vscode_wsl_docker_setup1.png deleted file mode 100644 index 5f89e142..00000000 Binary files a/docs/docs/images/vscode_wsl_docker_setup1.png and /dev/null differ diff --git a/docs/docs/images/vscode_wsl_docker_setup2.png b/docs/docs/images/vscode_wsl_docker_setup2.png deleted file mode 100644 index 2a316ce2..00000000 Binary files a/docs/docs/images/vscode_wsl_docker_setup2.png and /dev/null differ diff --git a/docs/docs/images/wls2_upgrade_and_set_default.png b/docs/docs/images/wls2_upgrade_and_set_default.png deleted file mode 100644 index ebd775ab..00000000 Binary files a/docs/docs/images/wls2_upgrade_and_set_default.png and /dev/null differ diff --git a/docs/docs/index.md b/docs/docs/index.md deleted file mode 100644 index 0696b00a..00000000 --- a/docs/docs/index.md +++ /dev/null @@ -1,25 +0,0 @@ -# Tactical RMM Documentation - -[![Build Status](https://dev.azure.com/dcparsi/Tactical%20RMM/_apis/build/status/wh1te909.tacticalrmm?branchName=develop)](https://dev.azure.com/dcparsi/Tactical%20RMM/_build/latest?definitionId=4&branchName=develop) -[![Coverage Status](https://coveralls.io/repos/github/wh1te909/tacticalrmm/badge.png?branch=develop&kill_cache=1)](https://coveralls.io/github/wh1te909/tacticalrmm?branch=develop) -[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) -[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black) - -Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django, Vue and Golang. -It uses an [agent](https://github.com/wh1te909/rmmagent) written in Golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral) - -## [LIVE DEMO](https://rmm.tacticalrmm.io/) - -## Features - -- Teamviewer-like remote desktop control -- Real-time remote shell -- Remote file browser (download and upload files) -- Remote command and script execution (batch, powershell and python scripts) -- Event log viewer -- Services management -- Windows patch management -- Automated checks with email/SMS alerting (cpu, disk, memory, services, scripts, event logs) -- Automated task runner (run scripts on a schedule) -- Remote software installation via chocolatey -- Software and hardware inventory diff --git a/docs/docs/install_agent.md b/docs/docs/install_agent.md deleted file mode 100644 index 69abd5e3..00000000 --- a/docs/docs/install_agent.md +++ /dev/null @@ -1,148 +0,0 @@ -# Installing an agent - -!!!warning - If you don't want to deal with AV flagging/deleting your agents, check the instructions for getting [code signed agents](code_signing.md)

- You must add antivirus exlusions for the tactical agent.
- Any decent AV will flag the agent as a virus, since it technically is one due to the nature of this software.
- Adding the following exlucions will make sure everything works, including agent update:
- `C:\Program Files\TacticalAgent\*`
- `C:\Program Files\Mesh Agent\*`
- `C:\Windows\Temp\winagent-v*.exe`
- `C:\Windows\Temp\trmm\*`
- `C:\temp\tacticalrmm*.exe`
- See [here for other screenshot examples](av.md) - -## Dynamically generated executable - -The generated exe is simply a wrapper around the Manual install method, using a single exe/command without the need to pass any command line flags to the installer. -All it does is download the generic installer from the agent's github [release page](https://github.com/wh1te909/rmmagent/releases) and call it using predefined command line args that you choose from the web UI. -It "bakes" the command line args into the executable. - -From the UI, click **Agents > Install Agent** - -You can also **right click on a site > Install Agent**. This will automatically fill in the client/site dropdown for you. - -![siteagentinstall](images/siteagentinstall.png) - -## Powershell - -The powershell method is very similar to the generated exe in that it simply downloads the installer from github and calls the exe for you. - -## Manual - -The manual installation method requires you to first download the generic installer and call it using command line args. -This is useful for scripting the installation using Group Policy or some other batch deployment method. - -!!!tip - You can reuse the installer for any of the deployment methods, you don't need to constantly create a new installer for each new agent.
- The installer will be valid for however long you specify the token expiry time when generating an agent. - -## Using a deployment link - -Creating a deployment link is the recommended way to deploy agents. -The main benefit of this method is that the exectuable is generated only whenever the deployment download link is accessed, whereas with the other methods it's generated right away and the agent's version hardcoded into the exe. -Using a deployment link will allow you to not worry about installing using an older version of an agent, which will fail to install if you have updated your RMM to a version that is not compatible with an older installer you might have lying around. - -To create a deployment, from the web UI click **Agents > Manage Deployments**. -![managedeployments](images/managedeployments.png) - -!!!tip - Create a client/site named "Default" and create a deployment for it with a very long expiry to have a generic installer that can be deployed anytime at any client/site. - You can then move the agent into the correct client/site from the web UI after it's been installed. - -Copy/paste the download link from the deployment into your browser. It will take a few seconds to dynamically generate the executable and then your browser will automatically download the exe. - -## Optional installer args - -The following optional arguments can be passed to any of the installation method executables: - -```text --log debug -``` - -Will print very verbose logging during agent install. Useful for troubleshooting agent install. - -```text --silent -``` - -This will not popup any message boxes during install, either any error messages or the "Installation was successfull" message box that pops up at the end of a successfull install. - -```text --proxy "http://proxyserver:port" -``` - -Use a http proxy - -```text --meshdir "C:\Program Files\Your Company Name\Mesh Agent" -``` - -Specify the full path to the directory containing `MeshAgent.exe` if using custom agent branding for your MeshCentral instance. - -```text --nomesh -``` - -Do not install meshcentral agent during tactical agent install. Note: take control, remote terminal and file browser will not work. - -## Scripting Agent Installation - -If you want to deploy the TRMM agent using AD, intune, mesh, teamviewer, Group Policy GPO etc this is a sample CMD script for deploying Tactical. - -!!!note - You will need to replace `deployment url` with your custom deployment URL - -```bat -@echo off - -REM Setup deployment URL -set "DeploymentURL=" - -set "Name=" -for /f "usebackq tokens=* delims=" %%# in ( - `wmic service where "name like 'tacticalagent'" get Name /Format:Value` -) do ( - for /f "tokens=* delims=" %%g in ("%%#") do set "%%g" -) - -if not defined Name ( - echo Tactical RMM not found, installing now. - if not exist C:\TEMP\TRMM md C:\TEMP\TRMM - powershell Set-ExecutionPolicy -ExecutionPolicy Unrestricted - powershell Add-MpPreference -ExclusionPath C:\TEMP\TRMM - powershell Add-MpPreference -ExclusionPath "C:\Program Files\TacticalAgent\*" - powershell Add-MpPreference -ExclusionPath C:\Windows\Temp\winagent-v*.exe - powershell Add-MpPreference -ExclusionPath "C:\Program Files\Mesh Agent\*" - powershell Add-MpPreference -ExclusionPath C:\Windows\Temp\TRMM\* - cd c:\temp\trmm - powershell Invoke-WebRequest "%DeploymentURL%" -Outfile tactical.exe - REM"C:\Program Files\TacticalAgent\unins000.exe" /VERYSILENT - tactical.exe - powershell Remove-MpPreference -ExclusionPath C:\TEMP\TRMM - rem exit /b 1 -) else ( - echo Tactical RMM already installed Exiting - Exit 0 -) -``` - -There is also a full powershell version [here](https://wh1te909.github.io/tacticalrmm/3rdparty_screenconnect/#install-tactical-rmm-via-screeconnect-commands-window) - -## Script for full agent uninstall - -You can always use this to silently uninstall agent on workstations - -```cmd -"C:\Program Files\TacticalAgent\unins000.exe" /VERYSILENT -``` - -## Reinstalling mesh and reconnecting to TRMM - -Run this from Send Command - -```cmd -"C:\Program Files\TacticalAgent\meshagent.exe" -fullinstall -``` - -Then use Agent Recovery | Mesh Agent and choose Recover diff --git a/docs/docs/install_considerations.md b/docs/docs/install_considerations.md deleted file mode 100644 index e74c2ff4..00000000 --- a/docs/docs/install_considerations.md +++ /dev/null @@ -1,17 +0,0 @@ -# Install Considerations - -There's pluses and minuses to each install type. Be aware that: - -- There is no migration script, once you've installed with one type there is no "conversion". You'll be installing a new server and migrating agents manually if you decide to go another way. - -## Traditional Install - -- It's a VM/machine. One storage device to backup if you want to do VM based backups -- You have a [backup](backup.md) and [restore](restore.md) script - -## Docker Install - -- Docker is more complicated in concept: has volumes and images -- If you're running multiple apps it uses less resources in the long run because you only have one OS base files underlying many Containers/Apps -- Backup/restore is via Docker methods only -- Docker has container replication/mirroring options for redundancy/multiple servers diff --git a/docs/docs/install_docker.md b/docs/docs/install_docker.md deleted file mode 100644 index d49a8a97..00000000 --- a/docs/docs/install_docker.md +++ /dev/null @@ -1,131 +0,0 @@ -# Docker Setup - -## 1. Install Docker - -Install docker - -### 2. Create the A records - -We'll be using `example.com` as our domain for this example. - -!!!info - The RMM uses 3 different sites. The Vue frontend e.g. `rmm.example.com` which is where you'll be accessing your RMM from the browser, the REST backend e.g. `api.example.com` and Meshcentral e.g. `mesh.example.com` - -1. Get the public IP of your server with `curl https://icanhazip.tacticalrmm.io` -2. Open the DNS manager of wherever the domain you purchased is hosted. -3. Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server: - -![arecords](images/arecords.png) - -## 3. Acquire Let's Encrypt Wildcard certs with certbot - -!!!warning - If the Let's Encrypt wildcard certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. - -### A. Install Certbot - -```bash -sudo apt-get install certbot -``` - -### B. Generate the wildcard Let's Encrypt certificates - -We're using the [DNS-01 challenge method](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) -#### a. Deploy the TXT record in your DNS manager - -!!!warning - TXT records can take anywhere from 1 minute to a few hours to propagate depending on your DNS provider.
- You should verify the TXT record has been deployed first before pressing Enter.
- A quick way to check is with the following command:
`dig -t txt _acme-challenge.example.com`
- or test using: Enter: `_acme-challenge.example.com` - -![txtrecord](images/txtrecord.png) - -![dnstxt](images/dnstxt.png) - -#### b. Request Let's Encrypt Wildcard cert - -```bash -sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -``` - -!!!note - Replace `example.com` with your root domain - -## 4. Configure DNS and firewall - -You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443 and 4222. - -## 5. Setting up the environment - -Get the docker-compose and .env.example file on the host you which to install on - -```bash -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example -mv .env.example .env -``` - -Change the values in .env to match your environment. - -When supplying certificates through Let's Encrypt, see the section below about base64 encoding the certificate files. - -### A. Base64 encoding certificates to pass as env variables - -Use the below command to add the the correct values to the .env. - -Running this command multiple times will add redundant entries, so those will need to be removed. - -Let's encrypt certs paths are below. Replace ${rootdomain} with your own. - -public key -`/etc/letsencrypt/live/${rootdomain}/fullchain.pem` - -private key -`/etc/letsencrypt/live/${rootdomain}/privkey.pem` - -```bash -echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env -echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env -``` - -## 6. Starting the environment - -Run the below command to start the environment. - -```bash -sudo docker-compose up -d -``` - -Removing the -d will start the containers in the foreground and is useful for debugging. - -## 7. Get MeshCentral EXE download link - -Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin. - -```bash -sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url -``` - -Download the mesh agent: - -![meshagentdl](images/meshagentdl.png) - -Navigate to `https://rmm.example.com` and login with the username/password you created during install. - -Once logged in, you will be redirected to the initial setup page. - -Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded. - -## Note about Backups - -The backup script **does not** work with docker. To backup your install use [standard docker backup/restore](https://docs.docker.com/desktop/backup-and-restore/) processes. - -If your file system is `btrfs` something like: - -```bash -docker-compose stop -btrfs subvolume snapshot -r /srv/tsd /srv/tsd/.snapshot-`date +%F-%H%M%S` -``` - -or you can look at [this](https://github.com/larseberhardt/TRMM-Docker-Backup-Script) diff --git a/docs/docs/install_server.md b/docs/docs/install_server.md deleted file mode 100644 index 6339e21a..00000000 --- a/docs/docs/install_server.md +++ /dev/null @@ -1,231 +0,0 @@ -# Installation - -## General Information - -### Minimum requirements - -#### Hardware / OS - -A fresh linux VM running either Ubuntu 20.04 LTS or Debian 10/11 with 2GB RAM - -!!!warning - The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail. - -!!!note - The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi. - -!!!note - CPU: 1 core is fine for < 200 agents with limited checks/tasks.

- Disk space and speed are dependent on your use case. Of course faster is better SSD/NVMe. Space is dependent on how long you're keeping historical data, and how many checks/script runs and their output size. 50GB should be fine for < 12months of history on < 200 agents with < 30 checks/tasks run at reasonable time intervals. - -#### Network Requirements - -- A real (internet resolvable) domain is needed to generate a Let's Encrypt wildcard cert. _If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)_ - - example.local is __NOT__ a real domain. No you [don't have to expose your server](faq.md#can-i-run-tactical-rmm-locally-behind-nat-without-exposing-anything-to-the-internet) to the internet -- A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator. - -#### Update Recommendations - -!!!note - We highly recommend staying current with updates (at least every 3 months when you update your SSL certs is a good minimum) while Tactical RMM is still working towards its 1.0 release.

- Until we reach production release, there may be architectural changes that may be made to Tactical RMM and only a regular patching schedule is supported by developers. - -## Option 1: Easy Install on a VPS - -Install on a VPS: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure to name a few - -Use something that meets [minimum specs](install_server.md#hardware-os) - -### Run Updates on OS - -SSH into the server as **root**. - -Download and run the prereqs and latest updates - -```bash -apt update -apt install -y wget curl sudo -apt -y upgrade -``` - -If a new kernel is installed, then reboot the server with the `reboot` command - -### Create a linux user - -Create a linux user named `tactical` to run the rmm and add it to the sudoers group. - -**For Ubuntu**: - -```bash -adduser tactical -usermod -a -G sudo tactical -``` - -**For Debian**: - -```bash -useradd -m -s /bin/bash tactical -usermod -a -G sudo tactical -``` - -!!!tip - [Enable passwordless sudo to make your life easier in the future](https://linuxconfig.org/configure-sudo-without-password-on-ubuntu-20-04-focal-fossa-linux) - -### Setup the firewall (optional but highly recommended) - -!!!info - Skip this step if your VM is __not__ publicly exposed to the world e.g. running behind NAT. You should setup the firewall rules in your router instead (ports 22, 443 and 4222 TCP). - -```bash -ufw default deny incoming -ufw default allow outgoing -ufw allow https -ufw allow proto tcp from any to any port 4222 -``` - -!!!info - SSH (port 22 tcp) is only required for you to remotely login and do basic linux server administration for your rmm. It is not needed for any agent communication.
-Allow ssh from everywhere (__not__ recommended) - -```bash -ufw allow ssh -``` - -Allow ssh from only allowed IP's (__highly__ recommended) - -```bash -ufw allow proto tcp from X.X.X.X to any port 22 -ufw allow proto tcp from X.X.X.X to any port 22 -``` - -Enable and activate the firewall - -```bash -ufw enable && ufw reload -``` - -!!!note - You will never login to the server again as `root` again unless something has gone horribly wrong, and you're working with the developers. - -### Create the A records - -We'll be using `example.com` as our domain for this example. - -!!!info - The RMM uses 3 different sites. The Vue frontend e.g. `rmm.example.com` which is where you'll be accessing your RMM from the browser, the REST backend e.g. `api.example.com` and Meshcentral e.g. `mesh.example.com` - -1. Get the public IP of your server with `curl https://icanhazip.tacticalrmm.io` -2. Open the DNS manager of wherever the domain you purchased is hosted. -3. Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server: - -![arecords](images/arecords.png) - -### Run the install script - -Switch to the `tactical` user - -```bash -su - tactical -``` - -Download and run the install script - -```bash -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh -chmod +x install.sh -./install.sh -``` - -Answer the initial questions when prompted. Replace `example.com` with your domain. - -![questions](images/install_questions.png) - -### Deploy the TXT record in your DNS manager for Lets Encrypt wildcard certs - -!!!warning - TXT records can take anywhere from 1 minute to a few hours to propagate depending on your DNS provider.
- You should verify the TXT record has been deployed first before pressing Enter.
- A quick way to check is with the following command:
`dig -t txt _acme-challenge.example.com`
- or test using: Enter: `_acme-challenge.example.com` - -![txtrecord](images/txtrecord.png) - -![dnstxt](images/dnstxt.png) - -Create a login for the RMM web UI: - -![rmmlogin](images/rmmlogin.png) - -A bunch of URLS / usernames / passwords will be printed out at the end of the install script. **Save these somewhere safe.** [Recover them if you didn't](faq.md#how-do-i-recover-my-meshcentral-login-credentials) - -### Upload mesh agents - -Copy the url for the meshagent exe (`https://mesh.example.com/agentinvite?c=......`), paste it in your browser and download the mesh agent: - -![meshagentdl](images/meshagentdl.png) - -Navigate to `https://rmm.example.com` and login with the username/password you created during install. - -Once logged in, you will be redirected to the initial setup page. - -Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded. - -### You're Done - -[Update Regularly](install_server.md#update-regularly) - -## Option 2: Install behind NAT Router - -Install in your local network using: Dedicated hardware, Hyper-V, Proxmox or ESXi. All been tested and work fine. - -Do everything from [Option 1: Easy Install](install_server.md#run-updates-and-setup-the-linux-user) - -### If you only have agents on the private network/subnet - -Make sure your local DNS server (or agents hosts file) have your Tactical RMM server IP addresses for the 3 domain names: `rmm`, `api` and `mesh` - -### Agents exist outside the private network/subnet - Setup Port Forwarding - -If you have agents outside your local network: Make sure the public DNS servers have A records for the 3 Tactical RMM server domain names: `rmm`, `api` and `mesh` - -Login to your router/NAT device. - -1. Set your TRMM server as a static IP (Using a DHCP reservation is usually safer) -2. Create 2 port forwarding rules. `TCP Port 443` and `TCP Port 4222` to your TRMM servers private IP address. - -!!!note - can help with Port Forwarding setup - -### You're Done - -[Update Regularly](install_server.md#update-regularly) - -## Option 3: Installs by Network Wizards - -Use the scripts above. - -### Requirements - -1. TLD domain name which is internet resolvable (this is for a LetsEncrypt DNS wildcard request during the install script [validated by DNS txt record](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge)). - - Test using: or . Enter: `_acme-challenge.example.com` as `TXT` -2. Agents need to be able to connect to your server via DNS lookup (hosts file, local DNS, smoke signals etc.). - - Test from agent: `ping rmm.example.com`. Should result in the IP of your Tactical RMM server - - Test from agent: `ping api.example.com`. Should result in the IP of your Tactical RMM server - - Test from agent: `ping mesh.example.com`. Should result in the IP of your Tactical RMM server - -!!!note - Did you notice #2 doesn't need to be something publicly available? - -That's it. You're a wizard, you know how to satisfy these 2 items. - -You'll probably enjoy browsing thru the [Unsupported section](unsupported_guidelines.md) of the docs. - -## Update Regularly - -We've said it before, we'll say it again. - -- We recommend regular updates. - - - Every 2-3 months. - - - Do it when you update your SSL certs. diff --git a/docs/docs/license.md b/docs/docs/license.md deleted file mode 100644 index 530804b4..00000000 --- a/docs/docs/license.md +++ /dev/null @@ -1,74 +0,0 @@ -### Tactical RMM License Version 1.0 - -Text of license:   Copyright © 2022 AmidaWare LLC. All rights reserved.
-          Amending the text of this license is not permitted. - -Trade Mark:    "Tactical RMM" is a trade mark of AmidaWare LLC. - -Licensor:       AmidaWare LLC of 1968 S Coast Hwy PMB 3847 Laguna Beach, CA, USA. - -Licensed Software:  The software known as Tactical RMM Version v0.12.0 (and all subsequent releases and versions) and the Tactical RMM Agent v2.0.0 (and all subsequent releases and versions). - -### 1. Preamble -The Licensed Software is designed to facilitate the remote monitoring and management (RMM) of networks, systems, servers, computers and other devices. The Licensed Software is made available primarily for use by organisations and managed service providers for monitoring and management purposes. - -The Tactical RMM License is not an open-source software license. This license contains certain restrictions on the use of the Licensed Software. For example the functionality of the Licensed Software may not be made available as part of a SaaS (Software-as-a-Service) service or product to provide a commercial or for-profit service without the express prior permission of the Licensor. - -### 2. License Grant -Permission is hereby granted, free of charge, on a non-exclusive basis, to copy, modify, create derivative works and use the Licensed Software in source and binary forms subject to the following terms and conditions. No additional rights will be implied under this license. - -* The hosting and use of the Licensed Software to monitor and manage in-house networks/systems and/or customer networks/systems is permitted. - -This license does not allow the functionality of the Licensed Software (whether in whole or in part) or a modified version of the Licensed Software or a derivative work to be used or otherwise made available as part of any other commercial or for-profit service, including, without limitation, any of the following: -* a service allowing third parties to interact remotely through a computer network; -* as part of a SaaS service or product; -* as part of the provision of a managed hosting service or product; -* the offering of installation and/or configuration services; -* the offer for sale, distribution or sale of any service or product (whether or not branded as Tactical RMM). - -The prior written approval of AmidaWare LLC must be obtained for all commercial use and/or for-profit service use of the (i) Licensed Software (whether in whole or in part), (ii) a modified version of the Licensed Software and/or (iii) a derivative work. - -The terms of this license apply to all copies of the Licensed Software (including modified versions) and derivative works. - -All use of the Licensed Software must immediately cease if use breaches the terms of this license. - -### 3. Derivative Works -If a derivative work is created which is based on or otherwise incorporates all or any part of the Licensed Software, and the derivative work is made available to any other person, the complete corresponding machine readable source code (including all changes made to the Licensed Software) must accompany the derivative work and be made publicly available online. - -### 4. Copyright Notice -The following copyright notice shall be included in all copies of the Licensed Software: - -   Copyright © 2022 AmidaWare LLC. - -   Licensed under the Tactical RMM License Version 1.0 (the “License”).
-   You may only use the Licensed Software in accordance with the License.
-   A copy of the License is available at: https://license.tacticalrmm.com - -### 5. Disclaimer of Warranty -THE LICENSED SOFTWARE IS PROVIDED "AS IS". TO THE FULLEST EXTENT PERMISSIBLE AT LAW ALL CONDITIONS, WARRANTIES OR OTHER TERMS OF ANY KIND WHICH MIGHT HAVE EFFECT OR BE IMPLIED OR INCORPORATED, WHETHER BY STATUTE, COMMON LAW OR OTHERWISE ARE HEREBY EXCLUDED, INCLUDING THE CONDITIONS, WARRANTIES OR OTHER TERMS AS TO SATISFACTORY QUALITY AND/OR MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, THE USE OF REASONABLE SKILL AND CARE AND NON-INFRINGEMENT. - -### 6. Limits of Liability -THE FOLLOWING EXCLUSIONS SHALL APPLY TO THE FULLEST EXTENT PERMISSIBLE AT LAW. NEITHER THE AUTHORS NOR THE COPYRIGHT HOLDERS SHALL IN ANY CIRCUMSTANCES HAVE ANY LIABILITY FOR ANY CLAIM, LOSSES, DAMAGES OR OTHER LIABILITY, WHETHER THE SAME ARE SUFFERED DIRECTLY OR INDIRECTLY OR ARE IMMEDIATE OR CONSEQUENTIAL, AND WHETHER THE SAME ARISE IN CONTRACT, TORT OR DELICT (INCLUDING NEGLIGENCE) OR OTHERWISE HOWSOEVER ARISING FROM, OUT OF OR IN CONNECTION WITH THE LICENSED SOFTWARE OR THE USE OR INABILITY TO USE THE LICENSED SOFTWARE OR OTHER DEALINGS IN THE LICENSED SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE FOREGOING EXCLUSIONS SHALL INCLUDE, WITHOUT LIMITATION, LIABILITY FOR ANY LOSSES OR DAMAGES WHICH FALL WITHIN ANY OF THE FOLLOWING CATEGORIES: SPECIAL, EXEMPLARY, OR INCIDENTAL LOSS OR DAMAGE, LOSS OF PROFITS, LOSS OF ANTICIPATED SAVINGS, LOSS OF BUSINESS OPPORTUNITY, LOSS OF GOODWILL, AND LOSS OR CORRUPTION OF DATA. - -### 7. Termination -This license shall terminate with immediate effect if there is a material breach of any of its terms. - -### 8. No partnership, agency or joint venture -Nothing in this license agreement is intended to, or shall be deemed to, establish any partnership or joint venture or any relationship of agency between AmidaWare LLC and any other person. - -### 9. No endorsement -The names of the authors and/or the copyright holders must not be used to promote or endorse any products or services which are in any way derived from the Licensed Software without prior written consent. - -### 10. Trademarks -No permission is granted to use the trademark “Tactical RMM” or any other trade name, trademark, service mark or product name of AmidaWare LLC except to the extent necessary to comply with the notice requirements in Section 4 (Copyright Notice). - -### 11. Entire agreement -This license contains the whole agreement relating to its subject matter. - - - -### 12. Severance -If any provision or part-provision of this license is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this license. - -### 13. Acceptance of these terms -The terms and conditions of this license are accepted by copying, downloading, installing, redistributing, or otherwise using the Licensed Software. \ No newline at end of file diff --git a/docs/docs/management_cmds.md b/docs/docs/management_cmds.md deleted file mode 100644 index 42625242..00000000 --- a/docs/docs/management_cmds.md +++ /dev/null @@ -1,129 +0,0 @@ -# Management Commands - -To run any of the management commands you must first activate the python virtual env: - -```bash -cd /rmm/api/tacticalrmm -source ../env/bin/activate -``` - -or docker version: - -```bash -docker exec -it trmm-backend /bin/bash -/opt/venv/bin/python /opt/tactical/api/manage.py shell -``` - -!!!tip - The Dev Docker version it would be `docker exec -it trmm-api-dev env/bin/python manage.py shell` - -## Bulk Delete old agents by last checkin date or agent version - -Test to see what will happen - -```bash -python manage.py bulk_delete_agents --days 60 -python manage.py bulk_delete_agents --agentver 1.5.0 -``` - -Do the delete - -```bash -python manage.py bulk_delete_agents --days 60 --delete -python manage.py bulk_delete_agents --agentver 1.5.0 --delete -``` - -## Reset a user's password - -```bash -python manage.py reset_password -``` - -## Reset a user's 2fa token - -```bash -python manage.py reset_2fa -``` - -## Find all agents that have X software installed - -```bash -python manage.py find_software "adobe" -``` - -## Set specific Windows update to not install - -```bash -from winupdate.models import WinUpdate -WinUpdate.objects.filter(kb="KB5007186").update(action="ignore", date_installed=None) -``` - -## Show outdated online agents - -```bash -python manage.py show_outdated_agents -``` - -## Log out all active web sessions - -```bash -python manage.py delete_tokens -``` - -## Reset all Auth Tokens for Install agents and web sessions - -```bash -python manage.py shell -from knox.models import AuthToken -AuthToken.objects.all().delete() -``` - -## Check for orphaned tasks on all agents and remove them - -```bash -python manage.py remove_orphaned_tasks -``` - -## Create a MeshCentral agent invite link - -```bash -python manage.py get_mesh_exe_url -``` - -## Bulk update agent offline/overdue time - -Change offline time on all agents to 5 minutes - -```bash -python manage.py bulk_change_checkin --offline --all 5 -``` - -Change offline time on all agents in site named *Example Site* to 2 minutes - -```bash -python manage.py bulk_change_checkin --offline --site "Example Site" 2 -``` - -Change offline time on all agents in client named *Example Client* to 12 minutes - -```bash -python manage.py bulk_change_checkin --offline --client "Example Client" 12 -``` - -Change overdue time on all agents to 10 minutes - -```bash -python manage.py bulk_change_checkin --overdue --all 10 -``` - -Change overdue time on all agents in site named *Example Site* to 4 minutes - -```bash -python manage.py bulk_change_checkin --overdue --site "Example Site" 4 -``` - -Change overdue time on all agents in client named *Example Client* to 14 minutes - -```bash -python manage.py bulk_change_checkin --overdue --client "Example Client" 14 -``` diff --git a/docs/docs/mesh_integration.md b/docs/docs/mesh_integration.md deleted file mode 100644 index 6ca03826..00000000 --- a/docs/docs/mesh_integration.md +++ /dev/null @@ -1,27 +0,0 @@ -# MeshCentral Integration - -## Overview - -Tactical RMM integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral) for the following 3 functions: - -- Take Control -- Real time shell -- Real time file browser - -At some point in the future, these functions will be directly built into the Tactical Agent, removing the need for MeshCentral. - -It should be noted that Tactical RMM and MeshCentral are 2 completely separate products and can run independently of each other. - -They do not even have to run on the same box, however when you install Tactical RMM it simply installs meshcentral for you with some preconfigured settings to allow integration. - -It is highly recommended to use the MeshCentral instance that Tactical installs, since it allows the developers more control over it and to ensure things don't break. - -## How does it work - -MeshCentral has an embedding feature that allows integration into existing products. - -See *Section 14 - Embedding MeshCentral* in the [MeshCentral User Guide](https://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) for a detailed explanation of how this works. - -The Tactical RMM Agent keeps track of your Mesh Agents, and periodically interacts with them to synchronize the mesh agent's unique ID with the tactical rmm database. - -When you do a take control / terminal / file browser on an agent using the Tactical UI, behind the scenes, Tactical generates a login token for meshcentral's website and then "wraps" MeshCentral's UI in an iframe for that specific agent only, using it's unique ID to know what agent to render in the iframe. diff --git a/docs/docs/restore.md b/docs/docs/restore.md deleted file mode 100644 index 3e85a5d4..00000000 --- a/docs/docs/restore.md +++ /dev/null @@ -1,106 +0,0 @@ -# Restore - -!!!info - It is currently not possible to restore to a different domain/subdomain, only to a different physical or virtual server. - -!!!danger - The restore script will always restore to the latest available RMM version on github. - - Make sure you update your old RMM to the latest version using the `update.sh` script and then run a fresh backup to use with this restore script. - -## Install the new server - -### Run Updates on OS - -SSH into the server as **root**. - -Download and run the prereqs and latest updates - -```bash -apt update -apt install -y wget curl sudo -apt -y upgrade -``` - -If a new kernel is installed, then reboot the server with the `reboot` command - -### Create a linux user - -Create a linux user named `tactical` to run the rmm and add it to the sudoers group. - -**For Ubuntu**: - -```bash -adduser tactical -usermod -a -G sudo tactical -``` - -**For Debian**: - -```bash -useradd -m -s /bin/bash tactical -usermod -a -G sudo tactical -``` - -!!!tip - [Enable passwordless sudo to make your life easier in the future](https://linuxconfig.org/configure-sudo-without-password-on-ubuntu-20-04-focal-fossa-linux) - -### Setup the firewall (optional but highly recommended) - -!!!info - Skip this step if your VM is __not__ publicly exposed to the world e.g. running behind NAT. You should setup the firewall rules in your router instead (ports 22, 443 and 4222 TCP). - -```bash -ufw default deny incoming -ufw default allow outgoing -ufw allow https -ufw allow proto tcp from any to any port 4222 -``` - -!!!info - SSH (port 22 tcp) is only required for you to remotely login and do basic linux server administration for your rmm. It is not needed for any agent communication.
-Allow ssh from everywhere (__not__ recommended) - -```bash -ufw allow ssh -``` - -Allow ssh from only allowed IP's (__highly__ recommended) - -```bash -ufw allow proto tcp from X.X.X.X to any port 22 -ufw allow proto tcp from X.X.X.X to any port 22 -``` - -Enable and activate the firewall - -```bash -ufw enable && ufw reload -``` - -!!!note - You will never login to the server again as `root` again unless something has gone horribly wrong, and you're working with the developers. - - -## Change DNS A records - -Open the DNS manager of wherever your domain is hosted. - -Change the 3 A records `rmm`, `api` and `mesh` and point them to the public IP of your new server. - -## Run the restore script - -1. Make sure you're logged in with the non-root user (eg `tactical`) - -2. Copy the backup tar file you created during [backup](backup.md) to the new server. - -3. Download the restore script. - - wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh - chmod +x restore.sh - -4. Call the restore script, passing it the backup file as the first argument: - -```bash -./restore.sh rmm-backup-XXXXXXXXX.tar -``` diff --git a/docs/docs/script_variables.md b/docs/docs/script_variables.md deleted file mode 100644 index 1416f563..00000000 --- a/docs/docs/script_variables.md +++ /dev/null @@ -1,59 +0,0 @@ -# Script Variables - -Tactical RMM allows passing dashboard data into script as arguments. This uses the syntax `{{client.name}}`. - -See below for the available options. - -!!!info - Everything between {{}} is CaSe sEnSiTive - -## Agent - -- **{{agent.version}}** - Tactical RMM agent version -- **{{agent.operating_system}}** - Agent operating system example: *Windows 10 Pro, 64 bit (build 19042.928)* -- **{{agent.plat}}** - Will show the platform example: *windows* -- **{{agent.plat_release}}** - Will show the platform release -- **{{agent.hostname}}** - The hostname of the agent -- **{{agent.local_ips}}** - Local IP address of agent -- **{{agent.public_ip}}** - Public IP address of agent -- **{{agent.agent_id}}** - agent ID in database -- **{{agent.last_seen}}** - Date and Time Agent last seen -- **{{agent.used_ram}}** - Used RAM on agent. Returns an integer - example: *16* -- **{{agent.total_ram}}** - Total RAM on agent. Returns an integer - example: *16* -- **{{agent.boot_time}}** - Uptime of agent. Returns unix timestamp. example: *1619439603.0* -- **{{agent.logged_in_username}}** - Username of logged in user -- **{{agent.last_logged_in_user}}** - Username of last logged in user -- **{{agent.monitoring_type}}** - Returns a string of *workstation* or *server* -- **{{agent.description}}** - Description of agent in dashboard -- **{{agent.mesh_node_id}}** - The mesh node id used for linking the tactical agent to mesh. -- **{{agent.overdue_email_alert}}** - Returns true if overdue email alerts is enabled in TRMM -- **{{agent.overdue_text_alert}}** - Returns true if overdue SMS alerts is enabled in TRMM -- **{{agent.overdue_dashboard_alert}}** - Returns true if overdue agent alerts is enabled in TRMM -- **{{agent.offline_time}}** - Returns offline time setting for agent in TRMM -- **{{agent.overdue_time}}** - Returns overdue time setting for agent in TRMM -- **{{agent.check_interval}}** - Returns check interval time setting for agent in TRMM -- **{{agent.needs_reboot}}** - Returns true if reboot is pending on agent -- **{{agent.choco_installed}}** - Returns true if Chocolatey is installed -- **{{agent.patches_last_installed}}** - The date that patches were last installed by Tactical RMM. -- **{{agent.needs_reboot}}** - Returns true if the agent needs a reboot -- **{{agent.time_zone}}** - Returns timezone configured on agent -- **{{agent.maintenance_mode}}** - Returns true if agent is in maintenance mode -- **{{agent.block_policy_inheritance}}** - Returns true if agent has block policy inheritance -- **{{agent.alert_template}** - Returns true if agent has block policy inheritance - -## Client - -- **{{client.name}}** - Returns name of client - -## Site - -- **{{site.name}}** - Returns name of Site - -## Alert - -!!!info - Only available in failure and resolve actions on alert templates! - -- **{{alert.alert_time}}** - Time of the alert -- **{{alert.message}}** - Alert message -- **{{alert.severity}}** - Severity of the alert *info, warning, or error* diff --git a/docs/docs/securing_nginx.md b/docs/docs/securing_nginx.md deleted file mode 100644 index 3d27baa0..00000000 --- a/docs/docs/securing_nginx.md +++ /dev/null @@ -1,406 +0,0 @@ -# DISCLAIMER - -All the settings covered in this document have been tested against Tactical RMM v0.7.2 and v0.8.0. - -Before applying these settings in production, use a pre-production environment so potential disruptions in your own environment and the service that you provide to your clients can be avoided. - -!!!warning - **Use the contents included in this guide and apply the security settings detailed here at your own discretion.** - -## Intro - -This section is structured in three main subsections: - -* Enabling GeoIP in NGINX config with the purpose of filtering (blocking) web requests based on the country’s source IP. -* Enabling anti “bad” bots/referrers in HTTP requests to the NGINX server. -* Compiling and enabling ModSec + OWASP CRS in NGINX server. - -Each section can be enabled independently. - -## Hardening NGINX settings - -### GeoIP Integration in NGINX - Blocking Requests by Country Code - -Install required packages and NGINX module for GeoIP: - -```bash -# apt-get install geoip-database libgeoip1 libnginx-mod-http-geoip -``` - -Verify that the GeoIP database files have been placed in the right location: - -```bash -# ls -lrt /usr/share/GeoIP/ -total 10004 --rw-r--r-- 1 root root 8138841 Jan 24 2020 GeoIPv6.dat --rw-r--r-- 1 root root 2099217 Jan 24 2020 GeoIP.dat -``` - -Edit NGINX config file (“/etc/nginx/nginx.conf”) and add the following config under the “http {“ block: - -```conf -http { - - ## - # Basic Settings - ## - # Load GeoIP Database - geoip_country /usr/share/GeoIP/GeoIP.dat; - -``` - -The next settings will depend on the desired GeoIP blocking strategy. For “allow by default, deny by exception”, the config would be: - -```conf -http { - - ## - # Basic Settings - ## - # Load GeoIP Database - geoip_country /usr/share/GeoIP/GeoIP.dat; - # map the list of denied countries - map $geoip_country_code $allowed_country { - default yes; - # BLOCKED_COUNTRY_1 - COUNTRY_CODE_1 no; - # BLOCKED_COUNTRY_2 - COUNTRY_CODE_2 no; - # BLOCKED_COUNTRY_3 - COUNTRY_CODE_3 no; - } - -``` - -(The macro can be modified to achieve the “deny by default, allow by exception” approach). - -Finally, the following “if” statement needs to be placed in all the vhosts where the GeoIP blocking should take effect, under the “location” section: - -```conf - location / { - root /var/www/rmm/dist; - try_files $uri $uri/ /index.html; - add_header Cache-Control "no-store, no-cache, must-revalidate"; - add_header Pragma "no-cache"; - # block the country - if ($allowed_country = no) { - return 444; - } - } - -``` - -The HTTP Status = 444 is a good choice for NGINX not “wasting” too many resources in sending back the 4xx code to the client being blocked by GeoIP. - -### Blocking “bad bots” and “bad referrers” - -Nginx Bad Bot and User-Agent Blocker, Spam Referrer Blocker, Anti DDOS, Bad IP Blocker and Wordpress Theme Detector Blocker - -Source: - -[https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker](https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker) - -Download “install-ngxblocker” to your /usr/local/sbin/directory and make the script executable. - -```bash -sudo wget https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/install-ngxblocker -O /usr/local/sbin/install-ngxblocker -sudo chmod +x /usr/local/sbin/install-ngxblocker -``` - -**(OPTIONAL)**Now run the ”install-ngxblocker” script in **DRY-MODE** which will show you what changes it will make and what files it will download for you. This is only a DRY-RUN so no changes are being made yet. - -The install-ngxblocker downloads all required files including the setup and update scripts. - -```bash -cd /usr/local/sbin -sudo ./install-ngxblocker -``` - -This will show you output as follows of the changes that will be made (NOTE: this is only a **DRY-RUN** no changes have been made) - -```log -Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt -** Dry Run ** | not updating files | run as 'install-ngxblocker -x' to install files. -Creating directory: /etc/nginx/bots.d -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf -Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf -Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf -Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf -Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf -Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf -Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf -Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf -Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker -Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker -``` - -Now run the install script with the -x parameter to download all the necessary files from the repository: - -```bash -cd /usr/local/sbin/ -sudo ./install-ngxblocker -x -``` - -This will give you the following output: - -```log -Checking url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/include_filelist.txt -Creating directory: /etc/nginx/bots.d -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/conf.d/globalblacklist.conf [TO]=> /etc/nginx/conf.d/globalblacklist.conf...OK -Downloading [FROM]=> [REPO]/conf.d/botblocker-nginx-settings.conf [TO]=> /etc/nginx/conf.d/botblocker-nginx-settings.conf...OK -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/bots.d/blockbots.conf [TO]=> /etc/nginx/bots.d/blockbots.conf...OK -Downloading [FROM]=> [REPO]/bots.d/ddos.conf [TO]=> /etc/nginx/bots.d/ddos.conf...OK -Downloading [FROM]=> [REPO]/bots.d/whitelist-ips.conf [TO]=> /etc/nginx/bots.d/whitelist-ips.conf...OK -Downloading [FROM]=> [REPO]/bots.d/whitelist-domains.conf [TO]=> /etc/nginx/bots.d/whitelist-domains.conf...OK -Downloading [FROM]=> [REPO]/bots.d/blacklist-user-agents.conf [TO]=> /etc/nginx/bots.d/blacklist-user-agents.conf...OK -Downloading [FROM]=> [REPO]/bots.d/blacklist-ips.conf [TO]=> /etc/nginx/bots.d/blacklist-ips.conf...OK -Downloading [FROM]=> [REPO]/bots.d/bad-referrer-words.conf [TO]=> /etc/nginx/bots.d/bad-referrer-words.conf...OK -Downloading [FROM]=> [REPO]/bots.d/custom-bad-referrers.conf [TO]=> /etc/nginx/bots.d/custom-bad-referrers.conf...OK -REPO = https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master -Downloading [FROM]=> [REPO]/setup-ngxblocker [TO]=> /usr/local/sbin/setup-ngxblocker...OK -Downloading [FROM]=> [REPO]/update-ngxblocker [TO]=> /usr/local/sbin/update-ngxblocker...OK -``` - -All the required files have now been downloaded to the correct folders on Nginx for you direct from the repository. - -**NOTE:** The setup and update scripts can be used, however in this guide the config is done manually. For script execution, refer to the Github page linked above. - -Include any public IP addresses that should be whitelisted from bot and referrer analysis/blocking by editing the file “/etc/nginx/bots.d/whitelist-ips.conf”. - -Finally, edit every vhost file (“/etc/nginx/sites-enabled/frontend.conf”, “/etc/nginx/sites-enabled/rmm.conf” and “/etc/nginx/sites-enabled/meshcentral.conf”) and place the following include statements under the “server” block: - -```conf -server { - listen 443 ssl; - include /etc/nginx/bots.d/ddos.conf; - include /etc/nginx/bots.d/blockbots.conf; -``` - -## Enabling ModSec in NGINX - -All steps in this section taken from the NGINX blog post “Compiling and Installing ModSecurity for NGINX Open Source”: - -[https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/](https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/) - -### Install Prerequisite Packages - -The first step is to install the packages required to complete the remaining steps in this tutorial. Run the following command, which is appropriate for a freshly installed Ubuntu/Debian system. The required packages might be different for RHEL/CentOS/Oracle Linux. - -```bash -apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev -``` - -### Download and Compile the ModSecurity 3.0 Source Code - -With the required prerequisite packages installed, the next step is to compile ModSecurity as an NGINX dynamic module. In ModSecurity 3.0’s new modular architecture, libmodsecurity is the core component which includes all rules and functionality. The second main component in the architecture is a connector that links libmodsecurity to the web server it is running with. There are separate connectors for NGINX, Apache HTTP Server, and IIS. We cover the NGINX connector in the next section. - -To compile libmodsecurity: - -Clone the GitHub repository: - -```bash -git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity -``` - -Change to the ModSecurity directory and compile the source code: - -```bash -cd ModSecurity -git submodule init -git submodule update -./build.sh -./configure -make -make install -cd .. -``` - -The compilation takes about 15 minutes, depending on the processing power of your system. - -Note: It’s safe to ignore messages like the following during the build process. Even when they appear, the compilation completes and creates a working object. - -```log -fatal: No names found, cannot describe anything. -``` - -### Download the NGINX Connector for ModSecurity and Compile It as a Dynamic Module - -Compile the ModSecurity connector for NGINX as a dynamic module for NGINX. - -Clone the GitHub repository: - -```bash -git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git -``` - -Determine which version of NGINX is running on the host where the ModSecurity module will be loaded: - -```bash -$ nginx -v -nginx version: nginx/1.18.0 (Ubuntu) -``` - -Download the source code corresponding to the installed version of NGINX (the complete sources are required even though only the dynamic module is being compiled): - -```bash -wget http://nginx.org/download/nginx-1.18.0.tar.gz -tar zxvf nginx-1.18.0.tar.gz -``` - -Compile the dynamic module and copy it to the standard directory for modules: - -```bash -cd nginx-1.18.0 -./configure --with-compat --add-dynamic-module=../ModSecurity-nginx -make modules -cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules -cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/ -cd .. -``` - -### Load the NGINX ModSecurity Connector Dynamic Module - -Add the following load_module directive to the main (top‑level) context in /etc/nginx/nginx.conf. It instructs NGINX to load the ModSecurity dynamic module when it processes the configuration: - -```conf -load_module modules/ngx_http_modsecurity_module.so; -``` - -### Configure and Enable ModSecurity - -The final step is to enable and test ModSecurity. - -Set up the appropriate ModSecurity configuration file. Here we’re using the recommended ModSecurity configuration provided by TrustWave Spiderlabs, the corporate sponsors of ModSecurity. - -```bash -mkdir /etc/nginx/modsec -wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended -mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf -``` - -To guarantee that ModSecurity can find the unicode.mapping file (distributed in the top‑level ModSecurity directory of the GitHub repo), copy it to /etc/nginx/modsec. - -```bash -cp ModSecurity/unicode.mapping /etc/nginx/modsec -``` - -Change the SecRuleEngine directive in the configuration to change from the default “detection only” mode to actively dropping malicious traffic. - -```conf -#SecRuleEngine DetectionOnly -SecRuleEngine On -``` - -## Enabling OWASP Core Rule Set - -Clone OWASP CRS: - -```bash -cd /etc/nginx/modsec -git clone https://github.com/coreruleset/coreruleset.git -``` - -Create CRS setup config file: - -```bash -cp /etc/nginx/modsec/coreruleset/crs-setup.conf.example /etc/nginx/modsec/coreruleset/crs-setup.conf -``` - -Edit config file and enable a paranoia level of 2 (comment out section below and modify the paranoia level from 1 - default to 2): - -```conf -SecAction \ - "id:900000,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:tx.paranoia_level=2" -``` - -A Paranoia level of 2 is a good combination of security rules to load by the ModSec engine while keeping low the number of false positives. - -The OWASP CRS team carried out some tests using BURP against ModSec + OWASP CRS: - -![alt_text](images/owasp_burp.png "image_tooltip") - -Create ModSecurity base config file (“/etc/nginx/modsec/modsec-base-cfg.conf”) and include the following lines (the order is important)`:` - -```conf -Include /etc/nginx/modsec/modsecurity.conf -Include /etc/nginx/modsec/coreruleset/crs-setup.conf -Include /etc/nginx/modsec/coreruleset/rules/*.conf -``` - -Enable ModSec in all NGINX enabled sites: - -“/etc/nginx/sites-enabled/frontend.conf”, “/etc/nginx/sites-enabled/rmm.conf” and “/etc/nginx/sites-enabled/meshcentral.conf”: - -```conf -server { - modsecurity on; - modsecurity_rules_file /etc/nginx/modsec/modsec-base-cfg.conf; - -………………….. -………………….. -``` - -Tactical RMM custom rules: - -* Access to the admin UI (front-end): We apply the “deny by default, allow by exception” principle, whereby only a set of predefined public IPs should be allowed to access the UI -* API and Meshcentral: RMM agents and RMM UI (as referrer while an admin session is active) make web calls that get blocked by the OWASP CRS, specifically PUT, POST and PATCH methods. These three methods can be “whitelisted” when the requested URI matches legitimate requests. -* Connection to Meshcentral during Tactical agent install. - -Create a .conf file under “/etc/nginx/modsec/coreruleset/rules” named “RMM-RULES.conf”, for example, with the following content: - -```conf -#ADMIN UI/FRONTEND ACCESS - DENY BY DEFAULT, ALLOW BY EXCEPTION -SecRule SERVER_NAME "rmm.EXAMPLE.COM" "id:1001,phase:1,nolog,msg:'Remote IP Not allowed',deny,chain" -### ALLOWED PUBLIC IP 1 ######### -SecRule REMOTE_ADDR "!@eq IP1" chain -### ALLOWED PUBLIC IP 2 ######### -SecRule REMOTE_ADDR "!@eq IP2" "t:none" - -#API AND MESHCENTRAL - WHITELIST PUT, PATCH AND POST METHODS BY REQUESTED URI -SecRule REQUEST_URI "@beginsWith /api/v3/checkin" "id:1002,phase:1,t:none,nolog,allow,chain" -SecRule REQUEST_METHOD "PUT|PATCH" "t:none" -SecRule REQUEST_URI "@beginsWith /api/v3/checkrunner" "chain,id:'1003',phase:1,t:none,nolog,allow" -SecRule REQUEST_METHOD "PATCH" "t:none" -SecRule REQUEST_URI "@beginsWith /alerts/alerts" "chain,id:'1004',phase:1,t:none,nolog,allow" -SecRule REQUEST_METHOD "PATCH" "t:none" -SecRule REQUEST_URI "@beginsWith /agents/listagents" "chain,id:'1005',phase:1,t:none,nolog,allow" -SecRule REQUEST_METHOD "PATCH" "t:none" -SecRule REQUEST_URI "@beginsWith /api/v3/sysinfo" "chain,id:'1006',phase:1,t:none,nolog,allow" -SecRule REQUEST_METHOD "PATCH" "t:none" -SecRule REQUEST_URI "@beginsWith /api/v3/winupdates" "chain,id:'1007',phase:1,t:none,nolog,allow" -SecRule REQUEST_METHOD "POST" - -##REQUIRED FOR MANAGEMENT ACTIONS FROM ADMIN/FRONT-END UI. WHITELIST BY REFERRER's URL -SecRule REQUEST_HEADERS:REFERER "https://rmm.EXAMPLE.COM/" "id:1008,phase:1,nolog,ctl:ruleRemoveById=920170,allow" - -#REQUIRED FOR NEW CLIENTS TO CONNECT TO MESH SERVICE WHILE INSTALLING THE AGENT -SecRule REQUEST_URI "@beginsWith /api/v3/meshexe" "id:1009,phase:1,nolog,ctl:ruleRemoveById=920170,allow" - -### NOTE ON RULE ID = 920170 (WHITELISTED IN CASES ABOVE FOR TACTICAL RMM) ### -# Do not accept GET or HEAD requests with bodies -# HTTP standard allows GET requests to have a body but this -# feature is not used in real life. Attackers could try to force -# a request body on an unsuspecting web applications. -# -# -=[ Rule Logic ]=- -# This is a chained rule that first checks the Request Method. If it is a -# GET or HEAD method, then it checks for the existence of a Content-Length -# header. If the header exists and its payload is either not a 0 digit or not -# empty, then it will match. -# -# -=[ References ]=- -# http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.3 -### -``` diff --git a/docs/docs/security.md b/docs/docs/security.md deleted file mode 100644 index 1b0c5fe4..00000000 --- a/docs/docs/security.md +++ /dev/null @@ -1,7 +0,0 @@ -# Security - -If you think that you have found a security vulnerability in Tactical RMM, please disclose it to us via our security e-mail address at **security@amidaware.com** - -Please do not make vulnerabilities public without notifying us and giving us at least 3 days to respond. - -If you are going to write about Tactical RMM's security, please get in touch, so we can make sure that all claims are correct. \ No newline at end of file diff --git a/docs/docs/sponsor.md b/docs/docs/sponsor.md deleted file mode 100644 index c6513139..00000000 --- a/docs/docs/sponsor.md +++ /dev/null @@ -1,15 +0,0 @@ -# Sponsor Tactical RMM - -Tactical RMM is an MIT-licensed open-source project maintained by [@wh1te909](https://github.com/wh1te909), [@sadnub](https://github.com/sadnub) and a community of open source contributors. We work on behalf of the community to create new features, fix bugs, and maintain Tactical RMM. - -Tactical RMM is currently the only open-source RMM available on the market. Responses from a recent survey have rated Tactical RMM as having the fastest and most reliable remote command and script execution compared to all other commercial RMM's. Sponsorships help keep this project alive and motivate the developers to continue to put in more time and effort into the advancement of Tactical RMM. Thousands of hours have been put in to developing, maintaining, improving, and supporting Tactical RMM. Your sponsorship would be greatly appreciated and helpful to keep this project going. - -Funds donated will be used to setup a company to purchase a code signing certificate to sign all executables that are used by the RMM, costs needed to maintain demo and documentation sites, to support development of new features and the Linux and Mac agents. - -If you have signed up to be a sponsor and have not been added to the Sponsors role on discord after a few hours, or if your github username is different than your discord username, please DM wh1te909 on [Discord](https://discord.gg/upGTkWp) after sponsoring to be added to the Sponsors role. - -We are always looking for feedback and ways to improve Tactical RMM to better address your needs. Please feel free to open a [github issue](https://github.com/wh1te909/tacticalrmm/issues) or drop us a message on [Discord](https://discord.gg/upGTkWp) with your feedback or requests. - -[Sponsor with Github](https://github.com/wh1te909) - -[Sponsor with Ko-fi](https://ko-fi.com/tacticalrmm) diff --git a/docs/docs/stylesheets/extra.css b/docs/docs/stylesheets/extra.css deleted file mode 100644 index 78f3c1a0..00000000 --- a/docs/docs/stylesheets/extra.css +++ /dev/null @@ -1,10 +0,0 @@ -.md-header { - background-color: black !important; - color: white !important; -} -.md-search__input { - background-color: white !important; -} -.md-search__icon[for=__search]{ - color: initial; -} diff --git a/docs/docs/support_templates/Initial questions.txt b/docs/docs/support_templates/Initial questions.txt deleted file mode 100644 index 4121e8e0..00000000 --- a/docs/docs/support_templates/Initial questions.txt +++ /dev/null @@ -1,9 +0,0 @@ -1. Standard/Docker -2. VPS/onprem -3. Are you using a proxy? -4. What version of Ubuntu/Debian, is it a Desktop or Server -5. Specs of machine including hard drive spec is it ssd or mechanical? -6. have you looked at the troubleshooting on github? -7. are you using a real domain -8. did letsencrypt finalise and work -9. are you using the standard ssl certs or something else? \ No newline at end of file diff --git a/docs/docs/support_templates/Initial questionsv2.txt b/docs/docs/support_templates/Initial questionsv2.txt deleted file mode 100644 index e1393bc9..00000000 --- a/docs/docs/support_templates/Initial questionsv2.txt +++ /dev/null @@ -1,23 +0,0 @@ -Note: If you don't want to share any specific info publicly on discord you can DM me that data -1. Install type? (Standard/Docker) - If standard install did you deviate IN ANY WAY from these instructions? https://wh1te909.github.io/tacticalrmm/install_server/ - If docker install did you deviate IN ANY WAY from these instructions? https://wh1te909.github.io/tacticalrmm/install_docker/ -2. Where is the server? (VPS/onprem) -3. New install, or established? Rough age of TRMM server (days/weeks/months)? - -Server Install Specific questions: -4. What version of Ubuntu/Debian, is it a Desktop or Server -5. Are you using a real domain -6. Did letsencrypt finalize and work -7. Have you looked at the troubleshooting steps on github? https://wh1te909.github.io/tacticalrmm/troubleshooting/ -8. What kind of ssl certs? Let's Encrypt, or purchased (you're not trying to make self-signed work right?) -9. Check Expiry date of your certificates in the browser (at https://rmm.example.com ) - -Network Troubleshooting -10. Are you using a proxy? -11. Are you a wizard? See https://wh1te909.github.io/tacticalrmm/unsupported_guidelines/ - If so, what's in the network between agent and server? - -Agent Troubleshooting -12. Is there ANY 3rd party Antivirus installed on the computer? -13. Is there any network based filtering/AV filtering? \ No newline at end of file diff --git a/docs/docs/tidbits.md b/docs/docs/tidbits.md deleted file mode 100644 index 82f37bb5..00000000 --- a/docs/docs/tidbits.md +++ /dev/null @@ -1,12 +0,0 @@ -# Misc info - -## Run Intervals for Checks - -You can modify at several locations/levels: - -* **Settings Menu > Automation Manager > Checks tab >** Edit check -* Agent Level: **Edit Agent > Run checks every** -* Edit Check under agent > Run this check every (seconds) - -!!!note - The interval under check will override agent check if set \ No newline at end of file diff --git a/docs/docs/tipsntricks.md b/docs/docs/tipsntricks.md deleted file mode 100644 index 99372b42..00000000 --- a/docs/docs/tipsntricks.md +++ /dev/null @@ -1,72 +0,0 @@ -# Tips and Tricks - -## Server Monitoring - -Monitor Network usage: - -Realtime Everything Usage: (_only run when needed because it uses a lot of resources_): - -## Customize User Interface - -At the top right of your web administration interface, click your Username > preferences. Set default tab: Servers|Workstations|Mixed - -![User Preferences](images/trmm_user_preferences.png) - -***** - -## Use the filters in the agent list - -![User Preferences](images/tipsntricks_filters.png) - -***** -## MeshCentral - -Tactical RMM is actually 2 products: An RMM service with agent, and a secondary [MeshCentral](https://github.com/Ylianst/MeshCentral) install that handles the `Take Control` and `Remote Background` stuff. - -Want to download multiple files? - -> ZIP zip's the currently selected file(s) and saves it in the current directory. Then you can download the ZIP. It doesn't download and ZIP on the fly. - -### Adjust Settings - -Right-click the connect button in *Remote Background | Terminal* for shell options - -![Terminal](images/tipsntricks_meshterminal.png) - -Right-click the connect button in *Take Control* for connect options - -![Terminal](images/tipsntricks_meshcontrol.png) - -### Enable Remote Control options - -!!!note - These settings are independent of Tactical RMM. Enable features (like auto remove inactive devices) with caution - -1. Remote background a machine then go to mesh.EXAMPLE.COM -2. Click on My Account -3. Click on the device group you want to enable notifications or accept connection etc on (probably TacticalRMM) -4. Next to User Consent click edit (the wee pencil)
-![Features](images/mesh_userconsent.png) -5. You can also change features by ticking whatever boxes you want in there (Features: Sync server device name to hostname, Automatically remove inactive devices, Notify/Prompt for Consent/Connection Toolbar settings)
-![Features](images/mesh_features.png) -6. Ok your way out - -### Agent online/offline logs - -In mesh from the agent | General Tab - -![online](images/mesh_agent_onlineoffline.png) -## Scripts - -### When Running Scripts - -Use the (i) at the end of the script name to: - -- Hover: see script parameter syntax help -- Left Click: Opens the script source in Github - -![Script Parameter Syntax](images/tipsntricks_script_syntaxhelp.png) - -## Running a command on Tactical with Tactical - -Use the agent recovery "shell command" feature that will run in detached process so it won't kill itself or create a script that runs detached to call it. diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md deleted file mode 100644 index 94266044..00000000 --- a/docs/docs/troubleshooting.md +++ /dev/null @@ -1,217 +0,0 @@ -# Troubleshooting - -## Server Troubleshooting Script - -If you've asked for help in [#support](https://discord.com/channels/736478043522072608/744282073870630912) please run this, and send a screenshot at the top of the thread created for troubleshooting your issue. - -Blur your domains if you desire privacy. - -```bash -wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/troubleshoot_server.sh -chmod +x troubleshoot_server.sh -./troubleshoot_server.sh -``` - -## Make sure DNS (name resolution) was setup properly - -### From the agent - -Open command prompt - -```cmd -ping rmm.example.com -ping api.example.com -ping mesh.example.com -``` - -The IP address for all 3 should reflect your Tactical RMM server - -## Problems after new server install - -In the very unlikely event you have issues after install please wipe the box and install again (following all the steps including downloading the install script _but not running it yet_) use the following command which will log the install progress and if you continue to have issues will assist with support of the installation. - -```bash -bash -x install.sh 2>&1 | tee install.log -``` - -!!!note - Logging of installs isn’t desirable as it logs extremely sensitive information which is why this isn’t done by default! **Do not** post the raw log publicly only provide it if requested and then by dm only. Authorized users in Discord are: @BurningTimes#1938 @sadnub#6992 @dinger1986#1734 @silversword#9652 - -## "Bad credentials" error when trying to login to the Web UI - -If you are sure you are using the correct credentials and still getting a "bad credentials" error, open your browser's dev tools (++ctrl+shift+j++ on chrome) and check the Console tab to see the real error. - -It will most probably be a CORS error which means you need to check your DNS settings and make sure whatever computer you're trying to access the UI from resolves your 3 subdomains to the correct IP of the server running the RMM (public IP if running in the cloud, or private IP if running behind NAT). - -If you see an error about SSL or certificate expired, then your Let's Encrypt cert has probably expired and you'll need to renew it. - -Refer to the Let's Encrypt cert renewal instructions [here](update_server.md#keeping-your-lets-encrypt-certificate-up-to-date) - -## Agents not installing or updating - -The most common problem we've seen of agents not installing or updating is due to Antivirus blocking the updater executable. - -Windows Defender will 100% of the time block the updater from running unless an exclusion is set. - -Refer to the [Agent Installation](install_agent.md) instructions for AV exceptions to set and manually doing an agent update with logging to troubleshoot further. - -Agents will also not automatically update if they are too old. - -Since Tactical RMM is still in alpha and the developers makes breaking changes pretty frequently, there is no promise of backwards compatibility. - -If you have agents that are relatively old, you will need to uninstall them manually and reinstall using the latest version. - -## Agents not checking in or showing up / General agent issues - -These are nats problems. Try quickfix first: - -### from Admin Web Interface - -First, reload NATS from tactical's web UI:
-*Tools > Server Maintenance > Reload Nats Configuration* - -If that doesn't work, check each part starting with the server: - -### Server SSH login - -Reload NATS: - -```bash -/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reload_nats -sudo systemctl restart nats.service -``` - -Look at nats service errors (make sure it's running) - -```bash -sudo systemctl status nats.service -``` - -If nats isn't running see detailed reason why it isn't: - -```bash -sudo systemctl stop nats.service -nats-server -DVV -c /rmm/api/tacticalrmm/nats-rmm.conf -``` - -Fix the problem, then restart nats. -``` -sudo systemctl restart nats.service -``` - -### From Agent Install - -Open CMD as admin on the problem computer and stop the agent services: - -```cmd -net stop tacticalagent -net stop tacticalrpc -``` - -Run the tacticalagent service manually with debug logging: - -```cmd -"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m winagentsvc -log debug -logto stdout -``` - -Run the tacticalrpc service manually with debug logging: - -```cmd -"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m rpc -log debug -logto stdout -``` - -This will print out a ton of info. You should be able to see the error from the debug log output. - -Please then copy/paste the logs and post them either in our [Discord support chat](https://discord.gg/upGTkWp), or create a [github issue](https://github.com/wh1te909/tacticalrmm/issues). - -If all else fails, simply uninstall the agent either from control panel or silently with `"C:\Program Files\TacticalAgent\unins000.exe" /VERYSILENT` and then reinstall the agent. - -## All other errors - -First, run the [update script](update_server.md#updating-to-the-latest-rmm-version) with the `--force` flag. - -This will fix permissions and reinstall python/node packages that might have gotten corrupted. - -```bash -./update.sh --force -``` - -Check the debug log from the web UI: **File > Debug Log** - -Open your browser's dev tools (++ctrl+shift+j++ on chrome) and check the Console tab for any errors - -Check all the systemd services that the rmm uses to function and check to make sure they're all active/running and enabled: - -```bash -sudo systemctl status rmm.service -sudo systemctl status daphne.service -sudo systemctl status celery.service -sudo systemctl status celerybeat.service -sudo systemctl status nginx.service -sudo systemctl status nats.service -sudo systemctl status nats-api.service -sudo systemctl status meshcentral.service -sudo systemctl status mongod.service -sudo systemctl status postgresql.service -sudo systemctl status redis-server.service -``` - -or you can use `systemctl --failed` to see any failed services on your machine. - -Read through the log files in the following folders and check for errors: - -```bash -/rmm/api/tacticalrmm/tacticalrmm/private/log -/var/log/celery -``` - -## Using Cloudflare DNS - -- rmm.example.com can be proxied. - -- api.example.com can NOT be proxied. - -- mesh.example.com can be proxied with the caveat that Mesh checks the cert presented to the agent is the same one on the server. I.e. no MITM. You'll need to copy Cloudflare's edge cert to your server if you want to proxy this domain. - -If you're getting `Invalid group id` at the end of the install you're probably doing something wrong/wrong IP for api. - -## Testing Network Connectivity between agent and server - -Use powershell, make sure you can connect to 443 and 4222 from agent to server: - -```powershell -Test-NetConnection -ComputerName api.example.com -Port 4222 -``` - -```powershell -Test-NetConnection -ComputerName api.example.com -Port 443 -``` - -```powershell -Test-NetConnection -ComputerName rmm.example.com -Port 443 -``` - -Are you trying to use a proxy to share your single public IP with multiple services on 443? This is complicated and [unsupported by Tactical RMM](unsupported_scripts.md), test your setup. - -## Mesh Agent x86 x64 integration with TRMM - -1. Log into Mesh (you can right-click any agent, choose remote control or Remote Background) -2. Goto your mesh interface (eg `https://mesh.EXAMPLE.COM`) -3. Find your TacticalRMM group -4. Click the add link -5. Download both agents -6. In Tactical RMM, go **Settings > Global Settings > MeshCentral > Upload Mesh Agents** upload them both into the appropriate places. - -## Need to recover your mesh token? - -Login to server with SSH and run: - -```bash -node /meshcentral/node_modules/meshcentral --logintokenkey -``` - -## Mesh Agent Not Connecting to server - -When agents don't show up in your mesh console (after logging into https://mesh.EXAMPLE.COM), and all data is blank. Your AV has most likely blocked the agent. - -![Mesh Not Connecting](images/mesh_no_data.png) diff --git a/docs/docs/unsupported_guidelines.md b/docs/docs/unsupported_guidelines.md deleted file mode 100644 index 3d676421..00000000 --- a/docs/docs/unsupported_guidelines.md +++ /dev/null @@ -1,41 +0,0 @@ -# Unsupported Guidelines - -## General Information - -Tactical RMM is designed to be secure by default. - -You **CAN** **_expose_** it to the internet, and start deploying agents. - -You **CAN** **_not expose_** it to the internet, and start deploying agents. - -### Period - -!!!info - BIG PERIOD **.** <--- See, it's really really big 🙂 - -## That said - -There are those that wish to add layers to their security onion. For the benefit of others following in their footsteps, we have added here for your convenience additional information on a range of subjects and technologies that have been graciously donated to us by the community at large. - -Please be aware that those providing help and assistance in the Discord [#support](https://discord.com/channels/736478043522072608/744282073870630912) channel will generally assume that you are **not** one of these wizards of networking magic. - -Should you employ any one or several of these unsupported technologies: - -* Proxies -* Firewalls -* GeoIP filters -* fail2ban filters -* alternate methods of SSL cert management -* IDSs -* IPSs -* SDNs -* Did anything other than follow the installation instructions exactly -* and any/all other magical ABC thru XYZ technologies - -Please let us know **BEFORE** we start troubleshooting and looking for software bugs that you are...in fact...a 🧙...and using something non-standard 😉 - -These are "unsupported" because then we are troubleshooting **your** environment, not Tactical RMM. You need to have knowledge about how things work if you're going to stray from the [easy path](../install_server/#option-1-easy-install) of the standard install. - -Help us maximize keeping developer time and resources focused on new releases...not support goosechases. - -Thank you and #KeepDeploying diff --git a/docs/docs/unsupported_scripts.md b/docs/docs/unsupported_scripts.md deleted file mode 100644 index 942302a3..00000000 --- a/docs/docs/unsupported_scripts.md +++ /dev/null @@ -1,939 +0,0 @@ -# Unsupported Reference Scripts - -!!!note - These are not supported scripts/configurations by Tactical RMM, but it's provided here for your reference. - - Although these aren't officially supported configurations, we generally will help point you in the right direction. Please use the Discord [#unsupported channel](https://discord.com/channels/736478043522072608/888474319750066177) to discuss issues replated to these complex installations - -## General Notes on Proxies and Tactical RMM - -### Port 443 - -Make sure websockets option is enabled. - -All 3 URL's will need to be configured: `rmm`, `api`, `mesh` - -For `mesh` see the Section 10. TLS Offloading of the [MeshCentral 2 User Guide](https://info.meshcentral.com/downloads/MeshCentral2/MeshCentral2UserGuide.pdf) - -### Port 4222 - -Is NATS (). You'll need a TCP forwarder as NATS only talks TCP not HTTP. - -## Traefikv2 - -Offsite Resource: - -This section will assume that by default Traefik will reverse proxy everything on port 443. - -Here is a basic Traefik config with docker-composer note the file.directory and file.watch are important. -```bash -version: "3.7" -services: - traefik: - container_name: traefik24 - image: traefik:v2.4 - restart: unless-stopped - command: - - --entryPoints.http.address=:80 - - --entryPoints.https.address=:443 - - --providers.docker=true - - --providers.docker.endpoint=unix:///var/run/docker.sock - - --providers.docker.defaultrule=HostHeader(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`) - ## This is important, to load the config for RMM and Mesh - - --providers.file.directory=rules # Load dynamic configuration from one or more .toml or .yml files in a directory. - - --providers.file.watch=true # Only works on top level files in the rules folder - #### - - --certificatesresolvers.dns-cloudflare.acme.dnschallenge=true - - --certificatesResolvers.dns-cloudflare.acme.email=$CLOUDFLARE_EMAIL - - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json - - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare - - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53 - ports: - - target: 80 - published: 80 - protocol: tcp - mode: host - - target: 443 - published: 443 - protocol: tcp - mode: host - volumes: - ##The rules that we will load## - - $USERDIR/docker/traefik2/rules:/rules - ## - - /var/run/docker.sock:/var/run/docker.sock:ro - - $USERDIR/docker/traefik2/acme/acme.json:/acme.json - - $USERDIR/docker/traefik2/traefik.log:/traefik.log - environment: - - CF_API_EMAIL=$CLOUDFLARE_EMAIL - - CF_API_KEY=$CLOUDFLARE_API_KEY - labels: - - "traefik.enable=true" - # HTTP-to-HTTPS Redirect - - "traefik.http.routers.http-catchall.entrypoints=http" - - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - # HTTP Routers - - "traefik.http.routers.traefik-rtr.entrypoints=https" - - "traefik.http.routers.traefik-rtr.rule=HostHeader(`traefik.$DOMAINNAME`)" - - "traefik.http.routers.traefik-rtr.tls=true" - - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME" - - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME" -``` - -Before proceding, we need to change the port 443 to 4430 and 80 to 800 because the port 443 and 80 are alredy used by Traefik. - -Here is a snippet of the only thing you should modify into docker-compose file of the installation. - -```bash - # container for tactical reverse proxy - tactical-nginx: - container_name: trmm-nginx - image: ${IMAGE_REPO}tactical-nginx:${VERSION} - restart: always - environment: - APP_HOST: ${APP_HOST} - API_HOST: ${API_HOST} - MESH_HOST: ${MESH_HOST} - CERT_PUB_KEY: ${CERT_PUB_KEY} - CERT_PRIV_KEY: ${CERT_PRIV_KEY} - networks: - proxy: - ipv4_address: 172.20.0.20 - ports: - - "800:80" ## port 800 instead of 80 - - "4430:443" ## port 4430 instead of 443 -``` -Once save, make sure you run the docker-compose or installation script at least once, so all the directory structure are created. -Once you have your certificate (acme.json) generated by traefikv2 we will be able to extract it for rmm. - -Copy the acme.json create by traefik into the root of your rmm directory (In my case its $USERDIR/docker/rmm) which you should have already define. -After that we can run this docker to extract the certificates for us. -```bash -version: "3.7" -services: -##Copy the acme.json of Traefik2 at volumes: (userdir/docker/rmm in this case) - traefik-certs-dumper: - image: ldez/traefik-certs-dumper:v2.7.4 - entrypoint: sh -c ' - apk add jq - ; while ! [ -e /data/acme.json ] - || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do - sleep 1 - ; done - && traefik-certs-dumper file --version v2 --watch - --source /data/acme.json --dest data/certs' - volumes: - - $USERDIR/docker/rmm:/data -``` -Once completed, you should have 1 new folder into you rmm directory $USERDIR/docker/rmm/**certs** in this example. -As the installation instruction, we will pass those to the .env - -```bash -echo "CERT_PUB_KEY=$(sudo base64 -w 0 $USERDIR/docker/rmm/certs/certs/**yourdomaine.com.crt**)" >> .env -echo "CERT_PRIV_KEY=$(sudo base64 -w 0 $USERDIR/docker/rmm/certs/private/**yourdomaine.com.key**)" >> .env -``` - -Next we can create 3 rules to tell traefik to correctly route the https and agent -For that we will create 2 rules into traefik directory as per it configuration. folder/traefik/rules - -create -```bash -nano app-mesh.toml -``` -and inside it we add -```bash -[http.routers] - [http.routers.mesh-rtr] - entryPoints = ["https"] - rule = "Host(`mesh.**yourdomain.com**`)" - service = "mesh-svc" -##middleware with 2fa -[http.services] - [http.services.mesh-svc] - [http.services.mesh-svc.loadBalancer] - passHostHeader = true - [[http.services.mesh-svc.loadBalancer.servers]] - url = "https://**xxx.xxx.xxx.xxx**:4430" # or whatever your external host's IP is -``` - - -create -```bash -nano app-meshagent.toml -``` -and inside it we add - -```bash -[http.routers] - [http.routers.mesh-rtr1] - entryPoints = ["https"] - rule = """Host(`mesh.**yourdomain.com**`) && - PathPrefix( `/agent.ashx`, `/meshrelay.ashx`, ) && - Headers(`X-Forwarded-Proto`, `wss`) """ - ##Don't add middle where, the agent wont work. -[http.services] - [http.services.mesh-svc1] - [http.services.mesh-svc.loadBalancer] - passHostHeader = true - [[http.services.mesh-svc1.loadBalancer.servers]] - url = "https://**xxx.xxx.xxx.xxx**:4430" # or whatever your external host's IP is - -``` -create -```bash -nano app-rmm.toml -``` -and inside it we add - -```bash -[http.routers] - [http.routers.rmm-rtr] - entryPoints = ["https"] - rule = "Host(`rmm.**yourdomain.com**`)" - service = "rmm-svc" - - ##middleware with 2fa - -[http.services] - [http.services.rmm-svc] - [http.services.rmm-svc.loadBalancer] - passHostHeader = true - [[http.services.rmm-svc.loadBalancer.servers]] - url = "https://xxx.xxx.xxx.xxx:4430" # or whatever your external host's IP:port is -``` - -That it, you can now restart Tactical rmm and mesh.yourdomain.com should work, same for the agent. -Please note that if you have a middleware with 2FA you can still use it with the inside mesh.toml but do not add it with the agent. - -## HAProxy - -Check/Change the mesh central config.json, some of the values may be set already, CertUrl must be changed to point to the HAProxy server. - -### Meshcentral Adjustment - -Credit to [@bradhawkins](https://github.com/bradhawkins85) - -Edit Meshcentral config - -```bash -nano /meshcentral/meshcentral-data/config.json -``` - -Insert this (modify `HAProxyIP` to your network) - -```conf -{ - "settings": { - "Port": 4430, - "AliasPort": 443, - "RedirPort": 800, - "TlsOffload": "127.0.0.1", - }, - "domains": { - "": { - "CertUrl": "https://HAProxyIP:443/", - } - } -} -``` - -Restart meshcentral - -```bash -service meshcentral restart -``` - -### HAProxy Config - -The order of use_backend is important `Tactical-Mesh-WebSocket_ipvANY` must be before `Tactical-Mesh_ipvANY` -The values of `timeout connect`, `timeout server`, `timeout tunnel` in `Tactical-Mesh-WebSocket` have been configured to maintain a stable agent connection, however you may need to adjust these values to suit your environment. - -```conf -frontend HTTPS-merged - bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy/HTTPS.crt_list #ADJUST THIS TO YOUR OWN SSL CERTIFICATES - mode http - log global - option socket-stats - option dontlognull - option http-server-close - option forwardfor - acl https ssl_fc - http-request set-header X-Forwarded-Proto http if !https - http-request set-header X-Forwarded-Proto https if https - timeout client 30000 - acl RMM var(txn.txnhost) -m sub -i rmm.example.com - acl aclcrt_RMM var(txn.txnhost) -m reg -i ^([^\.]*)\.example\.com(:([0-9]){1,5})?$ - acl API var(txn.txnhost) -m sub -i api.example.com - acl aclcrt_API var(txn.txnhost) -m reg -i ^([^\.]*)\.example\.com(:([0-9]){1,5})?$ - acl is_websocket hdr(Upgrade) -i WebSocket - acl is_mesh var(txn.txnhost) -m beg -i mesh.example.com - acl aclcrt_MESH-WebSocket var(txn.txnhost) -m reg -i ^([^\.]*)\.example\.com(:([0-9]){1,5})?$ - acl MESH var(txn.txnhost) -m sub -i mesh.example.com - acl aclcrt_MESH var(txn.txnhost) -m reg -i ^([^\.]*)\.example\.com(:([0-9]){1,5})?$ - #PUT OTHER USE_BACKEND IN HERE - use_backend Tactical_ipvANY if RMM aclcrt_RMM - use_backend Tactical_ipvANY if API aclcrt_API - use_backend Tactical-Mesh-WebSocket_ipvANY if is_websocket is_mesh aclcrt_MESH-WebSocket - use_backend Tactical-Mesh_ipvANY if MESH aclcrt_MESH - -frontend http-to-https - bind 0.0.0.0:80 - mode http - log global - option http-keep-alive - timeout client 30000 - http-request redirect scheme https - - -backend Tactical_ipvANY - mode http - id 100 - log global - timeout connect 30000 - timeout server 30000 - retries 3 - option httpchk GET / - server tactical 192.168.10.123:443 id 101 ssl check inter 1000 verify none - - -backend Tactical-Mesh-WebSocket_ipvANY - mode http - id 113 - log global - timeout connect 3000 - timeout server 3000 - retries 3 - timeout tunnel 3600000 - http-request add-header X-Forwarded-Host %[req.hdr(Host)] - http-request add-header X-Forwarded-Proto https - server tactical 192.168.10.123:443 id 101 ssl verify none - -backend Tactical-Mesh_ipvANY - mode http - id 112 - log global - timeout connect 15000 - timeout server 15000 - retries 3 - option httpchk GET / - timeout tunnel 15000 - http-request add-header X-Forwarded-Host %[req.hdr(Host)] - http-request add-header X-Forwarded-Proto https - server tactical 192.168.10.123:443 id 101 ssl check inter 1000 verify none -``` - -## fail2ban - -### Install fail2ban - -```bash -sudo apt install -y fail2ban -``` - -### Set Tactical fail2ban filter conf File - -```bash -tacticalfail2banfilter="$(cat << EOF -[Definition] -failregex = ^.*400.17.*$ -ignoreregex = ^.*200.*$ -EOF -)" -sudo echo "${tacticalfail2banfilter}" > /etc/fail2ban/filter.d/tacticalrmm.conf -``` - -### Set Tactical fail2ban jail conf File - -```bash -tacticalfail2banjail="$(cat << EOF -[tacticalrmm] -enabled = true -port = 80,443 -filter = tacticalrmm -action = iptables-allports[name=tactical] -logpath = /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log -maxretry = 3 -bantime = 14400 -findtime = 14400 -EOF -)" -sudo echo "${tacticalfail2banjail}" > /etc/fail2ban/jail.d/tacticalrmm.local -``` - -### Restart fail2ban - -```bash -sudo systemctl restart fail2ban.service -``` - -## Using purchased SSL certs instead of LetsEncrypt wildcards - -Credit to [@dinger1986](https://github.com/dinger1986) - -How to change certs used by Tactical RMM to purchased ones (this can be a wildcard cert). - -You need to add the certificate private key and public keys to the following files: - -`/etc/nginx/sites-available/rmm.conf` - -`/etc/nginx/sites-available/meshcentral.conf` - -`/etc/nginx/sites-available/frontend.conf` - -`/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` - -1. create a new folder for certs and allow tactical user permissions (assumed to be tactical) - - sudo mkdir /certs - sudo chown -R tactical:tactical /certs" - -2. Now move your certs into that folder. - -3. Open the api file and add the api certificate or if its a wildcard the directory should be `/certs/EXAMPLE.COM/` - - sudo nano /etc/nginx/sites-available/rmm.conf - - replace - - ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem; - - with - - ssl_certificate /certs/api.EXAMPLE.COM/fullchain.pem; - ssl_certificate_key /certs/api.EXAMPLE.COM/privkey.pem; - -4. Repeat the process for - - /etc/nginx/sites-available/meshcentral.conf - /etc/nginx/sites-available/frontend.conf - - but change api. to: mesh. and rmm. respectively. - -5. Add the following to the last lines of `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` - - nano /rmm/api/tacticalrmm/tacticalrmm/local_settings.py - - add - - CERT_FILE = "/certs/api.EXAMPLE.COM/fullchain.pem" - KEY_FILE = "/certs/api.EXAMPLE.COM/privkey.pem" - - -6. Regenerate Nats Conf - - cd /rmm/api/tacticalrmm - source ../env/bin/activate - python manage.py reload_nats - -7. Restart services - - sudo systemctl restart rmm.service celery.service celerybeat.service nginx.service nats.service nats-api.service - -## Use certbot to do acme challenge over http - -The standard SSL cert process in Tactical uses a [DNS challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) that requires dns txt files to be updated in your public DNS with every cert renewal. - -The below script uses [http challenge](https://letsencrypt.org/docs/challenge-types/#http-01-challenge) on the 3 separate ssl certs, one for each subdomain: rmm, api, mesh. They still have the same 3 month expiry. Restart the Tactical RMM server about every 2.5 months (80 days) for auto-renewed certs to become active. - -!!!note - Your Tactical RMM server will need to have TCP Port: 80 exposed to the internet - -```bash -#!/bin/bash - -###Set colours same as Tactical RMM install and Update -YELLOW='\033[1;33m' -GREEN='\033[0;32m' -RED='\033[0;31m' -NC='\033[0m' - -### Ubuntu 20.04 Check - -UBU20=$(grep 20.04 "/etc/"*"release") -if ! [[ $UBU20 ]]; then - echo -ne "\033[0;31mThis script will only work on Ubuntu 20.04\e[0m\n" - exit 1 -fi - -cls() { - printf "\033c" -} - -print_green() { - printf >&2 "${GREEN}%0.s-${NC}" {1..80} - printf >&2 "\n" - printf >&2 "${GREEN}${1}${NC}\n" - printf >&2 "${GREEN}%0.s-${NC}" {1..80} - printf >&2 "\n" -} - -cls - -### Set variables for domains - -while [[ $rmmdomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain used for the backend (e.g. api.example.com)${NC}: " -read rmmdomain -done - -while [[ $frontenddomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain used for the frontend (e.g. rmm.example.com)${NC}: " -read frontenddomain -done - -while [[ $meshdomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain used for meshcentral (e.g. mesh.example.com)${NC}: " -read meshdomain -done - -echo -ne "${YELLOW}Enter the current root domain (e.g. example.com or example.co.uk)${NC}: " -read rootdomain - - -### Setup Certificate Variables -CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem -CERT_PUB_KEY=/etc/letsencrypt/live/${rootdomain}/fullchain.pem - -### Make Letsencrypt directories - -sudo mkdir /var/www/letsencrypt -sudo mkdir /var/www/letsencrypt/.mesh -sudo mkdir /var/www/letsencrypt/.rmm -sudo mkdir /var/www/letsencrypt/.api - -### Remove config files for nginx - -sudo rm /etc/nginx/sites-available/rmm.conf -sudo rm /etc/nginx/sites-available/meshcentral.conf -sudo rm /etc/nginx/sites-available/frontend.conf -sudo rm /etc/nginx/sites-enabled/rmm.conf -sudo rm /etc/nginx/sites-enabled/meshcentral.conf -sudo rm /etc/nginx/sites-enabled/frontend.conf - -### Setup tactical nginx config files for letsencrypt - -nginxrmm="$(cat << EOF -server_tokens off; -upstream tacticalrmm { - server unix:////rmm/api/tacticalrmm/tacticalrmm.sock; -} -map \$http_user_agent \$ignore_ua { - "~python-requests.*" 0; - "~go-resty.*" 0; - default 1; -} -server { - listen 80; - server_name ${rmmdomain}; - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt/.api/;} - location / { - return 301 https://\$server_name\$request_uri;} -} -server { - listen 443 ssl; - server_name ${rmmdomain}; - client_max_body_size 300M; - access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log; - error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; - - location /static/ { - root /rmm/api/tacticalrmm; - } - location /private/ { - internal; - add_header "Access-Control-Allow-Origin" "https://${frontenddomain}"; - alias /rmm/api/tacticalrmm/tacticalrmm/private/; - } -location ~ ^/ws/ { - proxy_pass http://unix:/rmm/daphne.sock; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; -} - location /saltscripts/ { - internal; - add_header "Access-Control-Allow-Origin" "https://${frontenddomain}"; - alias /srv/salt/scripts/userdefined/; - } - location /builtin/ { - internal; - add_header "Access-Control-Allow-Origin" "https://${frontenddomain}"; - alias /srv/salt/scripts/; - } - location ~ ^/(natsapi) { - allow 127.0.0.1; - deny all; - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 500s; - uwsgi_ignore_client_abort on; - } - location / { - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 9999s; - uwsgi_ignore_client_abort on; - } -} -EOF -)" -echo "${nginxrmm}" | sudo tee /etc/nginx/sites-available/rmm.conf > /dev/null - - -nginxmesh="$(cat << EOF -server { - listen 80; - server_name ${meshdomain}; - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt/.mesh/;} - location / { - return 301 https://\$server_name\$request_uri;} -} -server { - listen 443 ssl; - proxy_send_timeout 330s; - proxy_read_timeout 330s; - server_name ${meshdomain}; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; - ssl_session_cache shared:WEBSSL:10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - location / { - proxy_pass http://127.0.0.1:4430/; - proxy_http_version 1.1; - proxy_set_header Host \$host; - proxy_set_header Upgrade \$http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host \$host:\$server_port; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \$scheme; - } -} -EOF -)" -echo "${nginxmesh}" | sudo tee /etc/nginx/sites-available/meshcentral.conf > /dev/null - - - -nginxfrontend="$(cat << EOF -server { - server_name ${frontenddomain}; - charset utf-8; - location / { - root /var/www/rmm/dist; - try_files \$uri \$uri/ /index.html; - add_header Cache-Control "no-store, no-cache, must-revalidate"; - add_header Pragma "no-cache"; - } - error_log /var/log/nginx/frontend-error.log; - access_log /var/log/nginx/frontend-access.log; - listen 443 ssl; - ssl_certificate ${CERT_PUB_KEY}; - ssl_certificate_key ${CERT_PRIV_KEY}; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; -} -server { - listen 80; - server_name ${frontenddomain}; - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt/.rmm/;} - location / { - return 301 https://\$host\$request_uri;} -} -EOF -)" -echo "${nginxfrontend}" | sudo tee /etc/nginx/sites-available/frontend.conf > /dev/null - -### Relink nginx config files - -sudo ln -s /etc/nginx/sites-available/rmm.conf /etc/nginx/sites-enabled/rmm.conf -sudo ln -s /etc/nginx/sites-available/meshcentral.conf /etc/nginx/sites-enabled/meshcentral.conf -sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/frontend.conf - -### Restart nginx - -sudo systemctl restart nginx.service - - -### Get letsencrypt Certs - -sudo letsencrypt certonly --webroot -w /var/www/letsencrypt/.mesh/ -d ${meshdomain} -sudo letsencrypt certonly --webroot -w /var/www/letsencrypt/.rmm/ -d ${frontenddomain} -sudo letsencrypt certonly --webroot -w /var/www/letsencrypt/.api/ -d ${rmmdomain} - -### Ensure letsencrypt Permissions are correct -sudo chown ${USER}:${USER} -R /etc/letsencrypt -sudo chmod 775 -R /etc/letsencrypt - -### Set variables for new certs - -CERT_PRIV_KEY_API=/etc/letsencrypt/live/${rmmdomain}/privkey.pem -CERT_PUB_KEY_API=/etc/letsencrypt/live/${rmmdomain}/fullchain.pem -CERT_PRIV_KEY_RMM=/etc/letsencrypt/live/${frontenddomain}/privkey.pem -CERT_PUB_KEY_RMM=/etc/letsencrypt/live/${frontenddomain}/fullchain.pem -CERT_PRIV_KEY_MESH=/etc/letsencrypt/live/${meshdomain}/privkey.pem -CERT_PUB_KEY_MESH=/etc/letsencrypt/live/${meshdomain}/fullchain.pem - -### Replace certs in files - -rmmlocalsettings="$(cat << EOF -CERT_FILE = "${CERT_PUB_KEY_API}" -KEY_FILE = "${CERT_PRIV_KEY_API}" -EOF -)" -echo "${rmmlocalsettings}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null - -sudo sed -i "s|${CERT_PRIV_KEY}|${CERT_PRIV_KEY_API}|g" /etc/nginx/sites-available/rmm.conf -sudo sed -i "s|${CERT_PUB_KEY}|${CERT_PUB_KEY_API}|g" /etc/nginx/sites-available/rmm.conf -sudo sed -i "s|${CERT_PRIV_KEY}|${CERT_PRIV_KEY_MESH}|g" /etc/nginx/sites-available/meshcentral.conf -sudo sed -i "s|${CERT_PUB_KEY}|${CERT_PUB_KEY_MESH}|g" /etc/nginx/sites-available/meshcentral.conf -sudo sed -i "s|${CERT_PRIV_KEY}|${CERT_PRIV_KEY_RMM}|g" /etc/nginx/sites-available/frontend.conf -sudo sed -i "s|${CERT_PUB_KEY}|${CERT_PUB_KEY_RMM}|g" /etc/nginx/sites-available/frontend.conf - -### Remove Wildcard Cert - -rm -r /etc/letsencrypt/live/${rootdomain}/ -rm -r /etc/letsencrypt/archive/${rootdomain}/ -rm /etc/letsencrypt/renewal/${rootdomain}.conf - - -### Regenerate Nats Conf -cd /rmm/api/tacticalrmm -source ../env/bin/activate -python manage.py reload_nats - -### Restart services - -for i in rmm celery celerybeat nginx nats nats-api -do -printf >&2 "${GREEN}Restarting ${i} service...${NC}\n" -sudo systemctl restart ${i} -done - - -###Renew certs can be done by sudo letsencrypt renew (this should automatically be in /etc/cron.d/certbot) -``` - -### Using your own certs with Docker - -Let's Encrypt is the only officially supported method of obtaining wildcard certificates. Publicly signed certificates should work but have not been fully tested. - -If you are providing your own publicly signed certificates, ensure you download the **full chain** (combined CA/Root + Intermediary) certificate in pem format. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. - -## Restricting Access to rmm.EXAMPLE.COM - -Limit access to Tactical RMM's administration panel in nginx to specific locations - -### Using DNS - -1. Create a file allowed-domain.list which contains the DNS names you want to grant access to your rmm: - - Edit `/etc/nginx/allowed-domain.list` and add - - nom1.dyndns.tv - nom2.dyndns.tv - -2. Create a bash script domain-resolver.sh which do the DNS lookups for you: - - Edit `/etc/nginx/domain-resolver.sh` - - #!/usr/bin/env bash - filename="$1" - while read -r line - do - ddns_record="$line" - if [[ ! -z $ddns_record ]]; then - resolved_ip=getent ahosts $line | awk '{ print $1 ; exit }' - if [[ ! -z $resolved_ip ]]; then - echo "allow $resolved_ip;# from $ddns_record" - fi - fi - done < "$filename" - -3. Give the right permission to this script `chmod +x /etc/nginx/domain-resolver.sh` - -4. Add a cron job which produces a valid nginx configuration and restarts nginx: - - `/etc/cron.hourly/domain-resolver` - - #!/usr/bin/env bash - /etc/nginx/domain-resolver.sh /etc/nginx/allowed-domain.list > /etc/nginx//allowed-ips-from-domains.conf - service nginx reload > /dev/null 2>&1 - - This can be a hourly, daily or monthly job or you can have it run at a specific time. - -5. Give the right permission to this script chmod +x /etc/cron.hourly/domain-resolver - -6. When run it will give something like this - - Edit `/etc/nginx//allowed-ips-from-domains.conf` - - allow xxx.xxx.xxx.xxx;# from maison.nom1.dyndns.tv - allow xxx.xxx.xxx.xxx;# from maison.nom2.dyndns.tv - -7. Update your nginx configuration to take this output into account: - - Edit `/etc/nginx/sites-enabled/frontend.conf` - - server { - server_name rmm.example.com; - charset utf-8; - location / { - root /var/www/rmm/dist; - try_files $uri $uri/ /index.html; - add_header Cache-Control "no-store, no-cache, must-revalidate"; - add_header Pragma "no-cache"; - } - error_log /var/log/nginx/frontend-error.log; - access_log /var/log/nginx/frontend-access.log; - include /etc/nginx/allowed-ips-from-domains.conf; - deny all; - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; - } - - server { - if ($host = rmm.example.com) { - return 301 https://$host$request_uri; - } - - listen 80; - listen [::]:80; - server_name rmm.example.com; - return 404; - } - -### Using a fixed IP - -1. Create a file containg the fixed IP address (where xxx.xxx.xxx.xxx must be replaced by your real IP address) - - Edit `/etc/nginx//allowed-ips.conf` - - # Private IP address - allow 192.168.0.0/16; - allow 172.16.0.0/12; - allow 10.0.0.0/8; - # Public fixed IP address - allow xxx.xxx.xxx.xxx - -2. Update your nginx configuration to take this output into account: - - Edit `/etc/nginx/sites-enabled/frontend.conf` - - server { - server_name rmm.example.com; - charset utf-8; - location / { - root /var/www/rmm/dist; - try_files $uri $uri/ /index.html; - add_header Cache-Control "no-store, no-cache, must-revalidate"; - add_header Pragma "no-cache"; - } - error_log /var/log/nginx/frontend-error.log; - access_log /var/log/nginx/frontend-access.log; - include /etc/nginx/allowed-ips; - deny all; - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; - } - - server { - if ($host = rmm.example.com) { - return 301 https://$host$request_uri; - } - - listen 80; - listen [::]:80; - server_name rmm.example.com; - return 404; - } - - - - - -## Apache Proxy -howto - proxy on apache -### TRMM SERVER -edit file /etc/nginx/sites-available/rmm.conf -add the lines from 'real_ip' module inside server tag: - - - set_real_ip_from 192.168.0.200; #IP Address of your apache proxy - real_ip_header X-Forwarded-For; - -restart nginx - - systemctl restart nginx.service - -### APACHE -enable ssl proxy, rewriteEngine. -set proxy to preserve host. -set upgrade rule to websocket. -set proxypass rules redirecting to rmm location - -on your apache ssl config -example: - - - ServerName rmm.blablabla.com.br:443 - ServerAlias mesh.blablabla.com.br:443 api.blablabla.com.br:443 - SSLEngine on - - SSLCertificateFile "C:/Apache24/conf/ssl-rmm.blablabla.com.br/_.blablabla.com.br-chain.pem" - SSLCertificateKeyFile "C:/Apache24/conf/ssl-rmm.blablabla.com.br/_.blablabla.com.br-key.pem" - - SSLProxyEngine on - - RewriteEngine On - ProxyPreserveHost On - - # When Upgrade:websocket header is present, redirect to ws - # Using NC flag (case-insensitive) as some browsers will pass Websocket - RewriteCond %{HTTP:Upgrade} =websocket [NC] - RewriteRule ^/(.*) wss://192.168.0.212/$1 [P,L] - - ProxyPass "/" "https://192.168.0..212/" retry=3 - ProxyPassReverse "/" "https://192.168.0.212/" retry=3 - - BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - - - -### Updating certificate: -Im my case, auto DNS Challenge from apache, so every time we get new cert files, it must be copied inside rmm too. -just overwrite default location: -/etc/letsencrypt/archive/blablablabla -or change certs location on nginx conf to whatever you want. - -## nginx Proxy - -Having mesh connection issues? - -See page 30. - - diff --git a/docs/docs/unsupported_synology_docker_install.md b/docs/docs/unsupported_synology_docker_install.md deleted file mode 100644 index 9eded7c8..00000000 --- a/docs/docs/unsupported_synology_docker_install.md +++ /dev/null @@ -1,38 +0,0 @@ -# Installing on Synology NAS using docker install - -## Docker Setup - -While a docker install is supported, trying to help someone get it working on their own Synology NAS is not. But here's how you do it! - -- Follow the [standard docker install](./install_docker.md) documentation. -- Once the `docker-compose` file is downloaded, edit it and modify the ports used by the nginx server to custom ports (`13180` and `13443` in the example below) - -![syno ports](images/synology_docker_ports.jpg) - -## Setup the reverse proxy - -Go to **Login Portal > Advanced > Reverse Proxy** in the Control Panel - -Create 2 entries for each tactical DNS entries, one for the HTTP port & one for the HTTPS - -![syno reverse](images/synology_docker_reverse.jpg) - -For the entries related to the mesh, add some custom headers and adjust the proxy timeout connection - -![syno reverse detail](images/synology_docker_reverse_details1.jpg) - -![syno reverse detail](images/synology_docker_reverse_details2.jpg) - -## Bonus: SSL Certificate - -In regards to the certificate, I followed this [tutorial](https://www.nas-forum.com/forum/topic/68046-tuto-certificat-lets-encrypt-avec-acmesh-api-ovh-en-docker-dsm67-update-180621) (in french but still clear after translation) to automatically update it and manually updating it on the NAS and in TRMM - -```bash -docker exec Acme sh -c "acme.sh --issue --keylength 4096 -d '*.EXAMPLE.COM' --dns dns_provider" -sed -i '/CERT_PUB_KEY/d' /path/to/tactical/.env -sed -i '/CERT_PRIV_KEY/d' /path/to/tactical/.env -echo "CERT_PUB_KEY=$(sudo base64 -w 0 /volume1/docker/acme/\*.EXAMPLE.COM/fullchain.cer)" >> /path/to/tactical/.env -echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /volume1/docker/acme/\*.EXAMPLE.COM/*.whitesnew.com.key)" >> /path/to/tactical/.env -docker exec Acme sh -c "acme.sh --deploy -d '*.EXAMPLE.COM' --deploy-hook synology_provider" -docker-compose -f /path/to/tactical/docker-compose.yml restart -``` diff --git a/docs/docs/update_agents.md b/docs/docs/update_agents.md deleted file mode 100644 index 266631ab..00000000 --- a/docs/docs/update_agents.md +++ /dev/null @@ -1,45 +0,0 @@ -# Updating Agents - -!!!warning - The agent's version is directly tied to the RMM's version.

- For example, currently RMM version 0.4.17 is compatible with agent version 1.4.6 and lower.

- You should never attempt to manually update an agent to a newer version without first making sure your RMM is on the latest version. - -## Updating from the Web UI - -Agents will automatically self update themselves if you have auto self update enabled in **Settings > Global Settings** - -![autoagentupdate](images/autoagentupdate.png) - -There is a background job that runs every hour, at 35 minutes past the hour and sends any online agents an update command if it detects they are on an older version. - -You can also trigger this background job to run on demand by clicking **Agents > Update Agents** in the web UI: - -![manualagentupdate](images/manualagentupdate.png) - -You can individually choose which agents to update, or simply Select All. - -The RMM will automatically skip any agents that don't need updating. - -You can trigger this manual agent update anytime you want. It is safe to spam, and won't run if an agent update task is already running. - -It will also make sure agents update to the correct version, in case they are an older version that cannot be directly upgraded to the latest version. - -For example, agents older than version 1.3.0 must first be updated to 1.3.0 before they can go any further. - -## Manually updating from the command line on the agent - -You should never need to do this but might be needed to troubleshoot agents that are not updating automatically. - -Download the `winagent-vX.X.X.exe` executable from the [github releases page](https://github.com/wh1te909/rmmagent/releases) and place it somewhere on the filesystem. - -Open CMD as admin and call the exe like so: - -```cmd -C:\Windows\Temp>winagent-vX.X.X.exe /VERYSILENT /LOG=agentupdate.txt -``` - -This command will return immediately since it spawns a background process to run the update. -The agent will take around 30 seconds to fully update. - -You can check the `agentupdate.txt` log file that is created for troubleshooting. diff --git a/docs/docs/update_docker.md b/docs/docs/update_docker.md deleted file mode 100644 index e170c808..00000000 --- a/docs/docs/update_docker.md +++ /dev/null @@ -1,39 +0,0 @@ -# Updating the RMM (Docker) - -## Updating to the latest RMM version - -!!!question - You have a [backup](https://docs.docker.com/desktop/backup-and-restore/) right? - -Tactical RMM updates the docker images on every release and should be available within a few minutes - -SSH into your server as a root user and run the below commands: - -```bash -cd [dir/with/compose/file] -mv docker-compose.yml docker-compose.yml.old -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml -sudo docker-compose pull -sudo docker-compose down -sudo docker-compose up -d --remove-orphans -``` - -## Keeping your Let's Encrypt certificate up to date - -To renew your Let's Encrypt wildcard cert, run the following command, replacing `example.com` with your domain and `admin@example.com` with your email: - -```bash -sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m admin@example.com --no-eff-email -``` - -Verify the domain with the TXT record. Once issued, run the below commands to base64 encode the certificates and add them to the .env file - -```bash -echo "CERT_PUB_KEY=$(sudo base64 -w 0 /etc/letsencrypt/live/${rootdomain}/fullchain.pem)" >> .env -echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /etc/letsencrypt/live/${rootdomain}/privkey.pem)" >> .env -``` - -!!!warning - You must remove the old and any duplicate entries for CERT_PUB_KEY and CERT_PRIV_KEY in the .env file - -Now run `sudo docker-compose restart` and the new certificate will be in effect diff --git a/docs/docs/update_server.md b/docs/docs/update_server.md deleted file mode 100644 index bd766cbb..00000000 --- a/docs/docs/update_server.md +++ /dev/null @@ -1,95 +0,0 @@ -# Updating the RMM - -## Keeping your linux server up to date - -You should periodically run `sudo apt update` and `sudo apt -y upgrade` to keep your server up to date. - -Other than this, you should avoid making any changes to your server and let the `update.sh` script handle everything else for you. - -## Updating to the latest RMM version - -!!!danger - Do __not__ attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers. - - Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this. - - You should also **never** attempt to automate running the update script via cron. - - The update script will update itself if needed to the latest version when you run it, and then prompt you to run it again. - - Sometimes, manual intervention will be required during an update in the form of yes/no prompts, so attempting to automate this will ignore these prompts and cause your installation to break. - -SSH into your server as the linux user you created during install (eg `tactical`). - -!!!danger - __Never__ run any update scripts or commands as the `root` user. - - This will mess up permissions and break your installation. - -!!!question - You have a [backup](backup.md) right? - -Download the update script and run it: - -```bash -wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh -chmod +x update.sh -./update.sh -``` - -If you are already on the latest version, the update script will notify you of this and return immediately. - -You can pass the optional `--force` flag to the update script to forcefully run through an update, which will bypass the check for latest version. - -```bash -./update.sh --force -``` - -This is useful for a botched update that might have not completed fully. - -The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user. - -!!!warning - Do __not__ attempt to manually update MeshCentral to a newer version. - - You should let the `update.sh` script handle this for you. - - The developers will test MeshCentral and make sure integration does not break before bumping the mesh version. - -## Keeping your Let's Encrypt certificate up to date - -!!!info - Currently, the update script does not automatically renew your Let's Encrypt wildcard certificate, which expires every 3 months, since this is non-trivial to automate using the DNS TXT record method. - -To renew your Let's Encrypt wildcard cert, run the following command, replacing `example.com` with your domain and `admin@example.com` with your email: - -```bash -sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m admin@example.com --no-eff-email -``` - -Same instructions as during install for [verifying the TXT record](install_server.md#deploy-the-txt-record-in-your-dns-manager) has propagated before hitting ++enter++. - -After this you have renewed the cert, simply run the `update.sh` script, passing it the `--force` flag. - -```bash -./update.sh --force -``` - -## Keep an eye on your disk space - -If you're running low, shrink you database - -1. Choose *Tools menu > Server Maintenance > Prune DB Tables* - -2. At server command prompt run - -```bash -sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_auditlog" -sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_pendingaction" -``` - -## Video Walkthru - -
- -
diff --git a/docs/migration-0.3.0.md b/docs/migration-0.3.0.md deleted file mode 100644 index 22bea7c5..00000000 --- a/docs/migration-0.3.0.md +++ /dev/null @@ -1,260 +0,0 @@ -### Upgrading to Tactical RMM 0.3.0 -- Some of these steps may not apply to you depending on when you installed but please go through all of them just to make sure you have all. - -1. stop all services -```bash -for i in salt-master salt-api rmm celery celerybeat celery-winupdate meshcentral nginx; do sudo systemctl stop $i; done -``` - -2. Edit `/etc/nginx/sites-available/rmm.conf` and add the following location block. You can add it right after the `location /builtin/ {...}` block. This file needs to be opened with sudo -```bash -location ~ ^/(natsapi) { - allow 127.0.0.1; - deny all; - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 500s; - uwsgi_ignore_client_abort on; -} -``` - -Add the following to the top of the file right under the `upstream tacticalrmm {...}` block -```bash -map $http_user_agent $ignore_ua { - "~python-requests.*" 0; - "~go-resty.*" 0; - default 1; -} -``` - -Look for this line -```bash -access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log; -``` -and change to -```bash -access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=$ignore_ua; -``` - -Example of what entire file should look like: -```bash -server_tokens off; - -upstream tacticalrmm { - server unix:////rmm/api/tacticalrmm/tacticalrmm.sock; -} - -map $http_user_agent $ignore_ua { - "~python-requests.*" 0; - "~go-resty.*" 0; - default 1; -} - -server { - listen 80; - server_name api.EXAMPLE.COM; - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl; - server_name api.EXAMPLE.COM; - client_max_body_size 300M; - access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=$ignore_ua; - error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log; - ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem; - ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; - - location /static/ { - root /rmm/api/tacticalrmm; - } - - location /private/ { - internal; - add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.COM"; - alias /rmm/api/tacticalrmm/tacticalrmm/private/; - } - - location /saltscripts/ { - internal; - add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.COM"; - alias /srv/salt/scripts/userdefined/; - } - - location /builtin/ { - internal; - add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.COM"; - alias /srv/salt/scripts/; - } - - location ~ ^/(natsapi) { - allow 127.0.0.1; - deny all; - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 9999s; - uwsgi_ignore_client_abort on; - } - - location / { - uwsgi_pass tacticalrmm; - include /etc/nginx/uwsgi_params; - uwsgi_read_timeout 9999s; - uwsgi_ignore_client_abort on; - } -} -``` - -3. Edit `/etc/nginx/sites-available/meshcentral.conf` and change to match the example below. Don't forget to replace `mesh.EXAMPLE.COM` with your mesh domain. This file needs to be opened with sudo -```bash -server { - listen 80; - server_name mesh.EXAMPLE.COM; - return 301 https://$server_name$request_uri; -} - -server { - listen 443 ssl; - proxy_send_timeout 330s; - proxy_read_timeout 330s; - server_name mesh.EXAMPLE.COM; - ssl_certificate /etc/letsencrypt/live/EXAMPLE.COM/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.COM/privkey.pem; - ssl_session_cache shared:WEBSSL:10m; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://127.0.0.1:4430/; - proxy_http_version 1.1; - - proxy_set_header Host $host; ## this line is new - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host $host:$server_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} -``` - -4. Edit `/meshcentral/meshcentral-data/config.json` and change to match the example below. Replace `mesh.EXAMPLE.COM` with your mesh domain. After editing, use a json linter like `https://jsonlint.com/` to verify no syntax errors, otherwise meshcentral will fail to start. -``` -{ - "settings": { - "Cert": "mesh.EXAMPLE.COM", - "MongoDb": "mongodb://127.0.0.1:27017", - "MongoDbName": "meshcentral", - "WANonly": true, - "Minify": 1, - "Port": 4430, - "AliasPort": 443, - "RedirPort": 800, - "AllowLoginToken": true, - "AllowFraming": true, - "_AgentPing": 60, - "AgentPong": 200, - "AllowHighQualityDesktop": true, - "TlsOffload": "127.0.0.1", - "agentCoreDump": false, - "Compression": true, - "WsCompression": true, - "AgentWsCompression": true, - "MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 } - }, - "domains": { - "": { - "Title": "Tactical RMM", - "Title2": "Tactical RMM", - "NewAccounts": false, - "CertUrl": "https://mesh.EXAMPLE.COM:443/", - "GeoLocation": true, - "CookieIpCheck": false, - "mstsc": true - } - } -} -``` - -5. Replace `/rmm/api/tacticalrmm/app.ini` with the following: -```bash -[uwsgi] - -chdir = /rmm/api/tacticalrmm -module = tacticalrmm.wsgi -home = /rmm/api/env -master = true -processes = 6 -threads = 6 -enable-threads = True -socket = /rmm/api/tacticalrmm/tacticalrmm.sock -harakiri = 300 -chmod-socket = 666 -# clear environment on exit -vacuum = true -die-on-term = true -max-requests = 500 -max-requests-delta = 1000 -``` - -6. Replace `/etc/salt/master.d/rmm-salt.conf` with the following. This file needs to be opened with sudo -``` -timeout: 20 -gather_job_timeout: 25 -max_event_size: 30485760 -external_auth: - pam: - saltapi: - - .* - - '@runner' - - '@wheel' - - '@jobs' - -rest_cherrypy: - port: 8123 - disable_ssl: True - max_request_body_size: 30485760 -``` - -7. Edit `/etc/conf.d/celery.conf` and `/etc/conf.d/celery-winupdate.conf` and change -``` -CELERYD_LOG_LEVEL="INFO" -``` -to -``` -CELERYD_LOG_LEVEL="ERROR" -``` - -8. Clear log files -```bash -baselog="/rmm/api/tacticalrmm/tacticalrmm/private/log" -for i in ${baselog}/access.log ${baselog}/error.log ${baselog}/debug.log ${baselog}/uwsgi.log; do sudo rm -f $i; done -sudo rm -f /var/log/celery/* -``` - -9. Verify nginx syntax is correct. If any errors check steps above and fix nginx configs -``` -sudo nginx -t -``` - -10. Edit `/etc/hosts` and make sure the line starting with 127.0.1.1 or 127.0.0.1 has your 3 subdomains in it like this: -```bash -127.0.0.1 localhost -127.0.1.1 yourservername api.EXAMPLE.COM rmm.EXAMPLE.COM mesh.EXAMPLE.COM -``` - -11. Start services -```bash -for i in rmm celery celerybeat celery-winupdate salt-master salt-api nginx meshcentral; do sudo systemctl start $i; done -``` - -12. Delete whatever `update.sh` script you currently have and download the latest one and run it -```bash -wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh -chmod +x update.sh -./update.sh -``` - - - diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml deleted file mode 100644 index c8ff9081..00000000 --- a/docs/mkdocs.yml +++ /dev/null @@ -1,103 +0,0 @@ -site_name: "Tactical RMM Documentation" -nav: - - Home: index.md - - Sponsor: sponsor.md - - Code Signing: code_signing.md - - RMM Server Installation: - - "Install Considerations": install_considerations.md - - "Traditional Install": install_server.md - - "Docker Install": install_docker.md - - RMM Server Updating: - - "Updating the RMM": update_server.md - - "Updating the RMM (Docker)": update_docker.md - - Agents: - - "Agent Installation": install_agent.md - - "Updating Agents": update_agents.md - - Functionality: - - "How it all Works": howitallworks.md - - "Alerting": functions/alerting.md - - "API Access": functions/api.md - - "Automated Tasks": functions/automated_tasks.md - - "Custom Fields": functions/custom_fields.md - - "Database Maintenance": functions/database_maintenance.md - - "Django Admin": functions/django_admin.md - - "Global Keystore": functions/keystore.md - - "Maintenance Mode": functions/maintenance_mode.md - - "Permissions": functions/permissions.md - - "Remote Background": functions/remote_bg.md - - "Settings Override": functions/settings_override.md - - "Scripting": functions/scripting.md - - "URL Actions": functions/url_actions.md - - "User Interface Preferences": functions/user_ui.md - - "Reference: Script Variables": script_variables.md - - "Examples": functions/examples.md - - Backup: backup.md - - Restore: restore.md - - Antivirus Exclusions: av.md - - Troubleshooting: troubleshooting.md - - FAQ: faq.md - - Management Commands: management_cmds.md - - MeshCentral Integration: mesh_integration.md - - 3rd Party Integrations: - - "Grafana": 3rdparty_grafana.md - - "AnyDesk": 3rdparty_anydesk.md - - "Connectwise Control / Screenconnect": 3rdparty_screenconnect.md - - "Splashtop": 3rdparty_splashtop.md - - "TeamViewer": 3rdparty_teamviewer.md - - "BitDefender GravityZone": 3rdparty_bitdefender_gravityzone.md - - Unsupported Extras: - - "Unsupported Guidelines": unsupported_guidelines.md - - "Unsupported Configs": unsupported_scripts.md - - "Securing nginx": securing_nginx.md - - "Installing in Synology docker": unsupported_synology_docker_install.md - - Tips n' Tricks: tipsntricks.md - - Contributing: - - "Contributing to Docs": contributing.md - - "Contributing to Community Scripts": contributing_community_scripts.md - - "Contributing using VSCode": contributing_using_vscode.md - - "Contributing using Docker": contributing_using_docker.md - - "Contributing using a Remote Server": contributing_using_a_remote_server.md - - Security: security.md - - License: license.md -site_description: "A remote monitoring and management tool" -site_author: "wh1te909" -site_url: "https://wh1te909.github.io/tacticalrmm/" - -dev_addr: "0.0.0.0:8005" - -# Repository -repo_name: "wh1te909/tacticalrmm" -repo_url: "https://github.com/wh1te909/tacticalrmm" -edit_uri: "" - -theme: - name: "material" - logo: "images/onit.ico" - favicon: "images/favicon.ico" - language: "en" - palette: - primary: "white" - accent: "indigo" - features: -extra_css: - - stylesheets/extra.css -extra: - social: - - icon: fontawesome/brands/github - link: "https://github.com/wh1te909/tacticalrmm" - -markdown_extensions: - - pymdownx.keys - - pymdownx.inlinehilite - - admonition - - pymdownx.details - - codehilite: - guess_lang: false - - toc: - permalink: true - - pymdownx.emoji: - emoji_index: !!python/name:materialx.emoji.twemoji - emoji_generator: !!python/name:materialx.emoji.to_svg - - pymdownx.superfences - - pymdownx.tabbed: - alternate_style: true diff --git a/install.sh b/install.sh index 9bda6d8c..5a8a55fc 100644 --- a/install.sh +++ b/install.sh @@ -1,7 +1,7 @@ #!/bin/bash SCRIPT_VERSION="59" -SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh' +SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh' sudo apt install -y curl wget dirmngr gnupg lsb-release @@ -240,7 +240,7 @@ sudo mkdir /rmm sudo chown ${USER}:${USER} /rmm sudo mkdir -p /var/log/celery sudo chown ${USER}:${USER} /var/log/celery -git clone https://github.com/wh1te909/tacticalrmm.git /rmm/ +git clone https://github.com/amidaware/tacticalrmm.git /rmm/ cd /rmm git config user.email "admin@example.com" git config user.name "Bob" diff --git a/restore.sh b/restore.sh index f489fc55..df1a7bcd 100755 --- a/restore.sh +++ b/restore.sh @@ -1,7 +1,7 @@ #!/bin/bash SCRIPT_VERSION="34" -SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh' +SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/restore.sh' sudo apt update sudo apt install -y curl wget dirmngr gnupg lsb-release @@ -215,7 +215,7 @@ sudo mkdir /rmm sudo chown ${USER}:${USER} /rmm sudo mkdir -p /var/log/celery sudo chown ${USER}:${USER} /var/log/celery -git clone https://github.com/wh1te909/tacticalrmm.git /rmm/ +git clone https://github.com/amidaware/tacticalrmm.git /rmm/ cd /rmm git config user.email "admin@example.com" git config user.name "Bob" diff --git a/update.sh b/update.sh index 13ad4a2b..8a1ea666 100644 --- a/update.sh +++ b/update.sh @@ -1,8 +1,8 @@ #!/bin/bash SCRIPT_VERSION="130" -SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh' -LATEST_SETTINGS_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py' +SCRIPT_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/update.sh' +LATEST_SETTINGS_URL='https://raw.githubusercontent.com/amidaware/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py' YELLOW='\033[1;33m' GREEN='\033[0;32m' RED='\033[0;31m' diff --git a/web/src/components/FileBar.vue b/web/src/components/FileBar.vue index 4b82ff25..74a23a8c 100644 --- a/web/src/components/FileBar.vue +++ b/web/src/components/FileBar.vue @@ -230,16 +230,16 @@ export default { let url; switch (mode) { case "github": - url = "https://github.com/wh1te909/tacticalrmm/"; + url = "https://github.com/amidaware/tacticalrmm/"; break; case "docs": - url = "https://wh1te909.github.io/tacticalrmm/"; + url = "https://docs.tacticalrmm.com"; break; case "bug": - url = "https://github.com/wh1te909/tacticalrmm/issues/new?template=bug_report.md"; + url = "https://github.com/amidaware/tacticalrmm/issues/new?template=bug_report.md"; break; case "feature": - url = "https://github.com/wh1te909/tacticalrmm/issues/new?template=feature_request.md"; + url = "https://github.com/amidaware/tacticalrmm/issues/new?template=feature_request.md"; break; case "discord": url = "https://discord.gg/upGTkWp"; diff --git a/web/src/layouts/MainLayout.vue b/web/src/layouts/MainLayout.vue index 614c07d4..8d75cc5a 100644 --- a/web/src/layouts/MainLayout.vue +++ b/web/src/layouts/MainLayout.vue @@ -138,7 +138,7 @@ export default { const latestReleaseURL = computed(() => { return latestTRMMVersion.value - ? `https://github.com/wh1te909/tacticalrmm/releases/tag/v${latestTRMMVersion.value}` + ? `https://github.com/amidaware/tacticalrmm/releases/tag/v${latestTRMMVersion.value}` : ""; });