Update to documentation after 0.4.1 release

jmpsec · Nov 4, 2024 · 89384d3 · 89384d3
1 parent b29a1ca
commit 89384d3
Show file tree

Hide file tree

Showing 55 changed files with 11,710 additions and 1,253 deletions.
diff --git a/content/usage/osctrl-admin/_index.md b/content/usage/osctrl-admin/_index.md
@@ -7,18 +7,18 @@ pre = ""
 
 `osctrl-admin` is the Admin service for **osctrl**.
 
-Execute `./osctrl-admin -h` to show the main help of the program:
+Execute `./osctrl-admin help` to show the main help of the program:
 
 ```properties
-$ ./osctrl-admin -h
+$ ./osctrl-admin help
 NAME:
    osctrl-admin - Admin service for osctrl, a fast and efficient osquery management
 
 USAGE:
    osctrl-admin [global options] command [command options] [arguments...]
 
 VERSION:
-   0.3.7
+   0.4.1
 
 DESCRIPTION:
    Admin service for osctrl, a fast and efficient osquery management
@@ -53,6 +53,7 @@ GLOBAL OPTIONS:
    --db-name value                  Database name to be used in the backend (default: "osctrl") [$DB_NAME]
    --db-user value                  Username to be used for the backend (default: "postgres") [$DB_USER]
    --db-pass value                  Password to be used for the backend (default: "postgres") [$DB_PASS]
+   --db-sslmode value               SSL native support to encrypt the connection to the backend (default: "disable") [$DB_SSLMODE]
    --db-max-idle-conns value        Maximum number of connections in the idle connection pool (default: 20) [$DB_MAX_IDLE_CONNS]
    --db-max-open-conns value        Maximum number of open connections to the database (default: 100) [$DB_MAX_OPEN_CONNS]
    --db-conn-max-lifetime value     Maximum amount of time a connection may be reused (default: 30) [$DB_CONN_MAX_LIFETIME]
@@ -65,8 +66,8 @@ GLOBAL OPTIONS:
    --jwt-file FILE                  Load JWT configuration from FILE (default: "config/jwt.json") [$JWT_CONFIG_FILE]
    --jwt-secret value               Password to be used for the backend [$JWT_SECRET]
    --jwt-expire value               Maximum amount of hours for the tokens to expire (default: 3) [$JWT_EXPIRE]
-   --osquery-version value          Set osquery version as default to be used (default: "5.12.1") [$OSQUERY_VERSION]
-   --osquery-tables FILE            Load osquery tables schema from FILE (default: "data/5.12.1.json") [$OSQUERY_TABLES]
+   --osquery-version value          Set osquery version as default to be used (default: "5.13.1") [$OSQUERY_VERSION]
+   --osquery-tables FILE            Load osquery tables schema from FILE (default: "data/5.13.1.json") [$OSQUERY_TABLES]
    --logger-file value, -F value    Logger configuration to handle status/results logs from nodes (default: "config/logger.json") [$LOGGER_FILE]
    --logger-db-same                 Use the same DB configuration for the logger (default: false) [$LOGGER_DB_SAME]
    --static value, -s value         Directory with all the static files needed for the osctrl-admin UI (default: "./static") [$STATIC_FILES]

diff --git a/content/usage/osctrl-api/_index.md b/content/usage/osctrl-api/_index.md
@@ -7,18 +7,18 @@ pre = ""
 
 `osctrl-api` is the API service for **osctrl**.
 
-Execute `./osctrl-api -h` to show the main help of the program:
+Execute `./osctrl-api help` to show the main help of the program:
 
 ```properties
-$ ./osctrl-api -h
+$ ./osctrl-api help
 NAME:
    osctrl-api - API service for osctrl, a fast and efficient osquery management
 
 USAGE:
    osctrl-api [global options] command [command options] [arguments...]
 
 VERSION:
-   0.3.7
+   0.4.1
 
 DESCRIPTION:
    API service for osctrl, a fast and efficient osquery management
@@ -49,6 +49,7 @@ GLOBAL OPTIONS:
    --db-name value                  Database name to be used in the backend (default: "osctrl") [$DB_NAME]
    --db-user value                  Username to be used for the backend (default: "postgres") [$DB_USER]
    --db-pass value                  Password to be used for the backend (default: "postgres") [$DB_PASS]
+   --db-sslmode value               SSL native support to encrypt the connection to the backend (default: "disable") [$DB_SSLMODE]
    --db-max-idle-conns value        Maximum number of connections in the idle connection pool (default: 20) [$DB_MAX_IDLE_CONNS]
    --db-max-open-conns value        Maximum number of open connections to the database (default: 100) [$DB_MAX_OPEN_CONNS]
    --db-conn-max-lifetime value     Maximum amount of time a connection may be reused (default: 30) [$DB_CONN_MAX_LIFETIME]

diff --git a/content/usage/osctrl-cli/_index.md b/content/usage/osctrl-cli/_index.md
@@ -7,18 +7,18 @@ pre = ""
 
 `osctrl-cli` is the CLI for **osctrl**. Its purpose is to execute actions in **osctrl** without having to access directly the backend or use the admin interface. It can be very handy to automate actions in scripts or similar.
 
-Execute `./osctrl-cli -h` to show the main help of the program:
+Execute `./osctrl-cli help` to show the main help of the program:
 
 ```properties
-$ ./osctrl-cli -h
+$ ./osctrl-cli help
 NAME:
    osctrl-cli - CLI for osctrl
 
 USAGE:
    osctrl-cli [global options] command [command options] [arguments...]
 
 VERSION:
-   0.3.7
+   0.4.1
 
 DESCRIPTION:
    CLI for osctrl, a fast and efficient osquery management

diff --git a/content/usage/osctrl-cli/carve/_index.md b/content/usage/osctrl-cli/carve/_index.md
@@ -0,0 +1,130 @@
++++
+title = "carve"
+date = 2024-11-04T12:21:37+01:00
+weight = 8
+pre = ""
++++
+
+### Carve
+
+```properties
+$ ./osctrl-cli carve -h
+NAME:
+   osctrl-cli carve - Commands for file carves
+
+USAGE:
+   osctrl-cli carve command [command options] [arguments...]
+
+COMMANDS:
+   complete, c      Mark an file carve query as completed
+   delete, d        Mark a file carve query as deleted
+   expire, e        Mark a file carve query as expired
+   run, r           Start a new carve for a file or a directory
+   list, l          List file carves
+   list-queries, l  List file carves queries
+   help, h          Shows a list of commands or help for one command
+
+OPTIONS:
+   --help, -h  show help
+```
+
+#### Complete carve
+
+```properties
+$ ./osctrl-cli carve complete -h
+NAME:
+   osctrl-cli carve complete - Mark an file carve query as completed
+
+USAGE:
+   osctrl-cli carve complete [command options] [arguments...]
+
+OPTIONS:
+   --name value, -n value  Carve name to be completed
+   --env value, -e value   Environment to be used
+   --help, -h              show help
+```
+
+#### Delete carve
+
+```properties
+$ ./osctrl-cli carve delete -h
+NAME:
+   osctrl-cli carve delete - Mark a file carve query as deleted
+
+USAGE:
+   osctrl-cli carve delete [command options] [arguments...]
+
+OPTIONS:
+   --name value, -n value  Carve name to be deleted
+   --env value, -e value   Environment to be used
+   --help, -h              show help
+```
+
+#### Expire carve
+
+```properties
+$ ./osctrl-cli carve expire -h
+NAME:
+   osctrl-cli carve expire - Mark a file carve query as expired
+
+USAGE:
+   osctrl-cli carve expire [command options] [arguments...]
+
+OPTIONS:
+   --name value, -n value  Carve name to be expired
+   --env value, -e value   Environment to be used
+   --help, -h              show help
+```
+
+#### Run carve
+
+```properties
+$ ./osctrl-cli carve run -h
+NAME:
+   osctrl-cli carve run - Start a new carve for a file or a directory
+
+USAGE:
+   osctrl-cli carve run [command options] [arguments...]
+
+OPTIONS:
+   --path value, -p value        File or directory path to be carved
+   --env value, -e value         Environment to be used
+   --uuid value, -u value        Node UUID to be used
+   --expiration value, -E value  Expiration in hours (0 for no expiration) (default: 6)
+   --help, -h                    show help
+```
+
+#### List carves
+
+```properties
+$ ./osctrl-cli carve list -h
+NAME:
+   osctrl-cli carve list - List file carves
+
+USAGE:
+   osctrl-cli carve list [command options] [arguments...]
+
+OPTIONS:
+   --env value, -e value  Environment to be used
+   --help, -h             show help
+```
+
+#### List carve queries
+
+```properties
+$ ./osctrl-cli carve list-queries -h
+NAME:
+   osctrl-cli carve list-queries - List file carves queries
+
+USAGE:
+   osctrl-cli carve list-queries [command options] [arguments...]
+
+OPTIONS:
+   --all, -A              Show all file carves queries (default: false)
+   --active, -a           Show active file carves queries (default: false)
+   --completed, -c        Show completed file carves queries (default: false)
+   --expired, -E          Show expired file carves queries (default: false)
+   --deleted, -d          Show deleted file carves queries (default: false)
+   --env value, -e value  Environment to be used
+   --help, -h             show help
+```
diff --git a/content/usage/osctrl-cli/check-api/_index.md b/content/usage/osctrl-cli/check-api/_index.md
@@ -0,0 +1,22 @@
++++
+title = "check-api"
+date = 2024-11-04T12:21:37+01:00
+weight = 7
+pre = ""
++++
+
+### Check
+
+```properties
+$ ./osctrl-cli check-api -h
+NAME:
+   osctrl-cli check-api - Checks API token
+
+USAGE:
+   osctrl-cli check-api [command options] [arguments...]
+
+OPTIONS:
+   --help, -h  show help
+```
+
+Although this command may appear a bit confusing, it comes in really handy to verify when the `osctrl-api` component is ready to go and the validity of a token.
diff --git a/content/usage/osctrl-cli/check/_index.md → content/usage/osctrl-cli/check-db/_index.md b/content/usage/osctrl-cli/check/_index.md → content/usage/osctrl-cli/check-db/_index.md
@@ -1,22 +1,22 @@
 +++
-title = "check"
-date = 2019-08-17T15:24:52-07:00
+title = "check-db"
+date = 2024-11-04T12:21:37+01:00
 weight = 6
 pre = ""
 +++
 
 ### Check
 
 ```properties
-$ ./osctrl-cli check -h
+$ ./osctrl-cli check-db -h
 NAME:
-   osctrl-cli check - Checks DB connection
+   osctrl-cli check-db - Checks DB connection
 
 USAGE:
-   osctrl-cli check [command options] [arguments...]
+   osctrl-cli check-db [command options] [arguments...]
 
 OPTIONS:
-   --help, -h  show help (default: false)
+   --help, -h  show help
 ```
 
 Although this command may appear a bit confusing, it comes in really handy to verify when the backend component is ready to go.