paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs cleanup, adding new dev docs with subzdev

Browse Source
This commit is contained in:
silversword411
2021-09-10 13:46:13 -04:00
parent cf91c6c90e
commit 56d7e19968
27 changed files with 423 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/3rdparty_bitdefender_gravityzone.md
View File

@@ -31,4 +31,4 @@ Paste download link into the `bdurl` when you right click your target clients na
Right click the Agent you want to deploy to and **Run Script**. Select **BitDefender GravityZone Install** and set timeout for 1800 seconds.
**Install time will vary based on internet speed and other AV removal by BitDefender BEST deployment**
**Install time will vary based on internet speed and other AV removal by BitDefender BEST deployment**

2
docs/docs/3rdparty_grafana.md
View File

@@ -6,4 +6,4 @@ See <https://github.com/dinger1986/TRMM-Grafana>
![Example1](images/3rdparty_grafana_ex1.png)
![Example1](images/3rdparty_grafana_ex2.png)
![Example1](images/3rdparty_grafana_ex2.png)

5
docs/docs/backup.md
View File

@@ -1,8 +1,12 @@
# Backing up the RMM
!!!note
This is only applicable for the standard install, not Docker installs.
A backup script is provided for quick and easy way to backup all settings into one file to move to another server.
Download the backup script:
```bash
wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh
```
@@ -23,4 +27,3 @@ chmod +x backup.sh
The backup tar file will be saved in `/rmmbackups` with the following format:
`rmm-backup-CURRENTDATETIME.tar`

3
docs/docs/code_signing.md
View File

@@ -12,11 +12,10 @@ Please allow up to 24 hours for a response
You will then be sent a code signing auth token, which you should enter into Tactical's web UI from *Settings > Code Signing*
## How does it work?
Everytime you generate an agent or an agent does a self-update, your self-hosted instance sends a request to Tactical's code signing servers with your auth token.
If the token is valid, the server sends you back a code signed agent. If not, it sends you back the un-signed agent.
If you think your auth token has been compromised or stolen then please email support or contact wh1te909 on discord to get a new token / invalidate the old one.
If you think your auth token has been compromised or stolen then please email support or contact wh1te909 on discord to get a new token / invalidate the old one.

2
docs/docs/contributing.md
View File

@@ -1,6 +1,6 @@
# Contributing
### Contributing to the docs
## Contributing to the docs
Docs are built with [MKDocs for Material](https://squidfunk.github.io/mkdocs-material/)

33
docs/docs/contributing_community_scripts.md
View File

@@ -1,10 +1,12 @@
# Community Scripts
## Script Library Naming Conventions
### File names
### File names
Under `/scripts` the file name should generally follow this format:
```
```text
(Platform)_(Category or Function)_(What It Does).xxx
```
@@ -13,7 +15,7 @@ Under `/scripts` the file name should generally follow this format:
Platform for now are:
```
```text
Win
OSX
Linux
@@ -21,10 +23,9 @@ iOS
Android
```
Good filename examples include:
```
```text
Win_Azure_Mars_Cloud_Backup_Status.ps1
Win_AzureAD_Check_Connection_Status.ps1
Win_Network_DHCP_Set.bat
@@ -44,7 +45,7 @@ Script Manager
- Folder View (Grouped by Categories)
Run or Add script
Run or Add script
- Running scripts manually or adding tasks (or adding in Automation Manager)
@@ -53,7 +54,7 @@ Run or Add script
Make sure your Name roughly follows the order of file naming as above
```
```text
Category or Function - What It Does
```
@@ -67,12 +68,13 @@ Category or Function - What It Does
### Good Habits
- Try and make them fully self-contained.
- Try and make them fully self-contained.
- If they pull data from elsewhere, create comment notes at the top with references for others to audit/validate
- Good folder locations to use for standardized things:
```
```text
c:\ProgramData\TacticalRMM\
c:\ProgramData\TacticalRMM\scripts
c:\ProgramData\TacticalRMM\toolbox
@@ -81,9 +83,10 @@ c:\ProgramData\TacticalRMM\temp
c:\ProgramData\TacticalRMM\
```
- Command Parameters are good. Optional command parameters for extra functions are better.
- Command Parameters are good. Optional command parameters for extra functions are better.
- Add standardized Comment headers to scripts (include the first 2, more if appropriate):
```powershell
<#
.Synopsis
@@ -118,7 +121,6 @@ c:\ProgramData\TacticalRMM\
- Doesn't play well with other community scripts (reused names etc.)
*****
## Useful Reference Script Examples
@@ -142,8 +144,7 @@ Discuss/ask questions in the Discord group [here](https://discord.com/channels/7
What you can add is:
- Add standardized Comment headers per above
- Parameterize scripts where appropriate
- Add $ExitCode and error conditions as appropriate
- Contact @silversword in Discord if you need help doing Github additions/edits/adding to the community Library and have questions about [Script Library Naming Conventions](#script-library-naming-conventions)
- Add standardized Comment headers per above
- Parameterize scripts where appropriate
- Add $ExitCode and error conditions as appropriate
- Contact @silversword in Discord if you need help doing Github additions/edits/adding to the community Library and have questions about [Script Library Naming Conventions](#script-library-naming-conventions)

135
docs/docs/contributing_using_a_remote_server.md Normal file
View File

@@ -0,0 +1,135 @@
# Contributing Using a Remote Server
The below instructions are for a development server that has Tactical RMM installed and configured with a real domain. You can then use your own GitHub to push changes to and then submit a PR request to the TRMM `develop` branch (<https://github.com/wh1te909/tacticalrmm>).
!!!warning
Please do not attempt development of this kind on your production server.
## Getting Started
### 1. Install Tactical RMM per instructions
Do a [Traditional Install](https://wh1te909.github.io/tacticalrmm/install_server/)
### 2. Install VSCode
<https://code.visualstudio.com/download>
#### 2a. Install VSCode Remote SSH Development Pack
<https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack>
### 3. Connect to your remote development server
After the extension pack is installed you will have a new button at the bottom-left of VSCode. You can select it and add your remote SSH host information.
![RemoteSSH](images/Remote_SSH_connection.PNG)
### 4. Configure remote server
Configuring a remote server for development work is necessary so that as you make changes to the code base you can refresh your browse anr and thest htem them out before pushing to your GitHBUub fork to then submit a PR.
- Disable rmm and daphne services
```bash
sudo systemctl disable --now rmm.service && sudo systemctl disable --now daphne.service
```
- Open /rmm/web/.env and make it look like the following
```bash
DEV_URL = "http://api.domain.com:8000"
APP_URL = "http://rmm.domain.com:8080"
```
- Open /rmm/api/tacticalrmm/tacticalrmm/local_settings.py
```bash
remove CORS_ORIGIN_WHITELIST list
add CORS_ORIGIN_ALLOW_ALL = True
```
```bash
change DEBUG = True
```
- cd /rmm/api/tacticalrmm/
```bash
source ../env/bin/activate
```
- Install requirements
```bash
pip install -r requirements-dev.txt -r requirements-test.txt
```
- Start Django backend
```bash
python manage.py runserver 0:8000
```
- Compile quasar frontend
```bash
cd /rmm/web
npm install
quasar dev
```
- If you get quasar command not found
```bash
npm install -g @quasar/cli
```
- If you receive a CORS error when trying to log into your server via localhost or IP
```bash
rm -rf node_modules .quasar
npm install
quasar dev
```
- Make sure u are on develop branch
```bash
git checkout develop
```
### 5. Fork Project in Github
This is making a duplicate of the code under your Github that you can edit
<https://github.com/wh1te909/tacticalrmm>
![ForkIt](images/vscode-forkit.png)
### 6. Add your (forked) repo to vscode
Clone repository
Login to your Github
Remote - SSH
### 7. Configure a remote for your fork (in vscode)
<https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/configuring-a-remote-for-a-fork>
Configure your local fork and tell it where the original code repo is so you can compare and merge updates later when official repo is updated
Add upstream repo
```bash
git remote add upstream https://github.com/your username/tacticalrmm
```
git remove -v should look like the following
```bash
tacticalrmm https://github.com/yourusername/tacticalrmm (fetch)
tacticalrmm https://github.com/yourusername/tacticalrmm (push)es
```

20
docs/docs/contributing_using_docker.md
View File

@@ -1,13 +1,12 @@
# Contributing using Docker
## Install WSL2
https://docs.microsoft.com/en-us/windows/wsl/install-win10
<https://docs.microsoft.com/en-us/windows/wsl/install-win10>
## Install Docker Desktop
https://www.docker.com/products/docker-desktop
<https://www.docker.com/products/docker-desktop>
### Configure Docker
@@ -40,19 +39,19 @@ This is better
Under .devcontainer duplicate
```
```text
.env.example
```
as
as
```
```text
.env
```
Customize to your tastes (it doesn't need to be internet configured, just add records in your `hosts` file) eg
```
```conf
127.0.0.1 rmm.example.com
127.0.0.1 api.example.com
127.0.0.1 mesh.example.com
@@ -64,12 +63,12 @@ Right-click `docker-compose.yml` and choose `Compose Up`
Wait, it'll take a while as docker downloads all the modules and gets running.
## Develop!
## Develop
You're operational!
!!!note
Self-signed certs are in your dev environment. Navigate to https://api.example.com and https://rmm.example.com and accept the self signed certs to get rid of errors.
Self-signed certs are in your dev environment. Navigate to <https://api.example.com> and <https://rmm.example.com> and accept the self signed certs to get rid of errors.
### View mkdocks live edits in browser
@@ -82,4 +81,3 @@ Open: [http://rmm.example.com:8005/](http://rmm.example.com:8005/)
### View django administration
Open: [http://rmm.example.com:8000/admin/](http://rmm.example.com:8000/admin/)

22
docs/docs/contributing_using_vscode.md
View File

@@ -1,7 +1,9 @@
# Contributing Using VSCode
## Getting Started
### 1. Install vscode
[https://code.visualstudio.com/download](https://code.visualstudio.com/download)
### 2. Fork Project in Github
@@ -30,7 +32,7 @@ Remote - SSH
[https://code.visualstudio.com/docs/editor/integrated-terminal](https://code.visualstudio.com/docs/editor/integrated-terminal)
```
```text
Ctrl+`
```
@@ -42,23 +44,22 @@ Configure your local fork and tell it where the original code repo is so you can
Check repos
```
```bash
git remote -v
```
Add upstream repo
```
```bash
git remote add upstream https://github.com/wh1te909/tacticalrmm
```
Confirm changes
```
```bash
git remote -v
```
### 6. Contribute code
Make changes to something.
@@ -69,7 +70,6 @@ Make changes to something.
Open browser and look at your repo (It should reflect your commit)
#### 6a. Request your changes to be pulled into the primary repo (Pull Request)
![Changes you've made need integration with master repo](images/trmm_contribute-notice.png)
@@ -86,15 +86,16 @@ Bring changes from original repo to your local vscode copy so you're current wit
In VSCode open TERMINAL
```
```text
Ctrl+`
```
Tell git to pull from the GitHub upstream repo all new changes into your local directory
```
```bash
git pull --rebase upstream develop
```
#### 7a. Push your local updated copy to your Github fork
Then you're `push`ing that updated local repo to your online Github fork
@@ -106,6 +107,7 @@ Then you're `push`ing that updated local repo to your online Github fork
Check your Github fork in browser, should be up to date now with original. Repeat 6 or 7 as necessary
*****
## Reference
### Customizing the Admin Web Interface
@@ -114,6 +116,4 @@ Created using quasar, it's all your .vue files in `web/src/components/modals/age
Learn stuff here
https://quasar.dev/
<https://quasar.dev/>

44
docs/docs/faq.md
View File

@@ -1,35 +1,39 @@
# FAQ
## How do I do X feature in the web UI?
#### How do I do X feature in the web UI?
Alot of features in the web UI are hidden behind right-click menus; almost everything has a right click menu so if you don't see something, try right clicking on it.
#### Where are the Linux / Mac agents?
## Where are the Linux / Mac agents?
Linux / Mac agents are currently under development.
#### Can I run Tactical RMM locally behind NAT without exposing anything to the internet?
## Can I run Tactical RMM locally behind NAT without exposing anything to the internet?
Yes, you will just need to setup local DNS for the 3 subdomains, either by editing host files on all your agents or through a local DNS server.
#### I am locked out of the web UI. How do I reset my password?
## I am locked out of the web UI. How do I reset my password?
SSH into your server and run:
```bash
/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reset_password <username>
```
<br/>
## How do I reset password or 2 factor token?
#### How do I reset password or 2 factor token?
From the web UI, click **Settings > User Administration** and then right-click on a user:<br/><br/>
From the web UI, click **Settings > User Administration** and then right-click on a user:
![reset2fa](images/reset2fa.png)
<br/><br/>
Or from the command line:<br/>
Or from the command line:
```bash
/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py reset_2fa <username>
```
Then simply log out of the web UI and next time the user logs in they will be redirected to the 2FA setup page which will present a barcode to be scanned with the Authenticator app.
<br/>
#### How do I recover my MeshCentral login credentials?
## How do I recover my MeshCentral login credentials?
From Tactical's web UI: *Settings > Global Settings > MeshCentral*
@@ -42,21 +46,21 @@ node node_modules/meshcentral --resetaccount <username> --pass <newpassword>
sudo systemctl start meshcentral
```
#### Help! I've been hacked there are weird agents appearing in my Tactical RMM
## Help! I've been hacked there are weird agents appearing in my Tactical RMM
No, you haven't.
No, you haven't.
1. Your installer was scanned by an antivirus.
1. Your installer was scanned by an antivirus.
2. It didn't recognize the exe.
2. It didn't recognize the exe.
3. You have the option enabled to submit unknown applications for analysis.
3. You have the option enabled to submit unknown applications for analysis.
![AV Option1](images/faq_av_option1.png)
4. They ran it against their virtualization testing cluster.
4. They ran it against their virtualization testing cluster.
5. You allow anyone to connect to your rmm server (you should look into techniques to hide your server from the internet).
5. You allow anyone to connect to your rmm server (you should look into techniques to hide your server from the internet).
6. Here are some examples of what that looks like.
@@ -66,4 +70,4 @@ No, you haven't.
![AV Sandbox1](images/faq_av_sandbox3.png)
![AV Sandbox1](images/faq_av_sandbox4.png)
![AV Sandbox1](images/faq_av_sandbox4.png)

1
docs/docs/images/Remote_SSH_connection.PNG Normal file
View File

File diff suppressed because one or more lines are too long

57
docs/docs/install_agent.md
View File

@@ -10,74 +10,77 @@
`C:\Windows\Temp\winagent-v*.exe`<br/>
`C:\Windows\Temp\trmm\*`<br/>
`C:\temp\tacticalrmm*.exe`<br/>
## Dynamically generated executable
The generated exe is simply a wrapper around the Manual install method, using a single exe/command without the need to pass any command line flags to the installer.
All it does is download the generic installer from the agent's github [release page](https://github.com/wh1te909/rmmagent/releases) and call it using predefined command line args that you choose from the web UI.
It "bakes" the command line args into the executable.
#### Dynamically generated executable
From the UI, click **Agents > Install Agent**
You can also **right click on a site > Install Agent**. This will automatically fill in the client/site dropdown for you.
The generated exe is simply a wrapper around the Manual install method, using a single exe/command without the need to pass any command line flags to the installer.<br/><br/>
All it does is download the generic installer from the agent's github [release page](https://github.com/wh1te909/rmmagent/releases) and call it using predefined command line args that you choose from the web UI.<br/><br/>
It "bakes" the command line args into the executable.<br/><br/>
From the UI, click **Agents > Install Agent**<br/>
You can also **right click on a site > Install Agent**. This will automatically fill in the client/site dropdown for you.<br/><br/>
![siteagentinstall](images/siteagentinstall.png)
#### Powershell
## Powershell
The powershell method is very similar to the generated exe in that it simply downloads the installer from github and calls the exe for you.
#### Manual
The manual installation method requires you to first download the generic installer and call it using command line args.<br/><br/>
This is useful for scripting the installation using Group Policy or some other batch deployment method.<br/>
## Manual
The manual installation method requires you to first download the generic installer and call it using command line args.
This is useful for scripting the installation using Group Policy or some other batch deployment method.
!!!tip
You can reuse the installer for any of the deployment methods, you don't need to constantly create a new installer for each new agent.<br/>
The installer will be valid for however long you specify the token expiry time when generating an agent.
<br/>
#### Using a deployment link
## Using a deployment link
Creating a deployment link is the recommended way to deploy agents.<br/><br/>
The main benefit of this method is that the exectuable is generated only whenever the deployment download link is accessed, whereas with the other methods it's generated right away and the agent's version hardcoded into the exe.<br/><br/>
Using a deployment link will allow you to not worry about installing using an older version of an agent, which will fail to install if you have updated your RMM to a version that is not compatible with an older installer you might have lying around.<br/><br/>
Creating a deployment link is the recommended way to deploy agents.
The main benefit of this method is that the exectuable is generated only whenever the deployment download link is accessed, whereas with the other methods it's generated right away and the agent's version hardcoded into the exe.
Using a deployment link will allow you to not worry about installing using an older version of an agent, which will fail to install if you have updated your RMM to a version that is not compatible with an older installer you might have lying around.
To create a deployment, from the web UI click **Agents > Manage Deployments**.<br/><br/>
To create a deployment, from the web UI click **Agents > Manage Deployments**.
![managedeployments](images/managedeployments.png)
!!!tip
Create a client/site named "Default" and create a deployment for it with a very long expiry to have a generic installer that can be deployed anytime at any client/site.<br/><br/>
Create a client/site named "Default" and create a deployment for it with a very long expiry to have a generic installer that can be deployed anytime at any client/site.
You can then move the agent into the correct client/site from the web UI after it's been installed.
Copy/paste the download link from the deployment into your browser. It will take a few seconds to dynamically generate the executable and then your browser will automatically download the exe.
#### Optional installer args
## Optional installer args
The following optional arguments can be passed to any of the installation method executables:
```
```text
-log debug
```
Will print very verbose logging during agent install. Useful for troubleshooting agent install.
```
```text
-silent
```
This will not popup any message boxes during install, either any error messages or the "Installation was successfull" message box that pops up at the end of a successfull install.
```
```text
-proxy "http://proxyserver:port"
```
Use a http proxy
```
```text
-meshdir "C:\Program Files\Your Company Name\Mesh Agent"
```
Specify the full path to the directory containing `MeshAgent.exe` if using custom agent branding for your MeshCentral instance.
```
```text
-nomesh
```
Do not install meshcentral agent during tactical agent install. Note: take control, remote terminal and file browser will not work.
Do not install meshcentral agent during tactical agent install. Note: take control, remote terminal and file browser will not work.

21
docs/docs/install_docker.md
View File

@@ -4,15 +4,16 @@
- Obtain valid wildcard certificate for your domain. If certificates are not provided, a self-signed certificate will be generated and most agent functions won't work. See below on how to generate a free Let's Encrypt!
## Generate certificates with certbot
Install Certbot
```
```bash
sudo apt-get install certbot
```
Generate the wildcard certificate. Add the DNS entry for domain validation. Replace `example.com` with your root doamin
```
```bash
sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns
```
@@ -24,7 +25,7 @@ You will need to add DNS entries so that the three subdomains resolve to the IP
Get the docker-compose and .env.example file on the host you which to install on
```
```bash
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/docker-compose.yml
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/docker/.env.example
mv .env.example .env
@@ -32,7 +33,7 @@ mv .env.example .env
Change the values in .env to match your environment.
If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files.
If you are supplying certificates through Let's Encrypt or another source, see the section below about base64 encoding the certificate files.
## Base64 encoding certificates to pass as env variables
@@ -48,7 +49,7 @@ public key
private key
`/etc/letsencrypt/live/${rootdomain}/privkey.pem`
```
```bash
echo "CERT_PUB_KEY=$(sudo base64 -w 0 /path/to/pub/key)" >> .env
echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env
```
@@ -57,7 +58,7 @@ echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /path/to/priv/key)" >> .env
Run the below command to start the environment.
```
```bash
sudo docker-compose up -d
```
@@ -67,6 +68,10 @@ Removing the -d will start the containers in the foreground and is useful for de
Run the below command to get the download link for the mesh central exe. This needs to be uploaded on first successful signin.
```
```bash
sudo docker-compose exec tactical-backend python manage.py get_mesh_exe_url
```
```
## Backups
The backup script **does not** work with docker. To backup your install use [standard docker backup/restore](https://docs.docker.com/desktop/backup-and-restore/) processes.

63
docs/docs/install_server.md
View File

@@ -1,16 +1,19 @@
# Installation
## Minimum requirements
- A fresh linux VM running either Ubuntu 20.04 or Debian 10, with a minimum of 3GB RAM (4GB Recommended).<br/>
- A fresh linux VM running either Ubuntu 20.04 or Debian 10, with a minimum of 3GB RAM (4GB Recommended).
!!!warning
The provided install script assumes a fresh server with no software installed on it. Attempting to run it on an existing server with other services **will** break things and the install will fail.<br/><br/>
The install script has been tested on the following public cloud providers: DigitalOcean, Linode, Vultr, BuyVM (highly recommended), Hetzner, AWS, Google Cloud and Azure, as well as behind NAT on Hyper-V, Proxmox and ESXi.
- A real (internet resolvable) domain is needed to generate a Let's Encrypt wildcard cert. <br/>If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)
- example.local is __NOT__ a real domain. No you [don't have to expose your server](faq.md#can-i-run-tactical-rmm-locally-behind-nat-without-exposing-anything-to-the-internet) to the internet<br/><br/>
!!!note
We highly recommend staying current with updates (at least every 3 months when you update your SSL certs is a good minimum) while Tactical RMM is still working towards its 1.0 release.
- A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator.<br/><br/>
- A real (internet resolvable) domain is needed to generate a Let's Encrypt wildcard cert. _If you cannot afford to purchase a domain ($12 a year) then you can get one for free at [freenom.com](https://www.freenom.com/)_
- example.local is __NOT__ a real domain. No you [don't have to expose your server](faq.md#can-i-run-tactical-rmm-locally-behind-nat-without-exposing-anything-to-the-internet) to the internet
- A TOTP based authenticator app. Some popular ones are Google Authenticator, Authy and Microsoft Authenticator.
## Install
@@ -18,24 +21,31 @@
It is recommended that you keep your server updated regularly (monthly). SSL wildcard certs will expire every 3 months and need manual updating as well. <br/><br/>
Until we reach production release, there may be architectural changes that may be made to Tactical RMM and only a regular patching schedule is supported by developers.
#### Run updates and setup the linux user
SSH into the server as **root**.<br/><br/>
Download and run the prereqs and latest updates<br/>
### Run updates and setup the linux user
SSH into the server as **root**.
Download and run the prereqs and latest updates
```bash
apt update
apt install -y wget curl sudo
apt -y upgrade
```
If a new kernel is installed, then reboot the server with the `reboot` command<br/><br/>
Create a linux user named `tactical` to run the rmm and add it to the sudoers group.<br/>
If a new kernel is installed, then reboot the server with the `reboot` command
Create a linux user named `tactical` to run the rmm and add it to the sudoers group.
**For Ubuntu**:
```bash
adduser tactical
usermod -a -G sudo tactical
```
**For Debian**:
```bash
useradd -m -s /bin/bash tactical
usermod -a -G sudo tactical
@@ -44,7 +54,7 @@ usermod -a -G sudo tactical
!!!tip
[Enable passwordless sudo to make your life easier](https://linuxconfig.org/configure-sudo-without-password-on-ubuntu-20-04-focal-fossa-linux)
#### Setup the firewall (optional but highly recommended)
### Setup the firewall (optional but highly recommended)
!!!info
Skip this step if your VM is __not__ publicly exposed to the world e.g. running behind NAT. You should setup the firewall rules in your router instead (ports 22, 443 and 4222 TCP).
@@ -59,44 +69,47 @@ ufw allow proto tcp from any to any port 4222
!!!info
SSH (port 22 tcp) is only required for you to remotely login and do basic linux server administration for your rmm. It is not needed for any agent communication.<br/>
Allow ssh from everywhere (__not__ recommended)
```bash
ufw allow ssh
```
Allow ssh from only allowed IP's (__highly__ recommended)
```bash
ufw allow proto tcp from X.X.X.X to any port 22
ufw allow proto tcp from X.X.X.X to any port 22
```
Enable and activate the firewall
```
```bash
ufw enable && ufw reload
```
#### Create the A records
### Create the A records
We'll be using `example.com` as our domain for this example.
!!!info
The RMM uses 3 different sites. The Vue frontend e.g. `rmm.example.com` which is where you'll be accesing your RMM from the browser, the REST backend e.g. `api.example.com` and Meshcentral e.g. `mesh.example.com`
Get the public IP of your server with `curl https://icanhazip.tacticalrmm.io`<br/>
Open the DNS manager of wherever the domain you purchased is hosted.<br/>
Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server:
1. Get the public IP of your server with `curl https://icanhazip.tacticalrmm.io`
2. Open the DNS manager of wherever the domain you purchased is hosted.
3. Create 3 A records: `rmm`, `api` and `mesh` and point them to the public IP of your server:
![arecords](images/arecords.png)
#### Run the install script
### Run the install script
Switch to the `tactical` user
```bash
su - tactical
```
Download and run the install script
```bash
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh
chmod +x install.sh
@@ -107,8 +120,7 @@ Answer the initial questions when prompted. Replace `example.com` with your doma
![questions](images/install_questions.png)
#### Deploy the TXT record in your DNS manager:
### Deploy the TXT record in your DNS manager
!!!warning
TXT records can take anywhere from 1 minute to a few hours to propogate depending on your DNS provider.<br/>
@@ -125,14 +137,19 @@ Create a login for the RMM web UI:
A bunch of URLS / usernames / passwords will be printed out at the end of the install script. **Save these somewhere safe.** [Recover them if you didn't](faq.md#how-do-i-recover-my-meshcentral-login-credentials)
Copy the url for the meshagent exe (`https://mesh.example.com/agentinvite?c=......`), paste it in your browser and download the mesh agent:
![meshagentdl](images/meshagentdl.png)
Navigate to `https://rmm.example.com` and login with the username/password you created during install.<br/><br/>
Once logged in, you will be redirected to the initial setup page.<br/><br/>
Navigate to `https://rmm.example.com` and login with the username/password you created during install.
Once logged in, you will be redirected to the initial setup page.
Create your first client/site, choose the default timezone and then upload the mesh agent you just downloaded.
!!!note
Though it is an unsupported configuration, if you are using HAProxy or wish to configure fail2ban this might be of use to you [Unsupported Configuration Notes](unsupported_scripts.md)
## Update Regularly
We've said it before, we'll say it again. We recommend regular updates. Every 3 months.

30
docs/docs/management_cmds.md
View File

@@ -1,74 +1,88 @@
# Management Commands
To run any of the management commands you must first activate the python virtual env:
```bash
cd /rmm/api/tacticalrmm
source ../env/bin/activate
```
#### Reset a user's password
## Reset a user's password
```bash
python manage.py reset_password <username>
```
#### Reset a user's 2fa token
## Reset a user's 2fa token
```bash
python manage.py reset_2fa <username>
```
#### Find all agents that have X software installed
## Find all agents that have X software installed
```bash
python manage.py find_software "adobe"
```
#### Show outdated online agents
## Show outdated online agents
```bash
python manage.py show_outdated_agents
```
#### Log out all active web sessions
## Log out all active web sessions
```bash
python manage.py delete_tokens
```
#### Check for orphaned tasks on all agents and remove them
## Check for orphaned tasks on all agents and remove them
```bash
python manage.py remove_orphaned_tasks
```
#### Create a MeshCentral agent invite link
## Create a MeshCentral agent invite link
```bash
python manage.py get_mesh_exe_url
```
#### Bulk update agent offline/overdue time
## Bulk update agent offline/overdue time
Change offline time on all agents to 5 minutes
```bash
python manage.py bulk_change_checkin --offline --all 5
```
Change offline time on all agents in site named *Example Site* to 2 minutes
```bash
python manage.py bulk_change_checkin --offline --site "Example Site" 2
```
Change offline time on all agents in client named *Example Client* to 12 minutes
```bash
python manage.py bulk_change_checkin --offline --client "Example Client" 12
```
Change overdue time on all agents to 10 minutes
```bash
python manage.py bulk_change_checkin --overdue --all 10
```
Change overdue time on all agents in site named *Example Site* to 4 minutes
```bash
python manage.py bulk_change_checkin --overdue --site "Example Site" 4
```
Change overdue time on all agents in client named *Example Client* to 14 minutes
```bash
python manage.py bulk_change_checkin --overdue --client "Example Client" 14
```

5
docs/docs/mesh_integration.md
View File

@@ -1,6 +1,6 @@
# MeshCentral Integration
#### Overview
## Overview
Tactical RMM integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral) for the following 3 functions:
@@ -16,7 +16,7 @@ They do not even have to run on the same box, however when you install Tactical
It is highly recommended to use the MeshCentral instance that Tactical installs, since it allows the developers more control over it and to ensure things don't break.
#### How does it work
## How does it work
MeshCentral has an embedding feature that allows integration into existing products.
@@ -25,4 +25,3 @@ See *Section 14 - Embedding MeshCentral* in the [MeshCentral User Guide](https:/
The Tactical RMM Agent keeps track of your Mesh Agents, and periodically interacts with them to synchronize the mesh agent's unique ID with the tactical rmm database.
When you do a take control / terminal / file browser on an agent using the Tactical UI, behind the scenes, Tactical generates a login token for meshcentral's website and then "wraps" MeshCentral's UI in an iframe for that specific agent only, using it's unique ID to know what agent to render in the iframe.

9
docs/docs/restore.md
View File

@@ -7,19 +7,22 @@
The restore script will always restore to the latest available RMM version on github.
Make sure you update your old RMM to the latest version using the `update.sh` script and then run a fresh backup to use with this restore script.
#### Prepare the new server
## Prepare the new server
Create the same exact linux user account as you did when you installed the original server.
Add it to the sudoers group and setup the firewall.
Refer to the [installation instructions](install_server.md) for steps on how to do all of the above.
#### Change DNS A records
## Change DNS A records
Open the DNS manager of wherever your domain is hosted.
Change the 3 A records `rmm`, `api` and `mesh` and point them to the public IP of your new server.
#### Run the restore script
## Run the restore script
Copy the backup tar file you created during [backup](backup.md) to the new server.

10
docs/docs/script_variables.md
View File

@@ -18,8 +18,8 @@ See below for the available options.
- **{{agent.public_ip}}** - Public IP address of agent
- **{{agent.agent_id}}** - agent ID in database
- **{{agent.last_seen}}** - Date and Time Agent last seen
- **{{agent.used_ram}}** - Used RAM on agent. Returns an integer - example: *16*
- **{{agent.total_ram}}** - Total RAM on agent. Returns an integer - example: *16*
- **{{agent.used_ram}}** - Used RAM on agent. Returns an integer - example: *16*
- **{{agent.total_ram}}** - Total RAM on agent. Returns an integer - example: *16*
- **{{agent.boot_time}}** - Uptime of agent. Returns unix timestamp. example: *1619439603.0*
- **{{agent.logged_in_username}}** - Username of logged in user
- **{{agent.last_logged_in_user}}** - Username of last logged in user
@@ -34,7 +34,7 @@ See below for the available options.
- **{{agent.check_interval}}** - Returns check interval time setting for agent in TRMM
- **{{agent.needs_reboot}}** - Returns true if reboot is pending on agent
- **{{agent.choco_installed}}** - Returns true if Chocolatey is installed
- **{{agent.patches_last_installed}}** - The date that patches were last installed by Tactical RMM.
- **{{agent.patches_last_installed}}** - The date that patches were last installed by Tactical RMM.
- **{{agent.needs_reboot}}** - Returns true if the agent needs a reboot
- **{{agent.time_zone}}** - Returns timezone configured on agent
- **{{agent.maintenance_mode}}** - Returns true if agent is in maintenance mode
@@ -42,16 +42,18 @@ See below for the available options.
- **{{agent.alert_template}** - Returns true if agent has block policy inheritance
## Client
- **{{client.name}}** - Returns name of client
## Site
- **{{site.name}}** - Returns name of Site
## Alert
!!!info
Only available in failure and resolve actions on alert templates!
- **{{alert.alert_time}}** - Time of the alert
- **{{alert.message}}** - Alert message
- **{{alert.severity}}** - Severity of the alert *info, warning, or error*

1
docs/docs/sponsor.md
View File

@@ -13,4 +13,3 @@ We are always looking for feedback and ways to improve Tactical RMM to better ad
[Sponsor with Github](https://github.com/wh1te909)
[Sponsor with Ko-fi](https://ko-fi.com/tacticalrmm)

15
docs/docs/tipsntricks.md
View File

@@ -8,7 +8,11 @@ At the top right of your web administration interface, click your Username > pre
*****
## Mesh
## MeshCentral
Tactical RMM is actually 2 products: An RMM service with agent, and a secondary [MeshCentral](https://github.com/Ylianst/MeshCentral) install that handles the `Take Control` and `Remote Background` stuff.
### Adjust Settings
Right-click the connect button in *Remote Background | Terminal* for shell options
@@ -17,3 +21,12 @@ Right-click the connect button in *Remote Background | Terminal* for shell optio
Right-click the connect button in *Take Control* for connect options
![Terminal](images/tipsntricks_meshcontrol.png)
### Enable Remote Control options
1. Remote background a machine then go to mesh.yourdomain.com
2. Click on My Account
3. Click on the device group you want to enable notifications or accept connection etc on (probably TacticalRMM)
4. Next to User Consent click edit (the wee pencil)
5. tick whatever boxes you want in there ()
6. Click ok

34
docs/docs/troubleshooting.md
View File

@@ -1,17 +1,18 @@
# Troubleshooting
#### Server Troubleshooting Script
## Server Troubleshooting Script
If you've asked for help in [#support](https://discord.com/channels/736478043522072608/744282073870630912) please run this, and send a screenshot at the top of the thread created for troubleshooting your issue.
If you've asked for help in [#support](https://discord.com/channels/736478043522072608/744282073870630912) please run this, and send a screenshot at the top of the thread created for troubleshooting your issue.
Blur your domains if you desire privacy.
```bash
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/troubleshoot_server.sh
chmod +x troubleshoot_server.sh
./troubleshoot_server.sh
```
#### Problems after new install
## Problems after new install
In the very unlikely event you have issues after install please wipe the box and install again (following all the steps including downloading the install script but not running it) use the following command which will log the install progress and if you continue to have issues will assist with support of the installation.
@@ -22,7 +23,7 @@ bash -x install.sh 2>&1 | tee install.log
!!!note
Logging of installs isnt desirable as it logs extremely sensitive information which is why this isnt done by default! **Do not** post the raw log publicly only provide it if requested and then by dm only. Authorized users in Discord are: @BurningTimes#1938 @sadnub#6992 @dinger1986#1734 @silversword#9652
#### "Bad credentials" error when trying to login to the Web UI
## "Bad credentials" error when trying to login to the Web UI
If you are sure you are using the correct credentials and still getting a "bad credentials" error, open your browser's dev tools (ctrl + shift + j on chrome) and check the Console tab to see the real error.
@@ -32,9 +33,7 @@ If you see an error about SSL or certificate expired, then your Let's Encrypt ce
Refer to the Let's Encrypt cert renewal instructions [here](update_server.md#keeping-your-lets-encrypt-certificate-up-to-date)
<br/>
#### Agents not updating
## Agents not updating
The most common problem we've seen of agents not updating is due to Antivirus blocking the updater executable.
@@ -48,11 +47,9 @@ Since Tactical RMM is still in alpha and the developers makes breaking changes p
If you have agents that are relatively old, you will need to uninstall them manually and reinstall using the latest version.
<br/>
## Agents not checking in or showing up / General agent issues
#### Agents not checking in or showing up / General agent issues
First, reload NATS from tactical's web UI:<br />
First, reload NATS from tactical's web UI:<br>
*Tools > Server Maintenance > Reload Nats Configuration*
Open CMD as admin on the problem computer and stop the agent services:
@@ -63,11 +60,13 @@ net stop tacticalrpc
```
Run the tacticalagent service manually with debug logging:
```cmd
"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m winagentsvc -log debug -logto stdout
```
Run the tacticalrpc service manually with debug logging:
```cmd
"C:\Program Files\TacticalAgent\tacticalrmm.exe" -m rpc -log debug -logto stdout
```
@@ -78,9 +77,11 @@ Please then copy/paste the logs and post them either in our [Discord support cha
If all else fails, simply uninstall the agent either from control panel or silently with `"C:\Program Files\TacticalAgent\unins000.exe" /VERYSILENT` and then reinstall the agent.
#### All other errors
## All other errors
First, run the [update script](update_server.md#updating-to-the-latest-rmm-version) with the `--force` flag. <br/>This will fix permissions and reinstall python/node packages that might have gotten corrupted.
First, run the [update script](update_server.md#updating-to-the-latest-rmm-version) with the `--force` flag.
This will fix permissions and reinstall python/node packages that might have gotten corrupted.
```bash
./update.sh --force
@@ -106,12 +107,13 @@ sudo systemctl status redis
```
Read through the log files in the following folders and check for errors:
```bash
/rmm/api/tacticalrmm/tacticalrmm/private/log
/var/log/celery
```
#### Using Cloudflare DNS
## Using Cloudflare DNS
- rmm.example.com can be proxied.
@@ -119,7 +121,7 @@ Read through the log files in the following folders and check for errors:
- mesh.example.com can be proxied with the caveat that Mesh checks the cert presented to the agent is the same one on the server. I.e. no MITM. You'll need to copy Cloudflare's edge cert to your server if you want to proxy this domain.
#### Testing Network Connectivity between agent and server
## Testing Network Connectivity between agent and server
Use powershell, make sure you can connect to 443 and 4222 from agent to server:
@@ -135,4 +137,4 @@ Test-NetConnection -ComputerName api.example.com -Port 443
Test-NetConnection -ComputerName rmm.example.com -Port 443
```
Are you trying to use a proxy to share your single public IP with multiple services on 443? This is complicated and [unsupported by Tactical RMM](unsupported_scripts.md), test your setup.
Are you trying to use a proxy to share your single public IP with multiple services on 443? This is complicated and [unsupported by Tactical RMM](unsupported_scripts.md), test your setup.

13
docs/docs/unsupported_guidelines.md
View File

@@ -1,8 +1,10 @@
# Unsupported Guidelines
## General Information
Tactical RMM is designed to be secure by default.
Tactical RMM is designed to be secure by default.
You **CAN** **_expose_** it to the internet, and start deploying agents.
You **CAN** **_expose_** it to the internet, and start deploying agents.
You **CAN** **_not expose_** it to the internet, and start deploying agents.
@@ -11,11 +13,11 @@ You **CAN** **_not expose_** it to the internet, and start deploying agents.
!!!info
BIG PERIOD **.** <--- See, it's really really big 🙂
## That said...
## That said
There are those that wish to add layers to their security onion. For the benefit of others following in their footsteps, we have added here for your convenience additional information on a range of subjects and technologies that have been graciously donated to us by the community at large.
Please be aware that those providing help and assistance in the Discord [#support](https://discord.com/channels/736478043522072608/744282073870630912) channel will generally assume that you are **not** one of these wizards of networking magic.
Please be aware that those providing help and assistance in the Discord [#support](https://discord.com/channels/736478043522072608/744282073870630912) channel will generally assume that you are **not** one of these wizards of networking magic.
Should you employ any one or several of these unsupported technologies:
@@ -27,8 +29,9 @@ Should you employ any one or several of these unsupported technologies:
* IDSs
* IPSs
* SDNs
* Did anything other than follow the installation instructions exactly
* and any/all other magical ABC thru XYZ technologies
Please let us know **BEFORE** we start troubleshooting and looking for software bugs that you are...in fact...a 🧙...and using something non-standard 😉 Help us maximize keeping developer time and resources focused on new releases...not support goosechases.
Thank you and #KeepDeploying
Thank you and #KeepDeploying

20
docs/docs/unsupported_scripts.md
View File

@@ -1,11 +1,10 @@
# Unsupported Reference Scripts
!!!note
These are not supported scripts/configurations by Tactical RMM, but it's provided here for your reference.
!!!note
These are not supported scripts/configurations by Tactical RMM, but it's provided here for your reference.
## HAProxy
Check/Change the mesh central config.json, some of the values may be set already, CertUrl must be changed to point to the HAProxy server.
### Meshcentral Adjustment
@@ -20,7 +19,7 @@ nano /meshcentral/meshcentral-data/config.json
Insert this (modify `HAProxyIP` to your network)
```
```conf
{
"settings": {
"Port": 4430,
@@ -45,9 +44,9 @@ service meshcentral restart
### HAProxy Config
The order of use_backend is important `Tactical-Mesh-WebSocket_ipvANY` must be before `Tactical-Mesh_ipvANY`
The values of `timeout connect`, `timeout server`, `timeout tunnel` in `Tactical-Mesh-WebSocket` have been configured to maintain a stable agent connection, however you may need to adjust these values to suit your environment.
The values of `timeout connect`, `timeout server`, `timeout tunnel` in `Tactical-Mesh-WebSocket` have been configured to maintain a stable agent connection, however you may need to adjust these values to suit your environment.
```
```conf
frontend HTTPS-merged
bind 0.0.0.0:443 name 0.0.0.0:443 ssl crt-list /var/etc/haproxy/HTTPS.crt_list #ADJUST THIS TO YOUR OWN SSL CERTIFICATES
mode http
@@ -131,8 +130,7 @@ sudo apt install -y fail2ban
### Set Tactical fail2ban filter conf File
```
```bash
tacticalfail2banfilter="$(cat << EOF
[Definition]
failregex = ^<HOST>.*400.17.*$
@@ -144,7 +142,7 @@ sudo echo "${tacticalfail2banfilter}" > /etc/fail2ban/filter.d/tacticalrmm.conf
### Set Tactical fail2ban jail conf File
```
```bash
tacticalfail2banjail="$(cat << EOF
[tacticalrmm]
enabled = true
@@ -210,7 +208,7 @@ You need to add the certificate private key and public keys to the following fil
but change api. to: mesh. and rmm. respectively.
7. Add the following to the last lines of `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py`
5. Add the following to the last lines of `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py`
nano /rmm/api/tacticalrmm/tacticalrmm/local_settings.py
@@ -526,4 +524,4 @@ done
###Renew certs can be done by sudo letsencrypt renew (this should automatically be in /etc/cron.d/certbot)
```
```

40
docs/docs/update_agents.md
View File

@@ -5,35 +5,41 @@
For example, currently RMM version 0.4.17 is compatible with agent version 1.4.6 and lower.<br/><br/>
You should never attempt to manually update an agent to a newer version without first making sure your RMM is on the latest version.
#### Updating from the Web UI
Agents will automatically self update themselves if you have auto self update enabled in **Settings > Global Settings**<br/><br/>
## Updating from the Web UI
Agents will automatically self update themselves if you have auto self update enabled in **Settings > Global Settings**
![autoagentupdate](images/autoagentupdate.png)
There is a background job that runs every hour, at 35 minutes past the hour and sends any online agents an update command if it detects they are on an older version.<br/><br/>
There is a background job that runs every hour, at 35 minutes past the hour and sends any online agents an update command if it detects they are on an older version.
You can also trigger this background job to run on demand by clicking **Agents > Update Agents** in the web UI:
You can also trigger this background job to run on demand by clicking **Agents > Update Agents** in the web UI:<br/><br/>
![manualagentupdate](images/manualagentupdate.png)
You can individually choose which agents to update, or simply Select All.<br/><br/>
The RMM will automatically skip any agents that don't need updating.<br/><br/>
You can trigger this manual agent update anytime you want. It is safe to spam, and won't run if an agent update task is already running.<br/><br/>
It will also make sure agents update to the correct version, in case they are an older version that cannot be directly upgraded to the latest version.<br/><br/>
For example, agents older than version 1.3.0 must first be updated to 1.3.0 before they can go any further.<br/>
You can individually choose which agents to update, or simply Select All.
<br/>
The RMM will automatically skip any agents that don't need updating.
#### Manually updating from the command line on the agent
You can trigger this manual agent update anytime you want. It is safe to spam, and won't run if an agent update task is already running.
You should never need to do this but might be needed to troubleshoot agents that are not updating automatically.<br/>
It will also make sure agents update to the correct version, in case they are an older version that cannot be directly upgraded to the latest version.
Download the `winagent-vX.X.X.exe` executable from the [github releases page](https://github.com/wh1te909/rmmagent/releases) and place it somewhere on the filesystem.<br/>
For example, agents older than version 1.3.0 must first be updated to 1.3.0 before they can go any further.
## Manually updating from the command line on the agent
You should never need to do this but might be needed to troubleshoot agents that are not updating automatically.
Download the `winagent-vX.X.X.exe` executable from the [github releases page](https://github.com/wh1te909/rmmagent/releases) and place it somewhere on the filesystem.
Open CMD as admin and call the exe like so:
```
```cmd
C:\Windows\Temp>winagent-vX.X.X.exe /VERYSILENT /LOG=agentupdate.txt
```
This command will return immediately since it spawns a background process to run the update.<br/>
The agent will take around 30 seconds to fully update.<br/><br/>
You can check the `agentupdate.txt` log file that is created for troubleshooting.<br/><br/>
This command will return immediately since it spawns a background process to run the update.
The agent will take around 30 seconds to fully update.
You can check the `agentupdate.txt` log file that is created for troubleshooting.

9
docs/docs/update_docker.md
View File

@@ -1,10 +1,11 @@
# Updating the RMM (Docker)
#### Updating to the latest RMM version
## Updating to the latest RMM version
Tactical RMM updates the docker images on every release and should be available within a few minutes
SSH into your server as a root user and run the below commands:<br/>
SSH into your server as a root user and run the below commands:
```bash
cd [dir/with/compose/file]
mv docker-compose.yml docker-compose.yml.old
@@ -14,7 +15,7 @@ sudo docker-compose down
sudo docker-compose up -d --remove-orphans
```
#### Keeping your Let's Encrypt certificate up to date
## Keeping your Let's Encrypt certificate up to date
To renew your Let's Encrypt wildcard cert, run the following command, replacing `example.com` with your domain and `admin@example.com` with your email:
@@ -29,7 +30,7 @@ echo "CERT_PUB_KEY=$(sudo base64 -w 0 /etc/letsencrypt/live/${rootdomain}/fullch
echo "CERT_PRIV_KEY=$(sudo base64 -w 0 /etc/letsencrypt/live/${rootdomain}/privkey.pem)" >> .env
```
!!!warning
!!!warning
You must remove the old and any duplicate entries for CERT_PUB_KEY and CERT_PRIV_KEY in the .env file
Now run `sudo docker-compose restart` and the new certificate will be in effect

30
docs/docs/update_server.md
View File

@@ -1,22 +1,26 @@
# Updating the RMM
#### Keeping your linux server up to date
## Keeping your linux server up to date
You should periodically run `sudo apt update` and `sudo apt -y upgrade` to keep your server up to date.
Other than this, you should avoid making any changes to your server and let the `update.sh` script handle everything else for you.
#### Updating to the latest RMM version
## Updating to the latest RMM version
!!!danger
Do __not__ attempt to manually edit the update script or any configuration files unless specifically told to by one of the developers.<br/><br/>
Since this software is completely self hosted and we have no access to your server, we have to assume you have not made any config changes to any of the files or services on your server, and the update script will assume this.<br/><br/>
You should also **never** attempt to automate running the update script via cron.<br/><br/>
The update script will update itself if needed to the latest version when you run it, and them prompt you to run it again.<br/><br/>
The update script will update itself if needed to the latest version when you run it, and then prompt you to run it again.<br/><br/>
Sometimes, manual intervention will be required during an update in the form of yes/no prompts, so attempting to automate this will ignore these prompts and cause your installation to break.
SSH into your server as the linux user you created during install.<br/><br/>
__Never__ run any update scripts or commands as the `root` user.<br/>This will mess up permissions and break your installation.<br/><br/>
Download the update script and run it:<br/>
SSH into your server as the linux user you created during install.
!!!danger
__Never__ run any update scripts or commands as the `root` user.<br/>This will mess up permissions and break your installation.
Download the update script and run it:
```bash
wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
@@ -24,19 +28,17 @@ chmod +x update.sh
./update.sh
```
<br/>
If you are already on the latest version, the update script will notify you of this and return immediately.
If you are already on the latest version, the update script will notify you of this and return immediately.<br/><br/>
You can pass the optional `--force` flag to the update script to forcefully run through an update, which will bypass the check for latest version.<br/>
You can pass the optional `--force` flag to the update script to forcefully run through an update, which will bypass the check for latest version.
```bash
./update.sh --force
```
This is usefull for a botched update that might have not completed fully.<br/><br/>
The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user.
This is usefull for a botched update that might have not completed fully.
<br/>
The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user.
!!!warning
Do __not__ attempt to manually update MeshCentral to a newer version.
@@ -45,7 +47,7 @@ The update script will also fix any permissions that might have gotten messed up
The developers will test MeshCentral and make sure integration does not break before bumping the mesh version.
#### Keeping your Let's Encrypt certificate up to date
## Keeping your Let's Encrypt certificate up to date
!!!info
Currently, the update script does not automatically renew your Let's Encrypt wildcard certificate, which expires every 3 months, since this is non-trivial to automate using the DNS TXT record method.
@@ -64,7 +66,7 @@ After this you have renewed the cert, simply run the `update.sh` script, passing
./update.sh --force
```
#### Keep an eye on your disk space
## Keep an eye on your disk space
If you're running low, shrink you database

12
docs/mkdocs.yml
View File

@@ -13,8 +13,10 @@ nav:
- "Updating Agents": update_agents.md
- Functionality:
- "Alerting": functions/alerting.md
- "API Access": functions/api.md
- "Automated Tasks": functions/automated_tasks.md
- "Custom Fields": functions/custom_fields.md
- "Database Maintenance": functions/database_maintenance.md
- "Django Admin": functions/django_admin.md
- "Global Keystore": functions/keystore.md
- "Maintenance Mode": functions/maintenance_mode.md
@@ -23,9 +25,7 @@ nav:
- "Scripting": functions/scripting.md
- "URL Actions": functions/url_actions.md
- "User Interface Preferences": functions/user_ui.md
- "API Access": functions/api.md
- "Examples": functions/examples.md
- "Database Maintenace": functions/database_maintenance.md
- Backup: backup.md
- Restore: restore.md
- Troubleshooting: troubleshooting.md
@@ -33,12 +33,12 @@ nav:
- Management Commands: management_cmds.md
- MeshCentral Integration: mesh_integration.md
- 3rd Party Integrations:
- "AnyDesk": 3rdparty_anydesk.md
- "BitDefender GravityZone": 3rdparty_bitdefender_gravityzone.md
- "Connectwise Control / Screenconnect": 3rdparty_screenconnect.md
- "Grafana": 3rdparty_grafana.md
- "AnyDesk": 3rdparty_anydesk.md
- "Connectwise Control / Screenconnect": 3rdparty_screenconnect.md
- "TeamViewer": 3rdparty_teamviewer.md
- Unsupported Scripts & Security:
- "BitDefender GravityZone": 3rdparty_bitdefender_gravityzone.md
- Unsupported Extras:
- "Unsupported Guidelines": unsupported_guidelines.md
- "Unsupported Scripts": unsupported_scripts.md
- "Securing nginx": securing_nginx.md