- Start ASE
-
Description
- Start ASE
-
Syntax
-
./start.sh
- Stop ASE
-
Description
- Stop ASE
-
Syntax
-
./stop.sh
- Help
-
Description
- Displays cli.sh help
-
Syntax
-
./cli.sh help
- Version
-
Description
- Displays the version number of ASE
-
Syntax
-
./cli.sh version
- Status
-
Description
- Displays the running status of ASE
-
Syntax
-
./cli.sh status
- Update Password
-
Description
- Change ASE admin password
-
Syntax
-
./cli.sh update_password -u admin - p
- Change log level
- Description
- Change balancer.log and controller.log log level
- Syntax
./cli.sh log_level -u admin -p
- options -
warn
, info
,
error
, fatal
, debug
- Get Authentication Method
-
Description
- Display the current authentication method
-
Syntax
-
./cli.sh get_auth_method -u admin -p
- Update Authentication Method
-
Description
- Update ASE authentication method
-
Syntax
-
./cli.sh update_auth_method {method} -u admin -p
- Enable Sideband Authentication
-
Description
- Enable authentication between API gateway and ASE when ASE is deployed in sideband mode
-
Syntax
-
./cli.sh enable_sideband_authentication -u admin – p
- Disable Sideband Authentication
-
Description
- Disable authentication between API gateway and ASE when ASE is deployed in sideband
mode
-
Syntax
-
./cli.sh disable_sideband_authentication -u admin – p
- Create ASE Authentication Token
-
Description
- Create the ASE token that is used to authenticate between the API gateway and ASE
-
Syntax
-
./cli.sh create_sideband_token -u admin – p
- List ASE Authentication Token
-
Description
- List the ASE token that is used to authenticate between the API gateway and ASE
-
Syntax
-
./cli.sh list_sideband_token -u admin – p
- Import ASE Authentication Token
- Description
- Import ASE token that is used for authentication between ASE and API gateway. The
token should be 32 character long, and the allowable characters in the token are:
alphabets in small case and digits 0-9.
- Syntax
./cli.sh import_sideband_token {token} -u admin – p admin
- Delete ASE Authentication Token
-
Description
- Delete the ASE token that is used to authenticate between the API gateway and ASE
-
Syntax
-
./cli.sh delete_sideband_token {token} -u admin – p
- Enable Audit Logging
-
Description
- Enable audit logging
-
Syntax
-
./cli.sh enable_audit -u admin -p admin
- Disable Audit Logging
-
Description
- Disable audit logging
-
Syntax
-
./cli.sh disable_audit -u admin -p admin
- Add Syslog Server
-
Description
- Add a new syslog server
-
Syntax
-
./cli.sh –u admin -p admin add_syslog_server host:port
- Delete Syslog Server
-
Description
- Delete the syslog server
-
Syntax
-
./cli.sh –u admin -p admin delete_syslog_server host:port
- List Syslog Server
-
Description
- List the current syslog server
-
Syntax
-
./cli.sh –u admin -p admin list_syslog_server
- Add API
-
Description
- Add a new API file in JSON format. File should have
.json
extension.
Provide the complete path where you have stored the API JSON file. After running the command,
API is added to /opt/pingindentity/ase/config/api
directory
-
Syntax
-
./cli.sh –u admin -p admin add_api {config_file_path}
- Update API
-
Description
- Update an API after the API JSON file has been edited and saved
-
Syntax
-
./cli.sh –u admin -p admin update_api {api_name}
- List APIs
-
Description
- Lists all APIs configured in ASE
-
Syntax
-
./cli.sh –u admin -p admin list_api
- API Info
-
Description
- Displays the API JSON file
-
Syntax
-
./cli.sh –u admin -p admin api_info {api_id}
- API Count
-
Description
- Displays the total number of APIs configured
-
Syntax
-
./cli.sh –u admin -p admin api_count
- Enable Per API Blocking
-
Description
- Enables attack blocking for the API
-
Syntax
-
./cli.sh –u admin -p admin enable_blocking {api_id}
- Disable Per API Blocking
-
Description
- Disable attack blocking for the API
-
Syntax
-
./cli.sh –u admin -p admin disable_blocking {api_id}
- Delete API
-
Description
- Delete an API from ASE. Deleting an API removes the corresponding JSON file and deletes all
the cookies associated with that API
-
Syntax
-
./cli.sh –u admin -p admin delete_api {api_id}
-
Generate Master Key
-
Description
- Generate the master obfuscation key
ase_master.key
-
Syntax
-
./cli.sh -u admin -p admin generate_obfkey
-
Obfuscate Keys and Password
-
Description
- Obfuscate the keys and passwords configured in various configuration files
-
Syntax
-
./cli.sh -u admin -p admin obfuscate_keys
-
Create a Key Pair
-
Description
- Creates private key and public key pair in keystore
-
Syntax
-
./cli.sh –u admin -p admin create_key_pair
-
Create a CSR
-
Description
- Creates a certificate signing request
-
Syntax
-
./cli.sh –u admin -p admin create_csr
-
Create a Self-Signed Certificate
-
Description
- Creates a self-signed certificate
-
Syntax
-
./cli.sh –u admin -p admin create_self_sign_cert
-
Import Certificate
-
Description
- Import CA signed certificate into keystore
-
Syntax
-
./cli.sh –u admin -p admin import_cert {cert_path}
-
Create Management Key Pair
-
Description
- Create a private key for management server
-
Syntax
-
/cli.sh –u admin -p admin create_management_key_pair
-
Create Management CSR
-
Description
- Create a certificate signing request for management server
-
Syntax
-
/cli.sh –u admin -p admin create_management_csr
-
Create Management Self-signed Certificate
-
Description
- Create a self-signed certificate for management server
-
Syntax
-
/cli.sh –u admin -p admin create_management_self_sign_cert
-
Import Management Key Pair
-
Description
- Import a key-pair for management server
-
Syntax
-
/cli.sh –u admin -p admin import_management_key_pair {key_path}
-
Import Management Certificate
-
Description
- Import CA signed certificate for management server
-
Syntax
-
/cli.sh –u admin -p admin import_management_cert {cert_path}
-
Cluster Info
-
Description
- Displays information about an ASE cluster
-
Syntax
-
./cli.sh –u admin -p admin cluster_info
-
Delete Cluster Node
-
Description
- Delete and inactive ASE cluster node
-
Syntax
-
./cli.sh –u admin -p admin delete_cluster_node host:port
-
Enable Firewall
-
Description
- Enable API firewall. Activates pattern enforcement, API name mapping, manual attack
type
-
Syntax
-
./cli.sh –u admin -p admin enable_firewall
-
Disable Firewall
-
Description
- Disable API firewall
-
Syntax
-
./cli.sh –u admin -p admin disable_firewall
-
Enable ASE detected attacks
-
Description
- Enable ASE detected attacks
-
Syntax
-
./cli.sh –u admin -p admin enable_ase_detected_attack
-
Disable ASE Detected Attacks
-
Description
- Disable API firewall
-
Syntax
-
./cli.sh –u admin -p admin disable_ase_detected_attack
-
Enable ABS
-
Description
- Enable ABS to send access logs to ABS
-
Syntax
-
./cli.sh –u admin -p admin enable_abs
-
Disable ABS
-
Description
- Disable ABS to stop sending access logs to ABS
-
Syntax
-
./cli.sh –u admin -p admin disable_abs
-
Adding Blacklist
-
Description
- Add an entry to ASE blacklist using CLI. Valid type values are: IP, Cookie, OAuth2 token,
API Key, and username
If type is ip, then Name is the IP address.
If type is cookie,
then name is the cookie name, and value is the cookie value
-
Syntax
-
./cli.sh –u admin -p admin add_blacklist {type}{name}{value}
-
Example
-
/cli.sh -u admin -p admin add_blacklist ip 1.1.1.1
-
Delete Blacklist Entry
-
Description
- Delete entry from the blacklist.
-
Syntax
-
./cli.sh –u admin -p admin delete_blacklist {type}{name}{value}
-
Example
-
cli.sh -u admin -p delete_blacklist token 58fcb0cb97c54afbb88c07a4f2d73c35
-
Clear Blacklist
-
Description
- Clear all the entries from the blacklist
-
Syntax
-
./cli.sh –u admin -p admin clear_blacklist
-
View Blacklist
-
Description
- View the entire blacklist or view a blacklist for the specified attack type (for example,
invalid_method)
-
Syntax
-
./cli.sh –u admin -p admin view_blacklist
{all|manual|abs_generated|invalid_content_type|invalid_method|invalid_protocol|decoy|missing_token}
-
View Blacklist for IP addresses with missing tokens
-
Description
- View the blacklist entries that are blocked due to missing tokens
-
Syntax
-
./cli.sh view_blacklist missing_token -uadmin -padmin
-
Adding Whitelist
-
Description
- Add an entry to ASE whitelist using CLI. Valid type values are: IP, cookie, OAuth2 token,
API key, and username
If type is IP, then name is the IP address.
If type is cookie,
then name is the cookie name, and value is the cookie value
-
Syntax
-
./cli.sh –u admin -p admin add_whitelist {type}{name}{value}
-
Example
-
/cli.sh -u admin -p admin add_whitelist api_key AccessKey 065f73cdf39e486f9d7cda97d2dd1597
-
Delete Whitelist Entry
-
Description
- Delete entry from the whitelist
-
Syntax
-
./cli.sh –u admin -p admin delete_whitelist {type}{name}{value}
-
Example
-
/cli.sh -u admin -p delete_whitelist token 58fcb0cb97c54afbb88c07a4f2d73c35
-
Clear Whitelist
-
Description
- Clear all the entries from the whitelist
-
Syntax
-
./cli.sh –u admin -p admin clear_whitelist
-
View Whitelist
-
Description
- View the entire whitelist
-
Syntax
-
./cli.sh –u admin -p admin view_whitelist
-
ABS Info
-
Description
- Displays ABS status information.
ABS enabled or disabled, ASE fetching ABS attack types,
and ABS cluster information
-
Syntax
-
./cli.sh –u admin -p admin abs_info