From c7e5aaf42cdb442eb9a2e3d498852aba134d4689 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:30:16 -0400 Subject: [PATCH 1/6] docs - Adding power state legend https://github.com/Ylianst/MeshCentral/issues/4177 --- docs/docs/meshcentral/devicetabs.md | 26 ++++++++++++++++++ .../meshcentral/images/7daypowerstate.png | Bin 0 -> 7010 bytes docs/mkdocs.yml | 1 + 3 files changed, 27 insertions(+) create mode 100644 docs/docs/meshcentral/devicetabs.md create mode 100644 docs/docs/meshcentral/images/7daypowerstate.png diff --git a/docs/docs/meshcentral/devicetabs.md b/docs/docs/meshcentral/devicetabs.md new file mode 100644 index 00000000..4373a399 --- /dev/null +++ b/docs/docs/meshcentral/devicetabs.md @@ -0,0 +1,26 @@ +# Device Tabs + +## General + +### 7 Day Power State + +Legend + +1. Black color: device is powered om +2. purple color: device is in sleep state +3. blue/green color : device is connected trough amt/cira, but not powered on +4. grey color: device is powered off + +![](images/7daypowerstate.png) + +## Desktop + +## Terminal + +## Files + +## Events + +## Details + +## Console \ No newline at end of file diff --git a/docs/docs/meshcentral/images/7daypowerstate.png b/docs/docs/meshcentral/images/7daypowerstate.png new file mode 100644 index 0000000000000000000000000000000000000000..de5455443e473282eab18d2633c2e61cf951eda3 GIT binary patch literal 7010 zcmb`LcU)7+qQ~Rn+EB17BA~8-g(5YyfQo>01*9Ypl-?0S4@oQwt}BRwfRqH4wse66 z3=mLRdM^P9O^_BKp%Wkpyc5cOckkVIKcDwL?+rZ-7pD&)B0yzExR9sXQ$ZQPp;pKRk)Dt{8>EJ&;0>- z^5%n7@`YQGTKSFDE2#;8glL4?1RTiFAz$ada6i8_x-`f+@q#79+4Q%P_M32%jPQ~A zRQ#U3r;-&^?h^J@eDh~sP#zzUsgPwf-*)c&CX>W_0YQ&LHj`vbhZeIC&5*^p8X-}j zejt#*nCI|S&dGIAMOig9p%&gr{jb(*_?<0FHM{G29%lwP|X=Nu<) z(H6zhke*2>HdIWsjtCyJ4w8u31q#R}^NtubX(Fi9P$US%5~j>q=%q?|&sGy%^OCS| z)NxnfM~M)Iky0o(TB+@nOEYRNzX>u!LM==2IjKUis>o#;a_-U~ym=SMNz&15U4r?% zri$XL&qhc_Ym!}MHY5ao1_gXjS*t|4YPW;u!fWKupzv(87;0?2%xWzc`mI3`XhbHh ztJAF86avMfeMRC{sHyAe?KWqRn;LxFEd=_WA9bj0{+R>8wj?sZsOepYD57uEpWlOH-r%gRXA01EyOUi^@%&BGbyrv>Z@5pqtoKTpAJ+b zydh9FBaW~Vt*^2n{N)m;RZ3|@aVho7Y|lBiI+NKOQ9#hJp5XaWK3;BqMl$AQ*sfh5 zRak^6=E#S(vWF6=tV^=`dxNO>8UjsioM(|vf(0@9URWrsbjIRlbh`$a>S2Nn-Aqe= z>qtwc?Lc#)bL)x;2GdNIu@D*xE8)+vyj&rF_Kh7ZOO?zHX~z^Y4LpT|WA-%7q&#RX z6|y+Pw5(7}27Nx})-9hb?l0i}!woNe#lUgD9VXRqqh6@Ad#~BQc1V_;b^Bz5cE6fKzv$Uo zs^t|#r8H)xmh-1I{{&J|JaeiIY;8JN-s7Zn)L>&@(#sTo2z4=I-7`irj9M#gm0)Km z40_aJ9;P{^^INzune62vl+S!xRLJ3upU})g}I_d z1D_6%bc;o5zjj+6*Zd3u89t(1!v|i2w&(UZl?WKqGP8X2@5+BS*w9SM$@=}r4-!w< zE|9_{>TPihIas@h2cnkH=x{#`!)Le`rN~9{@j?kNmNJ%AMYINx$`CN^edfciabvb* zXw%I?{wCFq1?!+IK<`eguVXv&u!E3^@GIjfd}x~H^P zPBx3^;PGdCE~;g~p!<`fZ99v?b}EaC_wt|`qa`q{F#qP{#jziZS03W8Ru`5D_*@e* zcuxOnCNQup+*K$SPc)s4PfCiY;z4-&E+M?qSA7yP5uR^V4}e-v9$W;_bvNpwtiKog z+c)!PD(U54lF8PMDTc!bM<-n_fIv8(JwX69oYCJ6HPq(9_F$DgWfN{4ZWucX0^yHv zK|mnr8Gin$@7wq@5hzO&+ytRp!8R#F$3)+x;yx}^Z^xty;zQi8w-O)7=KN(m*e?BtZe25^OV;rAiMn}Gi)`E!rc zV3qe;&q8C}qTIeC4&KSy5@!lJ4u_o_`EUc?0?XpojXGwLfLm`HN(~|B;M%fA;X%k} z9o-*#IWr^ZTV4#4QyXE?ByIJ2La~IHu(7&+4Bk_`QBPR+)XOwSe0-M$Ef9fl{!|Rk za@T{XdqYvmnM85U-H%YNufub#1mn-(kiyt3;?kF($UlW?V3G8Bpa>5M;mT3MoOYma za4rSMFXrx1ZB#&*#d1e$r`qfDb8$+*cgpfNU8n`yO7J~tsaqF|m`2)rC>*+W)llz% zl+$g)XIjjT4y2~2NYoPV&0r|{k&*se=pf>0y=C4vw@WVlrFOC? zNiIk;FYTCi2kJVv{4QGQTdYw}h-~`!q+Z+MkJaS)$jtSL;CsywaC+`!K%_^Zs+9WQ<22dC8EQX;&G$Gj}T`CL1;^SYMql&;G%Jn zlUlJ9r_P_t1%NRibo%sfTKE^lij5ibpFrA` zz6ngGQEOlSlD`}1{!+)mxCmj;N?0(nG~JdewLGu9aZGn?yEMJ+;y-+F^RZpN-7~G3 z-3vb(aqr8@uwS<4E1dZv8r~vIo-~Ic2rgznhjZ)$w48p9zyFgQin_-BKGukpk&_z# z-q?g+TW9yYrkk62BE49P!?jHx7ziNTiU`puqGc({RqAya>um&m&#!F@lG*e@QB!OsO%n2IZhec@+Il}3Xpd4SnYT^7xd%)iMhGy zH}w)JrAXD_fR9SXvb(dr2xWGgf~RmUq{qo%H<6?uc&hFhN~7V}Emr|G-^(gmmydVk zXd(P}yH6|HWpnDYBDA0meabrkd{O}>#QybUi~VYWJ1IF)8e%n zPs?z{rl(>=L<{60?Bq&a?kpH2*{p%IxXhED*W}5~Y4QCTPM(XDq7#GDj{1i3;f$jY zh*5mOK-bqslLDV1r;-U08Q<*El8~TVNg`Re+fMRDc1-rRMDd~Iny zT2v(Dw9nMjCA$E;8mhw4$41&>;hgIT}p#RjM4W|PJ4vv`MQWC+$&k`3Q4V7 zZ_VEx9oK+a^0#wQ^~TXqHM5NDnc@Dn5d7UDDJp#y|L(7V4#c?}K1sv0Z*|%q{!VB# z`u_cMf^8E2L&75M?CtH{+_I|>lbigYMD9dwM>Tppw-#Yy%i91pdkYR4{_}YNz+WKg zbYLjB4{W9WeIviS;l}KxnFoy!}i!Co}P!W$?)NoV*h;bjD?5_4kg zLxLWC8?>+nwkFs^U$h1{aKcwL_>+o)cc#=vAG}N&D`uEzaEesSF%Lx_|CNWPy>Ej; zNAPQYZ;;yqv-1Lf|67O*L}9@jh;y_DSJ0HndgSUe-q@%w^OTj8fPR#=ZHrutkZM?J z`%*dhZk!3U3%?V?!ZxudtOr&SJrHT+#(D;9)cO5Zo|%=(+JUOhj9S;&;S%ON*Bcj+ z$gw5MWNCd_UCq3jkj1+%syS~BBraE{nQ-e>jWtdi{B!tS=flGdPxP-xL^!6Kq{Y+e zt3ZGJt#AOn91u9>`0XcI&(fA3=@Ry@ofVimUtYcohdk5sUDN4eRJVx6NMa8-|FIL^ zXJg~zn^XA}d54I^xR;~%ABv!sg9%EevK07PHAwzhoz?W?i+!!x&?8nQXpBmor`}V{ zN+pfM!xa-qz>u5RjnaT+?5g=s6bc5N5&vYM9EAijdyao}zbGe^JiocUS^kATgs1Io zc+vk(GWPD-Gkk>8BiBn|78X+5>AbUL5Ugk)U*9UD^dQc|pK#6g=FK!KR&Y?QbI;(~ z-y|6@;d+U@suIA0^E0PdUrnVD>5!EE0%0&rK_ADmO>HUG8k zgPXVO5UVYutyI}e3u&W|EyJlNykE+m@ph+^y|=`38g@gT;_o$XV-1}Q9J5=4UI~Yb zk7G%sN~-IB;4;yy!Sx`gxgRm&41OyZR>wfqSjab23<2n|Ao&~gZJbVw#996A^adgd z(@H}-Wf(4j+s1AtUeHEpP&ckbBY-QGfciJu^%FTzj&gr-7{{me5Q|KQH3 zCX{=QZ*wKWqjy98%!S&Nd6QH(#o+jRB6Xd2vUOwIX4?Jd=o2?76B8kJbPt2yfoeHz zDunu!MPXmosQjkxd@EL8SXkIukUiq+Ad^q%Vkdk2$87iWeD!KeX;pI_FMa{fw7m4GiB}>*VkwD48AM@`AG6CQlH6DEpN;n^a62rWZe4Ml zcfqYO^gjOFsYCNY1LcHI!Bj%FJ|pAxm(eO%F96_CIFFE^p7jflEmx@cZ}&ZE1c+$0 zQ^9AB``QH#`|NlEuaE?7*{vW2xp=qSD zP-sT-=-x|YcNhgfzO{UVtHFGEw@PR=0n%xB#Ewzxw&s@NBh

Q@`{5{R@EDljA;| zzaO48D!lp1KJU8RsHt{$cOa`Xb@puP9lc_~rv4-N{P9;A2G+oO&4U$ev)Z2VDpY4{ zN0bZTMd&{143&EsONi+Dml1-jO!9n_Vgn9IP{#EbDxE)ERv!aLgfKPGB6aqaQr$2)Vrsi~<-`qq{N zfXbru+}vFApT5h?Z^<%f_SPz`yH`zI_CFvp(#6-E<^kg#FD+@7bgQZiLedofb+&iS zGL8cKJt;*@sY@mFK^4^Ss{a0FG>_E6ml9zE{X`|oG1tjy!gvlj38_54DgYo5+3c z92KpX2ggPZapv^0qpIC-?jDVt^A1i zu{D3!eB9n7yS4Xi_(1RiL0!~Zc~P>0b;(o(y*?EyiA`knV5*W0J7zHRZ_%?)nYBsf z5$I*fJkp|2#7rJ%|EyI+u=nD4Uh?9c;rfV!%D%^q5f~v}m%i1xV^NoBm4nmgA75G1 zj9+6LmM?dip$pNYKQQd{mYPg1uZ1QGCR$l-{S7)oZ7rhi@N}9QbA4LlrUV~TjBQfB zaQcFynjFL0Y-0>-4!g^M@$-#CQm=;b&d2UYJWng;Mr(5fK?5n%yFMq=#1Ut*xA_Rlq zl+ClK0X`4uWz4Rw7PPT;xoXL30%L&vf-A3GvTJbt`@;Eehtvjj&}*01BbUmS8t}c= z>q#Sf2lH6EWh-olLyovED zc$DAzr51B>6@y;7S_hjUr{vC{iraf(8(puEdveP2Z3hE{SLu26yPPsA2U*k`Dk~FT zo{ng31c(Wur1OHWqLFzlx+~c;gLN+tGquQDZhfpG?KNtJ4>fC;q;P{XxAHW`Y7MSI z^}k02FVgdh;H(ttJZm}LBrEmAVxsml@ SOMSroAZ-nUTe&yyKlv|T(-$TH literal 0 HcmV?d00001 diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 9ea8f3dc..326c1f94 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -9,6 +9,7 @@ nav: - MeshCentral2: - 'MeshCentral2 Guide': 'meshcentral/index.md' - 'All Configuration Options': 'meshcentral/config.md' + - 'Device Tabs': 'meshcentral/devicetabs.md' - 'Tokens': 'meshcentral/tokens.md' - 'Assistant': 'meshcentral/assistant.md' - 'Code Signing': 'meshcentral/codesigning.md' From 60800d626344d98aead4f0c32034e7aac609f9c2 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:30:59 -0400 Subject: [PATCH 2/6] docs - adding videos --- docs/docs/design/index.md | 6 ++++++ docs/docs/intelamt/index.md | 22 ++++++++++++++++++++++ docs/docs/meshcentral/index.md | 14 ++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/docs/docs/design/index.md b/docs/docs/design/index.md index 3eda1e7c..6c90729a 100644 --- a/docs/docs/design/index.md +++ b/docs/docs/design/index.md @@ -81,6 +81,12 @@ The main takeaway is that MeshCentral is mostly an ExpressJS application. This i MeshCentral will run `npm install` automatically when any of these optional modules are needed but not currently available. +## Understanding the different modes: LAN, WAN and Hybrid + +

+ +
+ ## Code files and folders Someone would think the server is rather simple when taking a look at the MeshCentral server code files. At a high level, the entire server has 3 folders, 3 text files and a manageable number of .js files that are fairly self-descriptive. Here is a list of the source files and folders. diff --git a/docs/docs/intelamt/index.md b/docs/docs/intelamt/index.md index c7ba65ca..67b3f74d 100644 --- a/docs/docs/intelamt/index.md +++ b/docs/docs/intelamt/index.md @@ -13,6 +13,12 @@ Intel AMT Guide [as .odt](https://github.com/Ylianst/MeshCentral/blob/master/doc This user guide contains all essential information for activating and using Intel® Active Management Technology (Intel® AMT) with MeshCentral. We will review how to activate, connect to and use Intel AMT features and how this benefit administrators that want to manage computers remotely. This document expect the reader to already be familiar with how to install and operate MeshCentral and have a basic understanding of how Intel® AMT works. +## History of AMT + +
+ +
+ ## Introduction MeshCentral is a free open source web-based remote computer management software and it fully supports Intel® Active Management Technology (Intel® AMT). MeshCentral does not require that computers it manages support Intel AMT, but if a remote computer has this capability, MeshCentral will make use of it. @@ -173,3 +179,19 @@ Once Intel AMT is in a situation where ACM activation can occur, the activation ![](images/2022-05-16-23-16-05.png) The best way to test this feature is to create an “Intel AMT only” device group and run the MeshCMD command on the remote system to perform activation. If there is a problem, this process should clearly display why ACM activation fails. + +## Intel AMT MEI and LMS + +Intel Active Management Technology (Intel AMT) can communicate to the local platform using the Management Engine Interface (MEI). We show how your can use that to get Intel AMT information. For more advanced usages, you need to connect using TCP and TLS which requires Intel Local Manageability Service (LMS). We show how MeshCentral's Mesh Agent and MeshCMD have a small version of LMS built-in and how it works + +
+ +
+ +## Intel AMT System Defense + +As part of Intel AMT there are hardware filters in the network interface you can setup to match and perform actions on packets. This happens at Ethernet speeds with no slow down and independent of the OS. + +
+ +
diff --git a/docs/docs/meshcentral/index.md b/docs/docs/meshcentral/index.md index 38d51490..9a56067e 100644 --- a/docs/docs/meshcentral/index.md +++ b/docs/docs/meshcentral/index.md @@ -767,6 +767,12 @@ In addition to local device groups, the IP-KVM/Power switch device group was als ## NGINX Reverse-Proxy Setup +### Video Walkthru + +
+ +
+ Sometimes it’s useful to setup MeshCentral with a reverse-proxy in front of it. This is useful if you need to host many services on a single public IP address, if you want to offload TLS and perform extra web caching. In this section we will setup NGINX, a popular reverse-proxy, in front of MeshCentral. NGNIX is available at: https://www.nginx.com/ ![](images/2022-05-19-00-23-11.png) @@ -1760,3 +1766,11 @@ su -c '/bin/bash -i' myOtherUser ``` This will run bash in interactive mode and work correctly. + +#### SSH and SFTP integration to the Terminal + +MeshCentral has built-in web-based integration of SSH in the "Termina" tab and SFTP in the "Files" tab. + +
+ +
\ No newline at end of file From 33cba56614a84344111784e4c84921b0910af313 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:31:42 -0400 Subject: [PATCH 3/6] docs - adding plugin script https://github.com/Ylianst/MeshCentral/issues/4191 --- docs/docs/meshcentral/plugins.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/docs/meshcentral/plugins.md diff --git a/docs/docs/meshcentral/plugins.md b/docs/docs/meshcentral/plugins.md new file mode 100644 index 00000000..e9d664ff --- /dev/null +++ b/docs/docs/meshcentral/plugins.md @@ -0,0 +1,9 @@ +# Plugins + +## Installation + +1. Enable plugins in the configuration and restart MC as described. +2. Log into MC as full administrator. +3. Go my `My Server` -> `Plugins`, hit the Download plugin button. +4. A dialog opens requesting an URL, put in: +5. The plugin pops up in the plugin list below the download button, you can now configure and enable/disable it. From ddd344952a0a11a944443e470aa2816792bc5492 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:32:15 -0400 Subject: [PATCH 4/6] docs - adding folder for powerpoints --- docs/powerpoints/README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 docs/powerpoints/README.md diff --git a/docs/powerpoints/README.md b/docs/powerpoints/README.md new file mode 100644 index 00000000..159d630d --- /dev/null +++ b/docs/powerpoints/README.md @@ -0,0 +1 @@ +Please place Powerpoints and slides here \ No newline at end of file From 21939e82138f99ad423704a7250c4aac6e76ad3d Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:36:47 -0400 Subject: [PATCH 5/6] docs - adding agentlogdump reference https://github.com/Ylianst/MeshCentral/issues/4187 --- docs/docs/meshcentral/debugging.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/docs/meshcentral/debugging.md b/docs/docs/meshcentral/debugging.md index 7a81bc9a..ab6faa82 100644 --- a/docs/docs/meshcentral/debugging.md +++ b/docs/docs/meshcentral/debugging.md @@ -126,6 +126,16 @@ service meshcentral restart ## MeshAgent +### Agent Debug Logs to server + +This automatically downloads all agent error logs into `meshcentral-data/agenterrorlogs.txt` + +[Set](https://github.com/Ylianst/MeshCentral/blob/aa58afcc3a5d738177ab7a7b6d0228d72af82b85/meshcentral-config-schema.json#L100) in `config.json` + +```json +"agentLogDump": true +``` + ### Determine Agent capabilities On the server goto the agents console tab. Type: From 01a385d272edcf5e26a321b63ef16c4f971ff888 Mon Sep 17 00:00:00 2001 From: silversword411 Date: Thu, 30 Jun 2022 00:41:23 -0400 Subject: [PATCH 6/6] docs - adding help info https://github.com/Ylianst/MeshCentral/issues/4190 --- docs/docs/meshcentral/codesigning.md | 57 ++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/docs/docs/meshcentral/codesigning.md b/docs/docs/meshcentral/codesigning.md index 3934db9d..5cd7404a 100644 --- a/docs/docs/meshcentral/codesigning.md +++ b/docs/docs/meshcentral/codesigning.md @@ -6,6 +6,63 @@ Nodejs Code Signing module +MeshCentral comes with authenticode.js, you can run it like this: + +```bash +node node_modules/meshcentral/authenticode-js +``` + +and you will get + +``` +MeshCentral Authenticode Tool. +Usage: + node authenticode.js [command] [options] +Commands: + info: Show information about an executable. + --exe [file] Required executable to view information. + --json Show information in JSON format. + sign: Sign an executable. + --exe [file] Required executable to sign. + --out [file] Resulting signed executable. + --pem [pemfile] Certificate & private key to sign the executable with. + --desc [description] Description string to embbed into signature. + --url [url] URL to embbed into signature. + --hash [method] Default is SHA384, possible value: MD5, SHA224, SHA256, SHA384 or SHA512. + --time [url] The time signing server URL. + --proxy [url] The HTTP proxy to use to contact the time signing server, must start with http:// + unsign: Remove the signature from the executable. + --exe [file] Required executable to un-sign. + --out [file] Resulting executable with signature removed. + createcert: Create a code signging self-signed certificate and key. + --out [pemfile] Required certificate file to create. + --cn [value] Required certificate common name. + --country [value] Certificate country name. + --state [value] Certificate state name. + --locality [value] Certificate locality name. + --org [value] Certificate organization name. + --ou [value] Certificate organization unit name. + --serial [value] Certificate serial number. + timestamp: Add a signed timestamp to an already signed executable. + --exe [file] Required executable to sign. + --out [file] Resulting signed executable. + --time [url] The time signing server URL. + --proxy [url] The HTTP proxy to use to contact the time signing server, must start with http:// + +Note that certificate PEM files must first have the signing certificate, +followed by all certificates that form the trust chain. + +When doing sign/unsign, you can also change resource properties of the generated file. + + --filedescription [value] + --fileversion [value] + --internalname [value] + --legalcopyright [value] + --originalfilename [value] + --productname [value] + --productversion [value] +``` + ## Automatic Agent Code Signing If you want to self-sign the mesh agent so you can whitelist the software in your AV, and lock it to your server and organization.