Command Line Tool - sandromello/themis-py GitHub Wiki

tmscli is a command line tool for configuring themis, configuring and managing redis manually is not recommended, the command line tool has all the commands needed for administrating and managing the redis server for Themis.

Overview

With tmscli you can

  • Create, view, modify and delete several policies with custom attributes
  • Create, view, modify and delete groups that belongs to one or more policies
  • Create, view, modify and delete pool of servers
  • Create, modify and delete action headers
  • Create, view, modify and delete features
  • Create, view, modify metadata
  • Search keys by wildcard
  • Delete keys by wildcard
  • Flush a redis server
  • Resync the global configuration on runtime
  • Configure a remote redis from your local machine
  • List in json format

More info about each item of tmscli, check the Definitions page

Policies - Examples

# Add a new policy with default attributes, this will match all messages sent and received
tmscli -a --policy mypolicy Source any Destination any

# Add a new policy with one custom attribute
tmscli -a --policy mycustompolicy Source any Destination any JailBy Sender+

# Add a new policy that will rate limit for 1 minute after sending 2 messages 
tmscli -a --policy blockpolicy Source any Destination any JailBy Sender+ JailAction block JailSpec 2:60

# View policies in json format
tmscli -g --policy mycustompolicy mypolicy --json
# OR
tmscli -g --policy all

# Modify policy 
tmscli -m --policy mycustompolicy JailBy SASLUsername JailAction block

# Delete policies
tmscli -d --policy mycustompolicy mypolicy blockpolicy

# Show policy help
tmscli --help policy

Group - Examples

# Add a new group named outbound_domains with @mydomain.tld and mydomain02.tld, this group could be used in Destination policy
tmscli -a --group outbound_domains '@mydomain.tld @mydomain02.tld'

# Add a new group named source_group to match with source option policy, include an account, domain and an ip address
tmscli -a --group source_group '[email protected] @mydomain.tld 192.168.1.120/32'

# Edit a group and include more members
tmscli -m --group source_group '192.168.2.0/24'

# Remove a particular member from a group
tmscli -m --group source_group '192.168.1.120/32' --remove

# List members of groups
tmscli -g --group source_group outbound_domains
# OR
tmscli -g --group all

# Set a new policy within the groups created previously
tmscli -a --policy mypolicy Source source_group Destination outbound_domains

# Deleting groups
tmscli -d --group outbound_domains source_groups

# Ops... First we need to delete the policy associate to the group or change it...
tmscli -m --policy mypolicy Source any Destination any

# ... Then we remove the groups
tmscli -d --group outbound_domains source_groups

# Show policy help
tmscli --help group

Pool - Examples

# Add a new pool named outbound within servers server01.tld and server02.tld and associate with a policy
tmscli -a --pool outbound 'server01.tld server02.tld'
tmscli -a --policy outbound:default Source any Destination any

# Add a new server (server3.tld) and remove one server (server2.tld) from the pool
tmscli -m --pool outbound 'server03.tld'
tmscli -m --pool outbound 'server03.tld' --remove

# List outbound pool
tmscli -g --pool outbound

# Remove outbound pool
tmscli -d --pool outbound

# Ops... we need to remove the policy associate with the pool first...
tmscli -d --policy outbound:default

# Then... remove it...
tmscli -d --pool outbound

Action Headers - Examples

# Create a new policy
tmscli -a --policy default Source any Destination any

# Configure a new action header to a policy named 'default'
# It will add two headers (X-Spam-Flag and X-New-Flag) to the message if the header Received-SPF with value 'fail' is found
tmscli -a --actionheaders default Received-SPF 'fail' X-Spam-Flag YES X-New-FLAG NO

# Change the action header, change the value of Received-SPF to softfail and remove the X-New-FLAG header
tmscli -m --actionheaders default Received-SPF 'softfail' X-Spam-Flag YES 

# List action headers
tmscli -g --policy default

# Remove action header Received-SPF
tmscli -d --actionheaders default Received-SPF

# Remove all headers
tmscli -d --actionheaders default --clear

Features - Examples

# Configure a global features in redis server
tmscli -a --features global

# Configure a new policy
tmscli -a --policy mypolicy Source any Destination any

# Create new custom features and associate with policy name 'mypolicy'
tmscli -a --features mypolicy

# Change configuration from 'mypolicy' feature
# Lists must be passed as literal strings
tmscli -m --features mypolicy global_conditions '[1, 50](/sandromello/themis-py/wiki/1,-50)'
tmscli -m --features mypolicy feederFeaturesEnabled TRUE

# List configured features
tmscli -g --features mypolicy global

# List features and all types
tmscli -g --features list

# Delete a custom feature
tmscli -d --features mypolicy

Metadata - Examples

# Set a new metadata, must use the correct namespace to match
tmscli -a --metadata AI:metadata:[email protected]

# Change a metadata key, configure a block for an object
tmscli -m --metadata AI:metadata:[email protected] manual_block TRUE

# List configured keys in namespace 'AI:metadata:[email protected]'
tmscli -g --metadata AI:metadata:[email protected]

# Delete - Check utility examples bellow

Utility - Examples

# List keys using wildcard.
tmscli -g --search AI:metadata:*mydomain*

# Delete keys by wildcard
tmscli -d --del-lookup AI:metadata:*mydomain*

# Flush redis database, will prompt for confirmation
tmscli -d --flushdb

# Flush redis database, will NOT prompt for confirmation
tmscli -f --flushdb

# Configure tmscli to run locally, in case of missing config.yaml. Obs: redis without password
tmscli -a --remote localhost

# Resync features. Will use config:themis:features:global instead of config.yaml, fallback to configuration file in case of missing key
tmscli -a --resync