From 5ff26a9bb0da6d0b0208add299bf8cac22447ee9 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Thu, 26 Mar 2026 09:32:59 +0100 Subject: [PATCH 1/3] feat(remote support) Enhance documentation with session management Added detailed instructions for session management, including starting, terminating, and extending sessions, as well as command line usage. --- remote_support.rst | 98 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) diff --git a/remote_support.rst b/remote_support.rst index 675a539e..3827dfbe 100644 --- a/remote_support.rst +++ b/remote_support.rst @@ -15,11 +15,107 @@ by Nethesis at ``sos.nethesis.it``. The firewall must be able to connect to the above host on port ``1194`` UDP. If port ``1194`` is closed, the system will try to fallback on port ``443`` TCP. +Session Management +================== + The remote support must be started and stopped by the firewall administrator. + +Starting a Session +------------------ + To start a session: - access the ``Subscription`` page and go to the ``Remote support`` section - click the :guilabel:`Start session` button - copy the ``Session ID`` and share it with the support team +- the session will be active for 24 hours by default + +The system will display: + +- The current session status (active/inactive) +- The session expiration time +- The remaining time until expiration + +Session Expiration +------------------ + +Remote support sessions have the following expiration behavior: + +- **Default session**: expires after 24 hours +- **Extended session**: expires after 7 days from the extension time +- **Automatic cleanup**: expired sessions are automatically stopped by the system + +The system continuously monitors session expiration: + +- A cron job runs every hour to check for expired sessions +- When a session expires, it is automatically stopped +- Session expiration events are logged to the system log + +.. note:: + The session expiration check ensures that remote access is automatically + terminated when the support window expires, maintaining security best practices. + +Session Status Information +-------------------------- + +The user interface displays the following session information: + +- **Session status**: Active or Not running +- **Session ID**: Unique identifier to share with support team +- **Expiration time**: When the session will automatically end + +You can view this information at any time in the ``Remote support`` section of the ``Subscription`` page. + +Terminating a Session +--------------------- + +To manually terminate an active session before it expires: + +- access the ``Subscription`` page and go to the ``Remote support`` section +- click the :guilabel:`End session` button +- the remote support connection will be immediately closed + +Command Line Interface +====================== + +Advanced users can manage remote support sessions using the ``don`` command from the firewall's command line. + +Start a session:: + + don start + +This will start a new remote support session with a 24-hour expiration. + +Check session status:: + + don status + +This displays the current session information including: + +- Server ID +- Session ID +- Time remaining until expiration + +Extend an active session:: + + don extend + +.. important:: + Session extension is only available via command line. This feature extends the session + from the default 24 hours to 7 days from the current time. + +Stop a session:: + + don stop + +This immediately terminates the remote support session and cleans up all resources. + +Check for expired sessions:: + + don expire + +This command is automatically run by cron every hour to check if the session has expired. +If the session has expired, it will be automatically stopped. -To terminate the session, click the :guilabel:`End session` button. +.. note:: + The ``don`` command requires root privileges and logs all operations to the system log. From aaa92ebe7233a7ac0f36a03c4529965f85b4cb2c Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Thu, 26 Mar 2026 11:22:45 +0100 Subject: [PATCH 2/3] Apply suggestions from gsanchietti review Co-authored-by: Giacomo Sanchietti --- remote_support.rst | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) diff --git a/remote_support.rst b/remote_support.rst index 3827dfbe..0cfe8ba5 100644 --- a/remote_support.rst +++ b/remote_support.rst @@ -15,12 +15,12 @@ by Nethesis at ``sos.nethesis.it``. The firewall must be able to connect to the above host on port ``1194`` UDP. If port ``1194`` is closed, the system will try to fallback on port ``443`` TCP. -Session Management +Session management ================== The remote support must be started and stopped by the firewall administrator. -Starting a Session +Starting a session ------------------ To start a session: @@ -36,14 +36,15 @@ The system will display: - The session expiration time - The remaining time until expiration -Session Expiration +You can view this information at any time in the ``Remote support`` section of the ``Subscription`` page. + +Session expiration ------------------ Remote support sessions have the following expiration behavior: - **Default session**: expires after 24 hours - **Extended session**: expires after 7 days from the extension time -- **Automatic cleanup**: expired sessions are automatically stopped by the system The system continuously monitors session expiration: @@ -51,22 +52,8 @@ The system continuously monitors session expiration: - When a session expires, it is automatically stopped - Session expiration events are logged to the system log -.. note:: - The session expiration check ensures that remote access is automatically - terminated when the support window expires, maintaining security best practices. - -Session Status Information --------------------------- - -The user interface displays the following session information: - -- **Session status**: Active or Not running -- **Session ID**: Unique identifier to share with support team -- **Expiration time**: When the session will automatically end - -You can view this information at any time in the ``Remote support`` section of the ``Subscription`` page. -Terminating a Session +Terminating a session --------------------- To manually terminate an active session before it expires: @@ -78,7 +65,7 @@ To manually terminate an active session before it expires: Command Line Interface ====================== -Advanced users can manage remote support sessions using the ``don`` command from the firewall's command line. +The ``don`` command requires root privileges and logs all operations to the system log. Start a session:: @@ -102,7 +89,7 @@ Extend an active session:: .. important:: Session extension is only available via command line. This feature extends the session - from the default 24 hours to 7 days from the current time. + from the default 24 hours to 7 days starting since the current time. Stop a session:: @@ -117,5 +104,3 @@ Check for expired sessions:: This command is automatically run by cron every hour to check if the session has expired. If the session has expired, it will be automatically stopped. -.. note:: - The ``don`` command requires root privileges and logs all operations to the system log. From 8e1632ca5e163603b453b87f4843a5c8d25d5b03 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Fri, 27 Mar 2026 10:56:42 +0100 Subject: [PATCH 3/3] feat(remote support) Add log examples for session management --- remote_support.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/remote_support.rst b/remote_support.rst index 0cfe8ba5..21126278 100644 --- a/remote_support.rst +++ b/remote_support.rst @@ -104,3 +104,8 @@ Check for expired sessions:: This command is automatically run by cron every hour to check if the session has expired. If the session has expired, it will be automatically stopped. +Log examples:: + + Mar 27 09:24:37 NethSec don: Remote support session started + Mar 27 09:24:54 NethSec don: Remote support session extended by 7 days + Mar 27 09:25:04 NethSec don: Remote support session stopped \ No newline at end of file