Deployment and Installation CenterWebsense TRITON Enterprise v7.6.x
Deployment and Installation Center
|
|
|
|
Data Security Protector CLI
|
A command-line interpreter (also known as a command-line shell) is a computer program that reads lines of text entered by a user and interprets them in the context of a given operating system or programming language.Command-line interpreters allow users to issue various commands in a very efficient way. This requires the user to know the names of the commands and their parameters, and the syntax of the language that is interpreted.This chapter describes the command line interpreter (CLI) for the Linux-based Data Security Protector.The CLI can be used after initial installation to modify the settings configured by the wizard as well as configure other protector parameters. Log in using the admin or root user (other users can also be defined). Note that admin users are limited and not all Linux shell commands are available to them.If using a serial port console, configure your terminal application, such as HyperTerminal or TeraTerm, as follows:Connect to port 22 with the SSH tool of your choice and use the credentials you set to access the protector CLI. It is impossible to access the protector using SSH before running the wizard for the first time, as it has irrelevant default network settings.
Websense1 login:
dns: Configure or show DNS server(s) Usage: dns [list | delall] dns [{add | del} <ipaddr>]
This is Websense Content Protector 7.5.1.009, Policy Engine 7.5.1.9 (Appliance 7.5.1.009)
21-Feb-2006
-h displays a short usage message HH:MM:SS HH is the hour [00 to 24]
MM is the minutes [00 to 59]
SS is the seconds [00 to 59]
In the event that minutes and/or seconds are not entered, they are considered 00.
17:55:03
memory: displays the protector memory usage information.
network: displays the protector's network settings including hostname, domain name, IP address and routing table.
diag: creates a diagnostic file to be used by Websense technical services.
uptime: displays the amount of time the protector has been up and operational.
features: lists all the possible features available on this protector and what they can do (monitor or block)
hardware: displays hardware information including which network cards are installed.
stats: displays traffic statistis for each protocol being monitored; this is useful to verify the operational status of the Protector.
stats reset: resets all statistics counters to zero.
Processor 1: 1.3% loaded (98.7% idle) Websense1# info memory
Free physical memory 8.7%
count: how many times the statistics snapshot should be taken.
delall: deletes all DNS servers set in the protector
add: adds a DNS server specified by its IP address to the protector
del: deletes the DNS server denoted by the specified IP address
delall: deletes all default domain names set in the protector
add: adds a default domain name specified by domain to the protectorUse the -m switch to set a domain as main. The main domain is the domain that the protector is actually is a member of. Without the –m switch a 'search domain' is created. For the protector to resolve a domain this domain is searched as well. There may be many 'search domains' but only one main domain.del: deletes the default domain name denoted by domain from the protector
list: shows the configured default gateway.
delete: deletes the defined default gateway.Please note that if this command is run from a remote SSH session, the session may terminate.
iface ifname [ip ipaddr] [prefix prefix] [bcast bcastaddr] [speed speed] [duplex duplex] [mgmt] [enable|disable] [descr description]
prefix: network mask of the interface. For example: 24 (will assign 255.255.255.0 mask to the interface)
bcast: broadcast address of the interface. For example: for an interface with the IP address 192.168.1.1/24, the broadcast address is usually 192.168.1.255.
speed: interface link speed. Available speeds: auto, 10, 100, 1000
duplex: interface link duplex. Available duplex options: auto, half, full
mgmt: sets the interface as the management interface of the protector. The previously defined management interface can no longer be used for management purposes.
enable, disable: enables or disables the interface (default is enable)
descr: assigns a short description for the interface. Note that if the description contains spaces, it must be enclosed within quotation marks ("").
route add {destination network | destination ip} {via ip | dev device}
route del {destination network | destination ip} {via ip | dev device}
add: adds a route to a network or IP
del: deletes a route to a network or IP
user del {username}
user mod {username} [profile {profile}] [pwd {new password}]
user list
admin: all commands are allowed
netadmin: only networking related commands are allowed
policyadmin: only the policy command is allowed
del: delete a user
mod: modify a user's profile and/or password
list: display a list of all defined users and their profiles
set: defines a list of monitored networks
delete: deletes previously set filter rules
|
|
|
|
|
Data Security Protector CLI
|
