Professional Documents
Culture Documents
There are two parameters that describe the security level of the node.
The parameter, OperationalSecLevel represents the actual (current)
security
level,
and
the
parameter, ConfiguredSecLevel (
requestedSecurityLevel) indicates the wanted security level.
In normal operation, these two parameters indicate the same security
level, but if there is a fault, the node may have reverted to a lower
(operational) security level than configured. This situation is caused
by corrupt or missing security data, and an alarm is issued. Use the
command secmode -l a to confirm the fault indication and to cease the
alarm. Note the following:
-
Security
level 3 is initialized
setSecurityLevel3 in the Security MO.
using
the
action,
Set security mode for all functions described below (-c, -d, -f,
-m, -t).
s - Secure.
u - Unsecure.
-c
-d
-f
-l
-m
-s
-t
Printout
Security settings display.
When executing the command secmode -s , you get a printout as shown in
section Examples, below.
The parameter OperationalSecLevel represents the actual (current)
security
level,
and
the
parameter
ConfiguredSecLevel (
requestedSecurityLevel) indicates the wanted security level.
Possible values for OperationalSecLevel are: level1 , level2 ,
level3unconfirmed , and level3 .
Level3unconfirmed indicates that level 3 is active, but the node is
waiting for a confirmation from the command shell. (Use secmode -l c )
Possible values for ConfiguredSecLevel ( requestedSecurityLevel) are:
level1 , level2 , level3 and levelundefined .
The value, levelundefined indicates a problem reading stored security
configuration data. All Security settings have been reverted to default
values. Use the command secmode -l a to adapt ConfiguredSecLevel (
requestedSecurityLevel) to OperationalSecLevel.
Command return values.
A successful change of security settings returns the following strings:
Command returned: SECMODE_OK
Command executed successfully.
Other possible printouts when the command has failed are:
Command returned: SECMODE_ALREADYSET
The requested security mode was already set.
Command returned: SECMODE_NOTALLOWED
The requested secmode action was not allowed.
See section, Description above for information on which access services
are activated at different security levels.
Failed to complete secmode command.
Service not active on this MP
Note that the command must be executed on the MP where the SSH_LM is
active.
Examples
Display Security settings.
$ secmode -s
Security configuration settings:
Access method
Current security mode
-------------------------------------------------------TelnetFtpServers
unsecure, node internal Telnet
and FTP servers are ON.
TargetMonitor
secure, node Target Monitor is
OFF.
DbgServerUdpLnh
secure, Debug server and
UDP Linkhandler are OFF.
FileXferClient
unsecure, node internal file
transfer client uses FTP.
CorbaSecurity
secure, corba security is ON.
OperationalSecLevel
level 2
ConfiguredSecLevel
level 2
--End settings------------------------------------------
2/19080-CNX901521
2006-02-03
secmode(1)