Scribd Logo
Upload

Welcome to Scribd!

  • Sec Mode

    Uploaded by

    Ryan Morson
    291 views5 pages
    Secmode

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Secmode

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    291 views5 pages

    Sec Mode

    Uploaded by

    Ryan Morson
    Secmode

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    5742ZPUNTAU211> man secmode

    160114-17:49:26 169.254.1.1 11.0a RBS_NODE_MODEL_U_2_11 stopfile=/tmp/114080


    $ man secmode
    secmode(1)
    CPP Commands
    secmode(1)
    Name
    secmode - Set or show security mode for node access
    Synopsis
    secmode -a {s | u}
    secmode [-c {s | u}] [-d {s | u}] [-f {s | u}] [-t {s | u}] [-m {s |
    u}]
    secmode -s
    secmode -l {1 | 2 | a | c}
    Description
    The command turns Security ON or OFF for a number of access and
    troubleshooting services, changes the security level, or displays the
    security state of the node.
    The security level can be level 1, 2 or 3, where level 3 represents the
    highest security. At these three levels, the state (ON or OFF) of
    different access services is either non-configurable or may be
    configured, as described below:
    -

    Security level 1 - Corba Security is OFF. Other access services


    may be configured ON or OFF.

    Security level 2 - Corba Security is ON. Other access services


    may be configured ON or OFF.

    Security level 3 - Corba Security is ON. The Telnet and FTP


    servers are OFF. The target monitor may be configured ON or OFF.
    The file transfer client may be configured as FTP or SFTP. The
    debug server and the UDP link handler are OFF.

    There are two parameters that describe the security level of the node.
    The parameter, OperationalSecLevel represents the actual (current)
    security
    level,
    and
    the
    parameter, ConfiguredSecLevel (
    requestedSecurityLevel) indicates the wanted security level.
    In normal operation, these two parameters indicate the same security
    level, but if there is a fault, the node may have reverted to a lower
    (operational) security level than configured. This situation is caused
    by corrupt or missing security data, and an alarm is issued. Use the
    command secmode -l a to confirm the fault indication and to cease the
    alarm. Note the following:
    -

    Security
    level 3 is initialized
    setSecurityLevel3 in the Security MO.

    using

    the

    action,

    Some access and troubleshooting services cannot be activated in


    security level 3.

    At initial node startup, the node may enter an undefined

    security state ( levelundefined ) due to missing security


    configuration data. In this undefined state, configuration of
    security is inhibited, and the situation is resolved using the
    command, secmode-la.
    More information regarding configuration of Security can be found in
    the document, Security for O&M Node Access.
    Options
    -a

    Set security mode for all functions described below (-c, -d, -f,
    -m, -t).
    s - Secure.
    u - Unsecure.

    -c

    Corba Security (Default: OFF).


    Changing Corba Security also changes the security level (Corba
    Security OFF corresponds to level 1, Corba Security ON
    corresponds to level 2.)
    s - Secure (Corba security is ON).
    u - Unsecure (Corba security is OFF).

    -d

    Debug Server and UDP Link Handler (Default: OFF).


    s - Secure (debug server and UDP link handler are OFF).
    u - Unsecure (debug server and UDP link handler are ON).

    -f

    File Transfer Client , used for software upgrade, licensing etc.


    (Default: Unsecure).
    s - Secure (file transfer client uses SFTP).
    u - Unsecure (file transfer client uses FTP).

    -l

    Set the security level (Default: Level 1).


    1
    2
    a - Adapt the configured security level to the operational
    security level. Used to confirm a fault situation (Security is
    reverted to a lower level than requested) and to cease the
    related alarm.
    c - Confirm requested security level 3. Raising the security
    level is ordered by the Security MO and is confirmed using this
    shell command option.

    -m

    Target monitor (Default: OFF).


    s - Secure (target monitor is OFF).
    u - Unsecure (target monitor is ON).

    -s

    Display current Security settings.

    -t

    Telnet and FTP servers (Default: ON).


    s - Secure (Telnet and FTP servers are OFF).
    u - Unsecure (Telnet and FTP servers are ON).

    Printout
    Security settings display.
    When executing the command secmode -s , you get a printout as shown in
    section Examples, below.
    The parameter OperationalSecLevel represents the actual (current)
    security
    level,
    and
    the
    parameter
    ConfiguredSecLevel (
    requestedSecurityLevel) indicates the wanted security level.
    Possible values for OperationalSecLevel are: level1 , level2 ,
    level3unconfirmed , and level3 .
    Level3unconfirmed indicates that level 3 is active, but the node is
    waiting for a confirmation from the command shell. (Use secmode -l c )
    Possible values for ConfiguredSecLevel ( requestedSecurityLevel) are:
    level1 , level2 , level3 and levelundefined .
    The value, levelundefined indicates a problem reading stored security
    configuration data. All Security settings have been reverted to default
    values. Use the command secmode -l a to adapt ConfiguredSecLevel (
    requestedSecurityLevel) to OperationalSecLevel.
    Command return values.
    A successful change of security settings returns the following strings:
    Command returned: SECMODE_OK
    Command executed successfully.
    Other possible printouts when the command has failed are:
    Command returned: SECMODE_ALREADYSET
    The requested security mode was already set.
    Command returned: SECMODE_NOTALLOWED
    The requested secmode action was not allowed.
    See section, Description above for information on which access services
    are activated at different security levels.
    Failed to complete secmode command.
    Service not active on this MP

    Note that the command must be executed on the MP where the SSH_LM is
    active.
    Examples
    Display Security settings.
    $ secmode -s
    Security configuration settings:
    Access method
    Current security mode
    -------------------------------------------------------TelnetFtpServers
    unsecure, node internal Telnet
    and FTP servers are ON.
    TargetMonitor
    secure, node Target Monitor is
    OFF.
    DbgServerUdpLnh
    secure, Debug server and
    UDP Linkhandler are OFF.
    FileXferClient
    unsecure, node internal file
    transfer client uses FTP.
    CorbaSecurity
    secure, corba security is ON.
    OperationalSecLevel
    level 2
    ConfiguredSecLevel
    level 2
    --End settings------------------------------------------

    Activate CORBA Security.


    secmode -c s
    Note: JVM will be restarted automatically in order for
    updated corba security setting to take affect.
    Command returned: SECMODE_OK
    Command executed successfully

    Disable Telnet and FTP servers.


    secmode -t s
    Command returned: SECMODE_OK
    Command executed successfully
    Set security level 1.
    $ secmode -l 1
    Command returned: SECMODE_OK
    Command executed successfully
    Activate target monitor, debug server and UDP link handler.
    $ secmode -m u -d u
    Command returned: SECMODE_OK
    Command executed successfully
    Copyright
    (c) Ericsson AB 2006 - All Rights Reserved

    2/19080-CNX901521

    2006-02-03

    secmode(1)

    You might also like