Manuals / Black Box / Marine Equipment / Marine Safety Devices

Black Box 1102, Secure Device Servers, 1101 manual

Models: 1101 1102 Secure Device Servers

1 164

Download 164 pages 30.63 Kb

Page 142

1101 and 1102 Secure Device Servers

To save the configuration:

# /etc/scripts/backup-usb save config-20May

To check if the backup was saved correctly:

# /etc/scripts/backup-usb list

If this command does not display "* config-20May"then there was an error saving the configuration.

The set-default command takes an input file as an argument and renames it to "default.opg". This default configuration remains stored on the USB disk. The next time you want to load the default config, it will be sourced from the new default.opg file. To set a config file as the default:

# /etc/scripts/backup-usb set-default config-20May

To load this default:

# /etc/scripts/backup-usb load-default

To load any other config file:

# /etc/scripts/backup-usb load {filename}

The /etc/scripts/backup-usbscript can be executed directly with various COMMANDS or called from other custom scripts you may create. We recommend that you do not customize the /etc/scripts/backup-usbscript itself at all.

If you do not have a USB port on your console server, you can back up the configuration to an off-box file. Before backing up you need to arrange a way to transfer the backup off-box. This could be via an NFS share, a Samba (Windows) share to USB storage, or copied off-box via the network. If backing up directly to off-box storage, make sure it is mounted.

/tmp is not a good location for the backup except as a temporary location before transferring it off-box. The /tmp directory will not survive a reboot. The /etc/config directory is not a good place either, because it will not survive a restore.

Backup and restore should be done by the root user to make sure correct file permissions are set. The config command is used to create a backup tarball:

config -e <Output File>

The tarball will be saved to the indicated location. It will contain the contents of the /etc/config/ directory in an uncompressed and unencrypted form.

Example nfs storage:

# mount -t nfs 192.168.0.2:/backups /mnt # config -e /mnt/les4108.config # umount/mnt/

Example transfer off-box via scp:

#config -e /tmp/les4108.config

#scp /tmp/les4108.config 192.168.0.2:/backups

The config command is also used to restore a backup:

config -i <Input File>

This will extract the contents of the previously created backup to /tmp, and then synchronize the /etc/config directory with the copy in /tmp.

One problem that can crop up here is that there is not enough room in /tmp to extract files to. The following command will temporarily increase the size of /tmp:

mount -t tmpfs -o remount,size=2048k tmpfs /var

If restoring to either a new unit or one that has been factory defaulted, make sure that the process generating SSH keys either stops or completes before restoring configuration. If this is not done, then a mix of old and new keys may be put in place. SSH uses these keys to avoid man-in-the- middle attacks. Logging in may be disrupted.

142	724-746-5500 blackbox.com

Image 142

Black Box 1102, Secure Device Servers, 1101 manual

Contents

1102 Secure Device Servers 1102 Secure Device Servers Normas Oficiales Mexicanas NOM Electrical Safety Statement FCC and IC RFI StatementsTrademarks Used in this Manual Table of Contents SMS Alerts Snmp Alerts Local Authentication Tacacs AuthenticationAdd a New Alert 108 106107 110Pmpower Tool Installing the Key and CertificatePowerMan Tool FingerprintingSpecifications SpecificationsManual Organization Overview 2.1 IntroductionTypes of Users Management Console OverviewHardware Description 2.5.1 LES1101A Front Panel Ethernet Connectivity LED Number Component Description DB9 connector2 LES1101A Back Panel RJ-45 Ethernet ActivityLED right side of connector Ethernet Activity LED Number Component Description Barrel connector PowerLED left side of connector Ethernet Connectivity LED 3 LES1102A Front Panel1 LES1101A What’s Included2 LES1102A Power Connection InstallationInstallation Network ConnectionNon RS-232 Serial Port Pinouts- LES1102A RX+ TX+ +VIN Non RS-232 Serial Port Pinouts- LES1101A+3V TX +Connected PC/Workstation Setup System ConfigurationManagement Console Connection System Configuration Browser connectionAdministrator Password Network IP Address System Services IPv6 configurationSystem Services screen Communications Software SDT ConnectorSDT connector SSH encrypted Forwarded toPuTTY SSHTermSerial Port, Host, Device, and User Configuration Configure Serial PortsSerial Port, Host, Device, and User Configuration Common SettingsConsole Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Terminal Server Mode Device RPC, UPS, EMD ModeSerial Bridging Mode Syslog Local Ethernet LAN LES1102A COM portAdd/ Edit Users Serial Port, Host, Device, and User Configuration Authentication Network HostsTrusted Networks Serial Port RedirectionManaged Devices LES1102A Retail data systemsSerial Port, Host, Device, and User Configuration Secure Local Secure SSH Tunneling and SDT ConnectorLES1102A Serial Connected SDT Connector Client Configuration Secure SSH Tunneling and SDT ConnectorConfiguring for SSH Tunneling to Hosts SDT Connector installation1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Manually Adding Hosts to the SDT Connector Gateway Make an SDT Connection through the Gateway to a HostManually Adding New Services to the New Hosts 10. Clients1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK SDT Connector to Management Console 17. Edit SDT host screen1102 Secure Device Servers Secure SSH Tunneling and SDT Connector SDT Connector Public Key Authentication Importing and Exporting PreferencesSetting up SDT for Remote Desktop Access Configure the Remote Desktop Connection Client 23. Remote Desktop Users dialog boxComputer, enter the appropriate IP Address and Port Number Use -p to receive password promptGeometry width x height or 70% screen percentage SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server SSH Tunneling Using other SSH Clients for example, PuTTY Address of port01. Then select the RDP Service check box1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Alerts and Logging Configure SMTP/SMS/SNMP/Nagios Alert ServiceAlerts and Logging Email AlertsSnmp Alerts SMS AlertsSelect Alerts & Logging Snmp Nagios Alerts Activate Alert Events and NotificationsConfiguring General Alert Types Add a New AlertSerial port signal alert Configuring Power Alert Type This alert type monitors UPSes, RPCs, and power devicesSerial Port Logging Remote Log StorageNetwork TCP or UDP Port Logging 1102 Secure Device Servers Remote Power Control RPC Power ManagementPower Management RPC Connection1102 Secure Device Servers RPC Access Privileges and Alerts User Power ManagementRPC Status Uninterruptible Power Supply Control UPSTurn on Turn OFF Cycle Status Managed UPS Connections Serial, USB, or Network Connections ManagedAs Device Type UPS and clicking Apply Click Add Managed UPSPower Management Remote UPS Management UPS Alerts Controlling UPS Powered ComputersUPS Status Overview of Network UPS Tools NUT 12. Log tableRefer to 1102 Secure Device Servers Local Authentication AuthenticationAuthentication Configuration Tacacs AuthenticationRadius Authentication Enter the Server PasswordLdap Authentication RADIUS/TACACS User ConfigurationPamldap PAM Pluggable Authentication ModulesPamtacplus Radius ExampleSSL Certificate SSL certificates screenCommon name Challenge PasswordConfirm Challenge Password Organizational UnitUpload button Nagios Integration LES1102A Network Managed hosts ServicesNagios Overview Nagios Integration Central Management and Setting Up SDT for NagiosDistributed console servers Black Box console servers Setup Central Nagios Server Setup Distributed Console ServersDescription enter Administrator connection Enable Nagios on the Console Server Configuring Nagios Distributed MonitoringSelect Users & Groups from the Serial & Network menu LES1102A Serial Check Nagios Enable Nrpe MonitoringEnable Nsca Monitoring Tunneled SSH LES1102A Sendncsa Program/script NagiosConfigure Selected Network Hosts for Nagios Monitoring Configure Selected Serial Ports for Nagios MonitoringConfigure the Upstream Nagios Monitoring Host Define service Commandname checknrpedaemon CommandlineCommandname checkserialstatus Commandline Hostname Server Use Generic-serviceActivechecksenabled Passivechecksenabled Define service Servicedescription port-log-serverServer Use Generic-service CheckportlogBasic Nagios Plug-Ins Number of Supported DevicesUsing Nagios in a local office Remote site Distributed Monitoring Usage ScenariosRemote site with restrictive firewall System Administration and Reset System ManagementUpgrade Firmware System ManagementConfigure Date and Time Configuration Backup109 Status Reports Port Access and Active UsersSelect the Status Port Access StatisticsStatus Reports Support ReportsDashboard Select Status SyslogConfiguring the Dashboard Configure dashboard screenCreating Custom Widgets for the Dashboard Echo tableDevice Management ManagementManagement Port and Host LogsSerial Port Terminal Connection Select Manage TerminalSelect Manage Power Configuration from the Command Line Accessing config from the Command Line# config -g config.users.user1.description Configuration from the Command LineConfig tool # config -g configSerial Port Configuration Device Mode SDT modeSyslog settings Terminal server modeSerial bridge mode Adding and Removing Users# ./delete-node config.users.user2 # config -r usersAdding and Removing User Groups # config -g config.groups.total# config -a # rmuser Group7# config -g config.sdt.hosts.total List of remote authentiction and authorization servers# config -r auth # config -s config.sdt.hosts.total=4# config -hosts Log level for services# config -g config.devices.total # config -g config.portaccess.totalCascaded Ports # config -s config.cascade.slaves.total=1# config -r cascade UPS ConnectionsRPC Connections # config -s config.ups.monitors.total=1# config -d config.ups.monitors.monitor1 Remote UPSesPort Log # config -d config.devices.device8To configure serial/network port logging To delete the above managed deviceAlerts General settings for all alertsSignal Alert Connection Alert# config -r alerts UPS Power Status AlertPower Sensor Alert Smtp and SMSIP Settings AdministrationSnmp Date and Time Settings # config -r time ServicesDhcp Server To configure Nrpe with following settings Nrpe port Enable SDT for Nagios ext Enabled SDT gateway addressPrefer Nrpe over Nsca Disabled defaults to Disabled Nagios ! Advanced ConfigurationBin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 NEWTOTAL=$ $TOTAL Echo Warning $TOTALNODE greater than number of itemsAdd the following line to rc.local # loop indefinitely While true do Usage /etc/scripts/backup-usb Command File # configEtc/config/scripts/config-post # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 To set the Manager Address field Config --set config.system.snmp.address2=w.x.y.zConfig --set config.system.snmp.trapport2=162 To set the Community field Snmp version 1 and 2c only$&$ $& ! $&% ! #$ Chown fred /etc/config/users/fred/.ssh/authorizedkeys#$! $ mkdir keys $ ssh-keygen -t rsaHttp//openssh.org/portable.html Http//www openbsd.org/cgi-bin/man.cgi?query=sshd ! OpenSSH Windows http//sshwindows.sourceforge.net/download Ab7e33bd85505a430be0bd433f1ca5f8 # ssh remhost Offending key in /.ssh/knownhosts1 Client KeysAuthorized Keys Uploading Keys +- ! !$ % !!#% #$! #$ #% Target Specification Powerstrip Powerstrip IdName or ID of the device support/id Targetaddress PpasswordPport Username#%& #Add a group or add an user to a group Add an user Appendix a Linux Commands and Source CodeAppendix A. Linux Commands and Source Code GNU Bourne-Again ShellIp6tables LoginReboot Iptables-saveSmbmnt VconfigSleep Smbmount164