| Black Box Secure Device Servers

1101 and 1102 Secure Device Servers

portmanager daemon

There is normally no need to stop and restart the daemon. To restart the daemon normally, just run the command:

# portmanager
Supported command line options are:
Force portmanager to run in the foreground:	--nodaemon
Set the level of debug logging:	--loglevel={debug,info,warn,error,alert}
Change which configuration file it uses:	-c /etc/config/portmanager.conf

Signals

Sending a SIGHUP signal to the portmanager will cause it to re-read its configuration file.

The portmanager can execute external scripts on certain events.

When the portmanager opens a port:

It attempts to execute /etc/config/scripts/portXX.init (where XX is the number of the port, e.g. 08). The script is run with STDIN and STDOUT both connected to the serial port.

If the script cannot be executed, then portmanager will execute /etc/config/scripts/portXX.chat via the chat command on the serial port.

When an alert occurs on a port:

The portmanager will attempt to execute /etc/config/scripts/portXX.alert (where XX is the port number, for example, 08)

The script is run with STDIN containing the data which triggered the alert, and STDOUT redirected to /dev/null, NOT to the serial port. If you want to communicate with the port, use pmshell or pmchat from within the script.

If the script cannot be executed, then the alert will be mailed to the address configured in the system administration section.

When a user connects to any port:

If a file called /etc/config/pmshell-start.shexists it is run when a user connects to a port. It is provided 2 arguments, the "Port number" and the "Username". Here is a simple example:

</etc/config/pmshell-start.sh > #!/bin/sh

PORT="$1"

USER="$2"

echo "Welcome to port $PORT $USER" < /etc/config/pmshell-start.sh>

The return value from the script controls whether the user is accepted or not, if 0 is returned (or nothing is done on exit as in the above script) the user is permitted, otherwise the user is denied access.

Here is a more complex script which reads from configuration to display the port label if available and denies access to the root user:

</etc/config/pmshell-start.sh> #!/bin/sh

PORT="$1"

USER="$2"

LABEL=$(config -g config.ports.port$PORT.label cut -f2- -d' ') if [ "$USER" == "root" ]; then

echo "Permission denied for Super User" exit 1

fi

if [ -z "$LABEL" ]; then

echo "Welcome $USER, you are connected to Port $PORT" else

echo "Welcome $USER, you are connected to Port $PORT ($LABEL)"

144	724-746-5500 blackbox.com

Image 144

Black Box Secure Device Servers , Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2

Contents

1102 Secure Device Servers 1102 Secure Device Servers Normas Oficiales Mexicanas NOM Electrical Safety Statement FCC and IC RFI Statements Trademarks Used in this Manual Table of Contents Local Authentication Tacacs Authentication SMS Alerts Snmp AlertsAdd a New Alert 106 107108 110 Installing the Key and Certificate PowerMan ToolPmpower Tool Fingerprinting Specifications Specifications Overview 2.1 Introduction Manual OrganizationTypes of Users Overview Management ConsoleHardware Description 2.5.1 LES1101A Front Panel Number Component Description DB9 connector 2 LES1101A Back PanelEthernet Connectivity LED RJ-45 Ethernet Activity Number Component Description Barrel connector Power LED left side of connector Ethernet Connectivity LEDLED right side of connector Ethernet Activity LED 3 LES1102A Front Panel What’s Included 1 LES1101A2 LES1102A Installation InstallationPower Connection Network Connection Non RS-232 Serial Port Pinouts- LES1102A Non RS-232 Serial Port Pinouts- LES1101A +3VRX+ TX+ +VIN TX + System Configuration Connected PC/Workstation SetupManagement Console Connection System Configuration Browser connection Administrator Password Network IP Address System Services IPv6 configuration System Services screen SDT Connector SDT connector SSH encryptedCommunications Software Forwarded to PuTTY SSHTerm Serial Port, Host, Device, and User Configuration Configure Serial Ports Serial Port, Host, Device, and User Configuration Common Settings Console Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Device RPC, UPS, EMD Mode Terminal Server ModeSerial Bridging Mode Syslog Local Ethernet LAN LES1102A COM port Add/ Edit Users Serial Port, Host, Device, and User Configuration Authentication Network Hosts Trusted Networks Serial Port Redirection Managed Devices LES1102A Retail data systems Serial Port, Host, Device, and User Configuration Secure SSH Tunneling and SDT Connector Secure LocalLES1102A Serial Connected Secure SSH Tunneling and SDT Connector Configuring for SSH Tunneling to HostsSDT Connector Client Configuration SDT Connector installation 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Manually Adding Hosts to the SDT Connector Gateway Make an SDT Connection through the Gateway to a Host Manually Adding New Services to the New Hosts 10. Clients 1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK SDT Connector to Management Console 17. Edit SDT host screen 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector SDT Connector Public Key Authentication Importing and Exporting Preferences Setting up SDT for Remote Desktop Access Configure the Remote Desktop Connection Client 23. Remote Desktop Users dialog box Use -p to receive password prompt Computer, enter the appropriate IP Address and Port NumberGeometry width x height or 70% screen percentage SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server SSH Tunneling Using other SSH Clients for example, PuTTY Address of port01. Then select the RDP Service check box 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Configure SMTP/SMS/SNMP/Nagios Alert Service Alerts and LoggingAlerts and Logging Email Alerts SMS Alerts Snmp AlertsSelect Alerts & Logging Snmp Nagios Alerts Activate Alert Events and Notifications Configuring General Alert Types Add a New Alert Serial port signal alert Configuring Power Alert Type This alert type monitors UPSes, RPCs, and power devices Remote Log Storage Serial Port LoggingNetwork TCP or UDP Port Logging 1102 Secure Device Servers Power Management Power ManagementRemote Power Control RPC RPC Connection 1102 Secure Device Servers RPC Access Privileges and Alerts User Power Management Uninterruptible Power Supply Control UPS RPC StatusTurn on Turn OFF Cycle Status Managed UPS Connections Serial, USB, or Network Connections Managed As Device Type UPS and clicking Apply Click Add Managed UPS Power Management Remote UPS Management Controlling UPS Powered Computers UPS AlertsUPS Status Overview of Network UPS Tools NUT 12. Log table Refer to 1102 Secure Device Servers Authentication Authentication ConfigurationLocal Authentication Tacacs Authentication Radius Authentication Enter the Server Password Ldap Authentication RADIUS/TACACS User Configuration PAM Pluggable Authentication Modules PamtacplusPamldap Radius Example SSL Certificate SSL certificates screen Challenge Password Confirm Challenge PasswordCommon name Organizational Unit Upload button LES1102A Network Managed hosts Services Nagios IntegrationNagios Overview Central Management and Setting Up SDT for Nagios Nagios IntegrationDistributed console servers Black Box console servers Setup Central Nagios Server Setup Distributed Console Servers Description enter Administrator connection Configuring Nagios Distributed Monitoring Enable Nagios on the Console ServerSelect Users & Groups from the Serial & Network menu Enable Nrpe Monitoring Enable Nsca MonitoringLES1102A Serial Check Nagios Tunneled SSH LES1102A Sendncsa Program/script Nagios Configure Selected Serial Ports for Nagios Monitoring Configure Selected Network Hosts for Nagios MonitoringConfigure the Upstream Nagios Monitoring Host Commandname checknrpedaemon Commandline Commandname checkserialstatus CommandlineDefine service Hostname Server Use Generic-service Define service Servicedescription port-log-server Server Use Generic-serviceActivechecksenabled Passivechecksenabled Checkportlog Basic Nagios Plug-Ins Number of Supported Devices Using Nagios in a local office Remote site Distributed Monitoring Usage Scenarios Remote site with restrictive firewall System Administration and Reset System Management Upgrade Firmware System Management Configure Date and Time Configuration Backup 109 Port Access and Active Users Select the Status Port AccessStatus Reports Statistics Status Reports Support Reports Dashboard Select Status Syslog Configuring the Dashboard Configure dashboard screen Creating Custom Widgets for the Dashboard Echo table Management ManagementDevice Management Port and Host Logs Serial Port Terminal Connection Select Manage Terminal Select Manage Power Configuration from the Command Line Accessing config from the Command Line Configuration from the Command Line Config tool# config -g config.users.user1.description # config -g config Serial Port Configuration Device Mode SDT mode Terminal server mode Serial bridge modeSyslog settings Adding and Removing Users # ./delete-node config.users.user2 # config -r users # config -g config.groups.total # config -aAdding and Removing User Groups # rmuser Group7 List of remote authentiction and authorization servers # config -r auth# config -g config.sdt.hosts.total # config -s config.sdt.hosts.total=4 Log level for services # config -g config.devices.total# config -hosts # config -g config.portaccess.total # config -s config.cascade.slaves.total=1 # config -r cascadeCascaded Ports UPS Connections # config -s config.ups.monitors.total=1 # config -d config.ups.monitors.monitor1RPC Connections Remote UPSes # config -d config.devices.device8 To configure serial/network port loggingPort Log To delete the above managed device General settings for all alerts Signal AlertAlerts Connection Alert UPS Power Status Alert Power Sensor Alert# config -r alerts Smtp and SMS Administration IP SettingsSnmp Date and Time Settings Services # config -r timeDhcp Server Enable SDT for Nagios ext Enabled SDT gateway address Prefer Nrpe over Nsca Disabled defaults to DisabledTo configure Nrpe with following settings Nrpe port Nagios Advanced Configuration ! Bin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 NEWTOTAL=$ $TOTAL Echo Warning $TOTALNODE greater than number of items Add the following line to rc.local# loop indefinitely While true do # config Etc/config/scripts/config-postUsage /etc/scripts/backup-usb Command File # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 Config --set config.system.snmp.address2=w.x.y.z Config --set config.system.snmp.trapport2=162To set the Manager Address field To set the Community field Snmp version 1 and 2c only $& ! $&$ $&% ! Chown fred /etc/config/users/fred/.ssh/authorizedkeys #$! #$ $ mkdir keys $ ssh-keygen -t rsa Http//openssh.org/portable.html ! Http//www openbsd.org/cgi-bin/man.cgi?query=sshdOpenSSH Windows http//sshwindows.sourceforge.net/download # ssh remhostAb7e33bd85505a430be0bd433f1ca5f8 Offending key in /.ssh/knownhosts1 Client Keys Authorized Keys Uploading Keys +- ! !$ % !! #$! #$ #% #% Target Specification Powerstrip IdName or ID of the device support/id Powerstrip Ppassword PportTargetaddress Username #%& # Appendix a Linux Commands and Source Code Appendix A. Linux Commands and Source CodeAdd a group or add an user to a group Add an user GNU Bourne-Again Shell Login RebootIp6tables Iptables-save Vconfig SleepSmbmnt Smbmount 164