#%& | Black Box 1102, 1101 manual

1101 and 1102 Secure Device Servers

exec Run list of commands from file

set Set runtime variable for shell and exec

ipmitool chassis help

Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev

ipmitool chassis power help

chassis power Commands: status, on, off, cycle, reset, diag, soft

You will find more details on ipmitools at "$$##$#

')#''%&

As detailed in this manual, customers can copy scripts, binaries, and configuration files directly to the console server.

Black Box also freely provides a development kit that allows changes to be made to the software in console server firmware image. The customer can use the CDK to:

generate a firmware image without certain programs, such as telnet, which may be banned by company policy.

generate an image with new programs, such as custom Nagios plug-in binaries or company specific binary utilities.

generate an image with custom defaults, for example, it may be required that the console server be configured to have a specific default serial port profile which is reverted to even in event of a factory reset.

place configuration files into the firmware image, which cannot then be modified e.g. # /bin/config –-set= tools update the configuration files in /etc/config which are read/write, whereas the files in /etc are read only and cannot be modified.

The CDK essentially provides a snapshot of the Black Box build process (taken after the programs have been compiled and copied to a temporary directory romfs) just before the compressed file systems are generated. You can obtain a copy of the Black Box CDK for the particular appliance you are working with from Black Box

NOTE: The CDK is free.

')#'(

When the console servers are cascaded the Master is in control of the serial ports on the Slaves, and the Master’s Management Console provides a consolidated view of the settings for its own and all the Slave’s serial ports. The Master does not provide a fully consolidated view, for example, Status: Active Users only displays those users active on the Master’s ports and you will need to write a custom bash script that parses the port logs if you want to find out who’s logged in to cascaded serial ports from the master.

You will probably also want to enable remote or USB logging, because local logs only buffer 8K of data and don’t persist between reboots.

This script would, for example, parse each port log file line by linee. Each time it sees 'LOGIN: username', it adds username to the list of connected

users for that port. Each time it sees 'LOGOUT: username,' it removes it from the list. The list can then be nicely formatted and displayed. You can run the script on the remote log server. To enable log storage and connection logging:

-Select Alerts & Logging: Port Log

-Configure log storage

-Select Serial & Network: Serial Port, Edit the serial port(s)

-Under Console server, select Logging Level 1 and click Apply

There’s a useful tutorial on creating a bash script CGI at "$$#! #$ $ #

Similarly, the Master does maintain a view of the status of the slaves:

-Select Status: Support Report

-Scroll down to Processes

-Look for: /bin/ssh -MN -o ControlPath=/var/run/cascade/%h slavename

-These are the slaves that are connected

-Note the end of the Slaves' names will be truncated, so the first 5 characters must be unique

Alternatively, you can write a custom CGI script as described above. The currently connected Slaves can be determined by running: ls

/var/run/cascade and the configured slaves can be displayed by running: config -g config.cascade.slaves

160	724-746-5500 blackbox.com

Image 160

Black Box 1102, Secure Device Servers, 1101 manual #%&, #

Contents

1102 Secure Device Servers 1102 Secure Device Servers Normas Oficiales Mexicanas NOM Electrical Safety Statement FCC and IC RFI Statements Trademarks Used in this Manual Table of Contents SMS Alerts Snmp Alerts Local Authentication Tacacs AuthenticationAdd a New Alert 106 107108 110 Installing the Key and Certificate PowerMan ToolPmpower Tool Fingerprinting Specifications Specifications Manual Organization Overview 2.1 IntroductionTypes of Users Management Console OverviewHardware Description 2.5.1 LES1101A Front Panel Number Component Description DB9 connector 2 LES1101A Back PanelEthernet Connectivity LED RJ-45 Ethernet Activity Number Component Description Barrel connector Power LED left side of connector Ethernet Connectivity LEDLED right side of connector Ethernet Activity LED 3 LES1102A Front Panel 1 LES1101A What’s Included2 LES1102A Installation InstallationPower Connection Network Connection Non RS-232 Serial Port Pinouts- LES1102A Non RS-232 Serial Port Pinouts- LES1101A +3VRX+ TX+ +VIN TX + Connected PC/Workstation Setup System ConfigurationManagement Console Connection System Configuration Browser connection Administrator Password Network IP Address System Services IPv6 configuration System Services screen SDT Connector SDT connector SSH encryptedCommunications Software Forwarded to PuTTY SSHTerm Serial Port, Host, Device, and User Configuration Configure Serial Ports Serial Port, Host, Device, and User Configuration Common Settings Console Server Mode Serial Port, Host, Device, and User Configuration 1102 Secure Device Servers SDT Mode Terminal Server Mode Device RPC, UPS, EMD ModeSerial Bridging Mode Syslog Local Ethernet LAN LES1102A COM port Add/ Edit Users Serial Port, Host, Device, and User Configuration Authentication Network Hosts Trusted Networks Serial Port Redirection Managed Devices LES1102A Retail data systems Serial Port, Host, Device, and User Configuration Secure Local Secure SSH Tunneling and SDT ConnectorLES1102A Serial Connected Secure SSH Tunneling and SDT Connector Configuring for SSH Tunneling to HostsSDT Connector Client Configuration SDT Connector installation 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector Manually Adding Hosts to the SDT Connector Gateway Make an SDT Connection through the Gateway to a Host Manually Adding New Services to the New Hosts 10. Clients 1102 Secure Device Servers Adding a Client Program to be Started for the New Service 16. Telnet client Click OK SDT Connector to Management Console 17. Edit SDT host screen 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector SDT Connector Public Key Authentication Importing and Exporting Preferences Setting up SDT for Remote Desktop Access Configure the Remote Desktop Connection Client 23. Remote Desktop Users dialog box Computer, enter the appropriate IP Address and Port Number Use -p to receive password promptGeometry width x height or 70% screen percentage SDT SSH Tunnel for VNC For Linux servers and clients Install, Configure, and Connect the VNC Viewer 30. VNC authentication 1102 Secure Device Servers 33. Incoming TCP/IP properties Set up SDT Serial Ports on Console Server SSH Tunneling Using other SSH Clients for example, PuTTY Address of port01. Then select the RDP Service check box 1102 Secure Device Servers Secure SSH Tunneling and SDT Connector 1102 Secure Device Servers Configure SMTP/SMS/SNMP/Nagios Alert Service Alerts and LoggingAlerts and Logging Email Alerts Snmp Alerts SMS AlertsSelect Alerts & Logging Snmp Nagios Alerts Activate Alert Events and Notifications Configuring General Alert Types Add a New Alert Serial port signal alert Configuring Power Alert Type This alert type monitors UPSes, RPCs, and power devices Serial Port Logging Remote Log StorageNetwork TCP or UDP Port Logging 1102 Secure Device Servers Power Management Power ManagementRemote Power Control RPC RPC Connection 1102 Secure Device Servers RPC Access Privileges and Alerts User Power Management RPC Status Uninterruptible Power Supply Control UPSTurn on Turn OFF Cycle Status Managed UPS Connections Serial, USB, or Network Connections Managed As Device Type UPS and clicking Apply Click Add Managed UPS Power Management Remote UPS Management UPS Alerts Controlling UPS Powered ComputersUPS Status Overview of Network UPS Tools NUT 12. Log table Refer to 1102 Secure Device Servers Authentication Authentication ConfigurationLocal Authentication Tacacs Authentication Radius Authentication Enter the Server Password Ldap Authentication RADIUS/TACACS User Configuration PAM Pluggable Authentication Modules PamtacplusPamldap Radius Example SSL Certificate SSL certificates screen Challenge Password Confirm Challenge PasswordCommon name Organizational Unit Upload button Nagios Integration LES1102A Network Managed hosts ServicesNagios Overview Nagios Integration Central Management and Setting Up SDT for NagiosDistributed console servers Black Box console servers Setup Central Nagios Server Setup Distributed Console Servers Description enter Administrator connection Enable Nagios on the Console Server Configuring Nagios Distributed MonitoringSelect Users & Groups from the Serial & Network menu Enable Nrpe Monitoring Enable Nsca MonitoringLES1102A Serial Check Nagios Tunneled SSH LES1102A Sendncsa Program/script Nagios Configure Selected Network Hosts for Nagios Monitoring Configure Selected Serial Ports for Nagios MonitoringConfigure the Upstream Nagios Monitoring Host Commandname checknrpedaemon Commandline Commandname checkserialstatus CommandlineDefine service Hostname Server Use Generic-service Define service Servicedescription port-log-server Server Use Generic-serviceActivechecksenabled Passivechecksenabled Checkportlog Basic Nagios Plug-Ins Number of Supported Devices Using Nagios in a local office Remote site Distributed Monitoring Usage Scenarios Remote site with restrictive firewall System Administration and Reset System Management Upgrade Firmware System Management Configure Date and Time Configuration Backup 109 Port Access and Active Users Select the Status Port AccessStatus Reports Statistics Status Reports Support Reports Dashboard Select Status Syslog Configuring the Dashboard Configure dashboard screen Creating Custom Widgets for the Dashboard Echo table Management ManagementDevice Management Port and Host Logs Serial Port Terminal Connection Select Manage Terminal Select Manage Power Configuration from the Command Line Accessing config from the Command Line Configuration from the Command Line Config tool# config -g config.users.user1.description # config -g config Serial Port Configuration Device Mode SDT mode Terminal server mode Serial bridge modeSyslog settings Adding and Removing Users # ./delete-node config.users.user2 # config -r users # config -g config.groups.total # config -aAdding and Removing User Groups # rmuser Group7 List of remote authentiction and authorization servers # config -r auth# config -g config.sdt.hosts.total # config -s config.sdt.hosts.total=4 Log level for services # config -g config.devices.total# config -hosts # config -g config.portaccess.total # config -s config.cascade.slaves.total=1 # config -r cascadeCascaded Ports UPS Connections # config -s config.ups.monitors.total=1 # config -d config.ups.monitors.monitor1RPC Connections Remote UPSes # config -d config.devices.device8 To configure serial/network port loggingPort Log To delete the above managed device General settings for all alerts Signal AlertAlerts Connection Alert UPS Power Status Alert Power Sensor Alert# config -r alerts Smtp and SMS IP Settings AdministrationSnmp Date and Time Settings # config -r time ServicesDhcp Server Enable SDT for Nagios ext Enabled SDT gateway address Prefer Nrpe over Nsca Disabled defaults to DisabledTo configure Nrpe with following settings Nrpe port Nagios ! Advanced ConfigurationBin/sh /etc/scripts/alert-email $suffix # ./delete-node config.users.user3 NEWTOTAL=$ $TOTAL Echo Warning $TOTALNODE greater than number of items Add the following line to rc.local # loop indefinitely While true do # config Etc/config/scripts/config-postUsage /etc/scripts/backup-usb Command File # /etc/scripts/backup-usb check-magic Etc/config/pmshell-start.sh #!/bin/sh PORT=$1 USER=$2 Config --set config.system.snmp.address2=w.x.y.z Config --set config.system.snmp.trapport2=162To set the Manager Address field To set the Community field Snmp version 1 and 2c only $&$ $& ! $&% ! Chown fred /etc/config/users/fred/.ssh/authorizedkeys #$! #$ $ mkdir keys $ ssh-keygen -t rsa Http//openssh.org/portable.html Http//www openbsd.org/cgi-bin/man.cgi?query=sshd ! OpenSSH Windows http//sshwindows.sourceforge.net/download # ssh remhostAb7e33bd85505a430be0bd433f1ca5f8 Offending key in /.ssh/knownhosts1 Client Keys Authorized Keys Uploading Keys +- ! !$ % !! #$! #$ #% #% Target Specification Powerstrip Powerstrip IdName or ID of the device support/id Ppassword PportTargetaddress Username #%& # Appendix a Linux Commands and Source Code Appendix A. Linux Commands and Source CodeAdd a group or add an user to a group Add an user GNU Bourne-Again Shell Login RebootIp6tables Iptables-save Vconfig SleepSmbmnt Smbmount 164