Manuals / Cisco Systems / Household Appliance / Home Security System

Cisco Systems OL-5742-01 manual 18-40, Enter the following command, # cd /opt/CSCOsgm/bin

Models: OL-5742-01

1 42

Download 42 pages 34.07 Kb

Page 40

18-40

Chapter 18 Configuring SGM Security

Limiting SGM Client Access to the SGM Server (Solaris Only)

•To remove an SSL certificate from the SGM client, launch the SGM SSL Certificate Tool. SGM lists each imported certificate. Select the certificate you want to remove, and click Remove. SGM deletes the certificate from the list.

See the “Importing an SSL Certificate to an SGM Client” section on

page 18-33for more information on launching the SGM SSL Certificate Tool.

Limiting SGM Client Access to the SGM Server (Solaris Only)

By default, when you first install SGM, all SGM client IP addresses are allowed to connect to the SGM server. However, SGM enables you to limit client access to the server by creating and maintaining the ipaccess.conf file.

You can create the ipaccess.conf file and populate it with a list of SGM client IP addresses that can connect to the SGM server. SGM allows connections from only those clients, plus the local host. If the file exists but is empty, SGM allows connections only from the local host. (SGM always allows connections from the local host.)

When you first install SGM, the ipaccess.conf file does not exist and SGM allows all client IP addresses to connect to the SGM server. To create the ipaccess.conf file and work with the list of allowed client IP addresses, use the following procedure:

Step 1 Log in as the root user, as described in the “Becoming the Root User (Solaris Only)” section on page 2-3, or as a super user, as described in the “Specifying a Super User (Solaris Only)” section on page 18-24.

Step 2 Enter the following command:

# cd /opt/CSCOsgm/bin

	Cisco Signaling Gateway Manager User Guide
18-40	OL-5742-01

Image 40

Cisco Systems OL-5742-01 manual 18-40, Enter the following command, # cd /opt/CSCOsgm/bin

Contents

Configuring SGM User-BasedAccess Configuring SGM User-BasedAccess, pageCreating Secure Passwords, page 18-5 Required Implementing SSL Support in SGM, page#cd /opt/CSCOsgm/bin #./sgm useraccess enable Implementing SGM User-BasedAccess Solaris Only18-2 sgm disablepass -sgm passwordage -sgm userpass sgm adduser -sgm disableuser -sgm enableusersgm updateuser #./sgm authtype local# ./sgm sgm adduser username # ./sgm authtype solaris18-4 Creating Secure Passwords 18-5Basic User Level 1 Access, page Power User Level 2 Access, pageNetwork Operator Level 3 Access, page Network Administrator Level 4 Access, pageBasic User Level 1 Access 18-7Network Operator Level 3 Access Power User Level 2 Access18-8 System Administrator Level 5 Access Network Administrator Level 4 Access18-9 18-10 System Messages and Logs# ./sgm badloginalarm number-of-attempts # ./sgm badloginalarm clear# ./sgm badlogindisable number-of-attempts # ./sgm badlogindisable clear# ./sgm passwordage number-of-days # ./sgm inactiveuserdays number-of-days# ./sgm inactiveuserdays clear 18-12# ./sgm passwordage clear #./sgm clitimeout number-of-minutes# ./sgm clitimeout clear 18-13# ./sgm disablepass username # ./sgm deluser username18-14 # cd /opt/CSCOsgm/bin# ./sgm disableuser username 18-15# ./sgm enableuser username # ./sgm userpass usernamepage 18-16# ./sgm updateuser username 18-17# ./sgm newlevel username Displaying a Message of the Day18-18 Last Updated Field or ButtonDescription Message of the Day#cd /opt/CSCOsgm/bin #./sgm motd enable Decline# ./sgm motd edit 18-20Manually Synchronizing Local SGM Passwords # ./sgm motd disableListing All Currently Defined Users # ./sgm motd catDisabled # ./sgm listusers username#cd /opt/CSCOsgm/bin #./sgm seclog 18-22#cd /opt/CSCOsgm/bin #./sgm restore security Restoring Security-RelatedSGM Data# ./sgm seclog clear 18-23Disabling SGM User-BasesAccess #cd /opt/CSCOsgm/bin #./sgm useraccess disableSpecifying a Super User Solaris Only # ./sgm restartsgm backup -sgm browserpath -sgm certgui sgm certtool -sgm clean -sgm cleanallsgm cleandb -sgm cw2ksetup -sgm evilstop sgm reboot -sgm restore -sgm restorepropsImplementing SSL Support in SGM sgm webport -sgm xtermpathEnabling SSL Support in SGM, page Launching the SGM Certificate Tool for SSL, pageEnabling SSL Support in SGM Exporting an SSL Certificate, pageManaging SSL Support in SGM, page Disabling SSL Support in SGM, page# ./sgm keytool import cert cert filename opt/CSCOsgm/etc/ssl/server.csr is a CSR18-28 18-29 Step 5 Restart the SGM client18-30 SGM displays the SGM Server Home page#cd /opt/CSCOsgm/bin #./sgm certgui Launching the SGM Certificate Tool for SSL18-31 Issued to Issued byExpiration Date ImportImporting an SSL Certificate to an SGM Client DetailsExit HelpCancel Exporting an SSL CertificateLook In File NameSave In 18-35Field or Button DescriptionSave 18-36Cancel Field or Button18-37 Chapter 18 Configuring SGM SecurityCisco Signaling Gateway Manager User Guide Figure 18-5Certificate Information DialogIssuer SubjectVersion Serial numberDisabling SSL Support in SGM Managing SSL Support in SGM18-39 Step 2 Enter the following command 18-40# cd /opt/CSCOsgm/bin #./sgm ipaccess edit #./sgm ipaccess add18-41 18-42 Any changes you make to the ipaccess.conf file take effect when you restart the SGM server