Malcolms Rather IDP命令行说明_malcolmx英文介绍
Malcolms Rather IDP命令行说明由刀豆文库小编整理,希望给你工作、学习、生活带来方便,猜你可能喜欢“malcolmx英文介绍”。
Malcolm's Rather Useful IDP Command Helpsheet
Linux Operations
Mounting & Unmounting Floppy Disk:
mount /mnt/floppy
umount /mnt/floppy
Mounting & Unmounting CDROM:
mount /mnt/cdrom
umount /mnt/cdrom
Rebooting Sensor:
reboot;reboot
(yes, you may need to type it twice)
you may find that the following is quicker than reboot;reboot
reboot;exit
Other Useful commands
To remove the management server :
service MgtSvr stop
either cp usridpmgtSvr tep
or remove directory – rm –rf mgtSvt
Management Server Operations
Installing Management Server from CD:
mount /mnt/cdrom
/mnt/cdrom/Mgt-Svr/Linux/mgtsvr_linux_2_1.sh
umount /mnt/cdrom
Starting & Stopping Management Server:
/usr/idp/mgt-svr/bin/mgtSvr.sh start
/usr/idp/mgt-svr/bin/mgtSvr.sh stop
Checking Management Server Status:
/usr/idp/mgt-svr/bin/mgtSvr.sh status
Management Server Help & Other Operations:
/usr/idp/mgt-svr/bin/mgtSvr.sh-h
Above command should give following options :
/usr/idp/mgt-svr/bin/mgtSvr.sh {start|stop|status|version|restart|reload}
Licence Operations:
Cheking status of Licences:
scio lic list
Checking Host ID prior to restoring Licence:
scio lic id
Backing Up Licence:
mount /mnt/floppy
/mnt/floppy/backuplic.sh
umount /mnt/floppy
(above aumes backuplic.sh on floppy)
Restoring Licence:
mount /mnt/floppy
/mnt/floppy/restorelic.sh
umount /mnt/floppy
(above aumes restorelic.sh and licence on floppy)
Restarting diasabled ACM Daemon
service httpd start
Monitoring Sensor Status Using SCTOP
SCTOP monitors connection tables and displays sensor status.Dynamic Status Information:
sctop
Example to find Status of Subscriber:
sctop
s
(eg.to see if a policy has been applied)
Other useful options are I, c, u etc
Getting of SCTOP status info screen or SCTOP Usage Help screen:
ESC
Returning to SCTOP Usage Help/option summary screen:
h
Viewing Sensor Settings Using SCIO
SCIO is used to configure the sensor and view settings.Display the available SCIO options:
scio-h
Loading a policy:
scio policy load []
scio is a useful service – have a look at the options to see what it can do for you.Using IDP.SH to Monitor Sensor Procees
IDP.SH starts stops and monitors the status of sensor procees.Starting sensor services:
/usr/idp/device/bin/idp.sh start
Stopping sensor services:
/usr/idp/device/bin/idp.sh stop
Display the available IDP.SH options:
/usr/idp/device/bin/idp.sh-h
Iuing the above sommand will give the following output:
Usage: /usr/idp/device/bin/idp.sh {start|stop|status|version|restart|reload}
Backing Up
To back up the management server(Policies, network objects, custom signatures etc): cd /usr/idp/mgt-svr/var
tar –cvf mgt-svr.tar /usr/idp/mgt-svr/var
(you could also use the z argument in the options to send the tar via gzip to compre the file ie.–zcvf)
Then copy file to another host or server eg:
ftp
bin
put mgt-svr.tar
To backup the sensor(packet capture only):
The packet captures are kept in the following directory :
/usr/idp/device/var/sysinfo/seiondate/seions/s0
Each days worth of captures are stored in a directory in the format yearmonthday eg 20030120
To backup do the following commands:
cd/usr/idp/device/var/sysinfo/seiondate/seions/s0
tar –zcvf packetcaptures.tar
Exporting Logs via CLI
To export log to screen:
cd /usr/idp/mgt-svr/utils
./log2action format
To export log to file:
cd /usr/idp/mgt-svr/utils
./log2action options-a format action filename.extension
Options:
-s = specify source IP, port or both – a.b.c.d:port
-d = specify destination IP, port or both – a.b.c.d:port
-f = from log id:
-t = to log id:
-r = specify category(attack, config, misc, traffic)
Formats Options:
xml eg:
./log2action –a xml > file.xml
csv eg:
./log2action –a csv –p > file.csv
snmp eg:
./log2action –a snmp –m public –I
smtp eg:
./log2action –a smtp –e
syslog eg:
./log2action –a syslog –i
script eg:
./log2action –a script –n
You can also export to an SQL database.Refer to the Concepts and Examples for details on this.VI Commands:
Hey, this is a Rather Useful IDP Helpsheet, not An Absolutely Invaluble IDP Helpsheet, OK ?
