Before I begin I should note that this does not 'always' work, and is not supported by TAC.
However, if you are successful with it, you can run sysconfig/cpconfig immediately instead of having to go through the initial install procedure via the WebGUI.
I know anyone who is stuck doing remote deployments/wipes with UTM-1's knows the pain this requirement can cause :)
To 'get out of jail', simply run the following from expert mode:
touch /opt/spwm/conf/wizard_accepted
Once completed, sysconfig/cpconfig will now work.
Enjoy!
Friday, 30 September 2011
SPLAT: How to automatically enter "Expert Mode" when logging in
I suppose it's pretty fitting that I include this.
Make sure you're in expert mode when you run this:
Verify your current shell (substitute 'admin' for your user):
Now, when you exit/login again, you'll immediately get dropped into expert mode:
Make sure you're in expert mode when you run this:
Verify your current shell (substitute 'admin' for your user):
cat /etc/passwd |grep admin
admin:x:0:0::/home/admin:/bin/cpshell
Change your shell to bash:admin:x:0:0::/home/admin:/bin/cpshell
chsh -s /bin/bash admin
Changing shell for admin.
Shell changed.
Verify the change has taken place:Changing shell for admin.
Shell changed.
cat /etc/passwd |grep admin
admin:x:0:0::/home/admin:/bin/bash
admin:x:0:0::/home/admin:/bin/bash
Now, when you exit/login again, you'll immediately get dropped into expert mode:
login as: admin
admin@192.168.0.50's password:
Last login: Fri Sep 30 14:28:08 2011 from 192.168.0.10
[Expert@R75-A]#
Keep in mind this does have security implications - it's just nice to have in a lab environment :)admin@192.168.0.50's password:
Last login: Fri Sep 30 14:28:08 2011 from 192.168.0.10
[Expert@R75-A]#
Friday, 16 September 2011
IPSO: How to Backup and Restore via CLISH?
This will backup all of the OS information/configuration like Routes, Proxy Arps, Interface configuration etc:
The following will create a new backup in /var/backup/
clish -c "set backup manual filename your_desired_filename"
clish -c "set backup manual on"
To Restore:
clish -c "set restore manual /path_to_backup_file.tgz"
The following will create a new backup in /var/backup/
clish -c "set backup manual filename your_desired_filename"
clish -c "set backup manual on"
To Restore:
clish -c "set restore manual /path_to_backup_file.tgz"
Tuesday, 6 September 2011
TCPDUMP: How to capture a full packet
This request generally comes around when there is some suspicious network activity seen by one of the IDS and the engineer wants to see the entire packet:
tcpdump -nnvvXSs 1514 -i eth0
FWMonitor: How to filter by network range
Pretty simple idea, however wildcards don't work in the generic 'src/dst' statements unfortunately.
Let's say I want to capture all traffic sourced from 192.168.0.0/24 destined to the 10.15.15.0/24 over port 80, I'd use the following syntax:
fw monitor -e "firstblock={<192.168.0.0,192.168.0.255>};secondblock={<10.15.15.0,10.15.15.255>}; accept (src in firstblock, dst in secondblock, sport=80);"
The first IP Block is the starting IP for the network, and the second is the last IP in the block. You can define as many 'groups' as you'd like. Just make sure that the rest of the 'accept' statement ends up between two parent parenthesis.
Let's say I want to capture all traffic sourced from 192.168.0.0/24 destined to the 10.15.15.0/24 over port 80, I'd use the following syntax:
fw monitor -e "firstblock={<192.168.0.0,192.168.0.255>};secondblock={<10.15.15.0,10.15.15.255>}; accept (src in firstblock, dst in secondblock, sport=80);"
The first IP Block is the starting IP for the network, and the second is the last IP in the block. You can define as many 'groups' as you'd like. Just make sure that the rest of the 'accept' statement ends up between two parent parenthesis.
Thursday, 1 September 2011
How to remove a static route in SPLAT without using SYSCONFIG
It's pretty simple:
Consult the routing table to verify the routing information of your to-be-deleted route with one of the two following commands:
route | grep ip_of_your_route
or
netstat -nr | grep ip_of_your_route
An example is below:
netstat -nr |grep 192.168.72.75
192.168.72.75 172.16.25.45 255.255.255.255 UGH 0 0 0 eth5
Delete the route (help for the command can be found with 'route --help'):
route del -net 192.168.72.75 netmask 255.255.255.255 gw 172.16.25.45
Verify the route has been deleted (you should not see the original route anymore):
netstat -nr |grep 192.168.72.75
Save the changes (in case the route was pulled from sysconfig/netconf.C):
route --save
Consult the routing table to verify the routing information of your to-be-deleted route with one of the two following commands:
route | grep ip_of_your_route
or
netstat -nr | grep ip_of_your_route
An example is below:
netstat -nr |grep 192.168.72.75
192.168.72.75 172.16.25.45 255.255.255.255 UGH 0 0 0 eth5
Delete the route (help for the command can be found with 'route --help'):
route del -net 192.168.72.75 netmask 255.255.255.255 gw 172.16.25.45
Verify the route has been deleted (you should not see the original route anymore):
netstat -nr |grep 192.168.72.75
Save the changes (in case the route was pulled from sysconfig/netconf.C):
route --save
Subscribe to:
Posts (Atom)