System CLI Commands

show openssh version

Shows the OpenSSH version of the Guardium system.

Syntax

show openssh version

show openssl version

Shows the OpenSSL version of the Guardium system

Syntax

show openssl version

show os version

Shows the operating system version of the Guardium system.

Syntax

show os version

start ecosystem

Use this command to restart the entire set of ecosystem processes. This restart is necessary after you install patches, run upgrades and some other operations.

Syntax

start ecosystem

stop ecosystem

Use this command to temporarily and gracefully stop the entire set of ecosystem processes. You need to stop the ecosystem for patching, upgrades and some other operations.

Syntax

stop ecosystem

store allow_reinstall

When you install Guardium from CD or DVD media, due to host server settings, the media is not always ejected correctly. In this case, when the system is rebooted, it can cause the system to keep reinstalling from the media, rather than rebooting only.

"Already installed 11.3.0, continue to reinstall (c) or reboot with any other key: "

In this case, click c to reinstall, or any other key to reboot.

If allow_reinstall is set to on, the system reinstalls from the media without prompting.

Syntax

store allow_reinstall [on | off]

The default is off.

Show command

show allow_reinstall

store system apc

Use this command to configure automatic powering down options when a UPS is attached. The UPS must be attached to a USB connector (serial connections for a UPS are not supported).

Sets the minimum charge percent (0-100) before powering down, or the number of seconds to run on battery power before powering down. The defaults are 25 (percent) and zero (seconds).

The following commands start and stop the apc process. The apc process is disabled by default.

Syntax

store system apc [battery-level <percent> | timeout <seconds>]

store system apc start

store system apc stop

Show command

show system apc [battery-level | timeout ]

store system auditlog-passthrough

Use this command to enable or disable the passing-through of system audit log data from the auditd service to the local syslog. Because the system audit log is verbose, the auditlog-passthrough feature is best used along with remote logging. For more information about remote logging, see Configuration and control CLI commands .

The auditlog-passthrough feature is disabled by default.

Syntax: store system auditlog-passthrough [on | off]

> store sys aud on
Restarting auditd service to pick up the change.
Reloading configuration: [ OK ]
Auditd to syslog passthrough is enabled.
ok

Show command: show system auditlog-passthrough

store system banner

Use this CLI command to create a banner at the CLI login. You can use the banner to create your own welcome message, warn about unauthorized access, or provide other useful information.

store system banner [message | clear | default]

Syntax

store system banner clear: Remove an existing banner message.

store system banner message: Create a banner message. Enter the banner message and then press CTRL-D.

store system banner default: Reset the banner to the default message.

Show command

show system banner

store system classifier profile

Use this command to adjust the memory available for classification.

Syntax

store system classifier profile [default|small|medium|large|max]

Show command

show system classifier profile

store system clock datetime

Use this CLI command to set the system clock's date and time to the specified value.

Syntax

store system clock datetime <YYYY-mm-dd hh:mm:ss>

Show command

show system clock <all |datetime |timezone>

Example

store system clock datetime 2018-10-03 12:24:00

store system clock timezone

Use this CLI command to list the allowable time zone value (list option), or set the time zone for this system to the specified time zone. Use the list option first to display all available time zones, and then enter the appropriate time zone from the list.

IBM® Guardium® also logs the local time zone in the standard audit trail to address cases where data is used in (or aggregated with) data that is collected in other time zones.

Syntax

store system clock timezone <list | timezone>

Show command

show system clock <all | timezone | datetime>

Example

Use the command first with the list option to display all available time zones. Then enter the command a second time with the appropriate zone.

CLI> store system clock timezone list
Timezone:                 Description:
---------                 -----------
Africa/Abidjan:
Africa/Accra
Africa/Addis_Ababa:
...
...output deleted
...
CLI> store system clock timezone America/New_York

store system conntrack

This CLI command sets the current status of the connection tracking subsystem of the Linux® kernel.

Syntax

store system conntrack <ON|OFF>

Show command

show system conntrack

store system cpu profile

Allow configuration of CPU scaling from a CLI command on hardware that supports CPU scaling.

Use this CLI command to set the appropriate CPU scaling policy for your needs:

• conservative - Less power usage, conservative scaling
• balanced - Medium power usage, fast scale up
• performance - Runs the CPUs at maximum clock speed

Guardium software sets the scaling policy to Performance upon installation.

Syntax

store system cpu profile [min|perf|max]

Show command

show system cpu profile

store system custom_db_size

Use this CLI command to set the maximum size of the custom database table (in MB). The Default value is 4000 MB.

Syntax

CLI> store system custom_db_max_size
USAGE: store system custom_db_max_size <N>
       where N is number larger than 4000.

Show command

show system custom_db_size

store system domain

Sets the system domain name to the specified value.

Syntax

store system domain <value>

Show command

show system domain

store system fipsmode

Use this command to enable or disable Federal Information Processing Standard (FIPS) cryptographic standards.

Syntax

Show command

show system fipsmode

store system hostname

Sets the system's hostname to the specified value.

Syntax

store system hostname <value>

Show command

show system hostname

store system ipmode

Use this command to change the IP (Internet Protocol) mode of your Guardium system. For more information, see Internet Protocol modes.

store system ipmode[ipv4|ipv6|dual]

Show command

show system ipmode

store system issue

Use this CLI command with the message parameter to receive input from the console until CRTL-D and write it to /etc/motd after removing from the input any $,\, followed by single letter, and ` characters. Use this command to enter messages that make this system compliant with the security policies of customers.

Use this CLI command with the clear parameter to restore /etc/motd to the default version.

store system netfilter-buffer-size

Syntax

store system netfilter-buffer-size

Show command

Displays the S-TAP® netfilter buffer size. The default is 65536 packets.

show system netfilter-buffer-size

show system ntp diagnostics

Use this CLI command to run ntpq -p and ntptime and send the output directly to the screen. The Guardium system queries ntpd from localhost via udp.

Syntax

show system ntp diagnostics

Example

CLI> show system ntp diagnostics
Output from ntpq -p :
localhost.localdomain:
-------------------------------------------------------------------
Output from ntptime :
(Note that if you have just started the ntp server, it may report an 'ERROR' until it has synchronized.)
-------------------------------------------------------------------
ntp_gettime() returns code 5 (ERROR)
  time d3443c21.47a46000  Thu, Apr 26 2012 17:26:57.279, (.279852),
  maximum error 16384000 us, estimated error 16384000 us
ntp_adjtime() returns code 5 (ERROR)
  modes 0x0 (),
  offset 0.000 us, frequency 0.000 ppm, interval 1 s,
  maximum error 16384000 us, estimated error 16384000 us,
  status 0x40 (UNSYNC),
  time constant 2, precision 1.000 us, tolerance 512 ppm,

store system ntp [all | server | state]

store system ntp server

Sets the hostname of up to three NTP (Network Time Protocol) servers. To enable the use of an NTP server, you must use the store system ntp state on command. To define a single NTP server, enter its hostname or IP address. To define multiple NTP servers, enter the command with no arguments, and you are prompted to supply the NTP server hostnames.

Syntax

store system ntp [ all | server | state ]

USAGE: store system ntp server 
For each server enter either ip or hostname 
Enter up to 3 NTP servers to store: 

Show command

show system ntp <all |server>

Delete command

delete ntp-server

Enables or disables use of an NTP (Network Time Protocol) server.

Syntax

store system ntp state <on | off>

Show command

show system ntp <all |state>

store system patch

The parameters for this command are cleanup, and install.

Store system patch cleanup

Deletes the patches that are selected from an itemized list.

> store system patch cleanup
Patches:
1. SqlGuard-11.0p118.tgz.enc.sig
2. SqlGuard-11.0p121.tgz.enc.sig
3. SqlGuard-11.0p123.tgz.enc.sig
4. SqlGuard-11.0p125.tgz.enc.sig

Please choose the patches to remove by item number (1 to 4)
Specify multiple patches with comma separated numbers
Specify ALL for all
q to quit
 
Patch item number(s): all
SqlGuard-11.0p118.tgz.enc.sig removed
SqlGuard-11.0p121.tgz.enc.sig removed
SqlGuard-11.0p123.tgz.enc.sig removed
SqlGuard-11.0p125.tgz.enc.sig removed
Ok

store system patch preservation [on | off]

When patch preservation is turned on, Guardium patches are not automatically deleted after an installation failure. You can attempt reinstallation after fixing issues, if any.

Store system patch install

Installs a single patch or multiple patches as a background process. The ftp and scp options copy a compressed patch file from a network location to the IBM Guardium appliance. A compressed patch file can contain multiple patches, but you can install only one patch at a time. To install more than one patch, choose all the patches that need to be installed, separated by commas. Internally the CLI submits requests for each patch on the list (in the order that is specified by the user). The first patch takes the request time that is provided by the user and each subsequent patch runs 3 minutes after the previous one. In addition, CLI checks to see whether any specified patches are already requested and does not allow duplicate requests.

Use the sys option when you install a second (or subsequent) patch from a compressed file that was copied to the IBM Guardium appliance by previously using this command.

To display a complete list of applied patches, see the Installed Patches report from the Guardium UI. Find this report from Manage > Reports > Install Management > Installed Patches, Manage > Maintenance > General > Installed Patches, or Reports > Guardium Operational Reports > Installed Patches.

In the store system patch install CLI command, you can choose multiple patches from the list.

Syntax

store system patch install <type> <date> <time>

type - The installation type - cd | ftp | scp | sys

date, time - The patch installation request time, date is formatted as YYYY-mm-dd, and time is formatted as hh:mm:ss

If no date and time are provided, or if you enter NOW, the installation request time is NOW.

Parameters

Regardless of the option selected, you are prompted to select a patch to apply, for example:

Please choose one patch to apply (1-n,q to quit):

cd - - To install a patch from a CD, insert the CD into the IBM Guardium CD ROM drive before you run this command. A list of patches that are contained on the CD are displayed.

ftp or scp - - To install a patch from a compressed patch file located somewhere on the network, use the ftp or scp option, and respond to the prompts shown. Be sure to supply the full path name for the patch, including the file name. For example:

Host to import patch from:
User on hostname:
Full path to the patch, including name:
Password:

For store system patch install scp, you can use a wildcard ( * ) for the patch file name.

The compressed patch file is copied to the Guardium appliance, and a list of patches contained on file displays.

sys - Use this option to apply a second or subsequent patch from a patch file that has been copied to the IBM Guardium appliance by a previous store system patch execution.

The store system patch install command does not delete the patch file from the IBM Guardium appliance after the installation. While you need not remove the patch file, as same patches can be reinstalled over existing patches and keeping patch files around can aid in analyze various problems, a user may remove patch files by hand or use the CLI command diag (Note, the CLI command diag is restricted to certain users and roles.)

To delete a patch install request, use the CLI command delete scheduled-patch.

Show command

show system patch <available | installed | preservation | staged | status >

store system public key

This command shows the outbound public SSH key for the standard users. The outbound SSH key pair is generated internally by the appliance, rather than stored from user input. If you adopt the public SSH key generated by the appliance, you can set up SSH export for the standard users: cli, grdapi, and tomcat All of the standard users use a common outbound SSH key.

store system public key <cli | grdapi| tomcat | reset>

store system public key <cli | grdapi| tomcat | reset [--yes]>

Show command

Displays an existing system public key for the CLI, GuardAPI, or Tomcat. If the public key does not yet exist, use show system public key to generate new outbound SSH keys. The SSH key pair is associated with the standard users: cli, grdapi, tomcat, and root.

show system public key < cli | grdapi | tomcat >

store system public key authorized

This command allows users to connect to the Guardium appliance by using SSH keys instead of passwords.

Syntax

store system public key authorized

Show command

Display the contents of an existing authorized public key.

show system public key authorized

Delete command

delete system public key authorized

Displays a list of available public keys. Specify the number of the key that you want to delete.

store system public-transfer-key

Creates, deletes, and regenerates the transfer ssh-key pair for transferring data to a remote host by using the ssh-key pairs. For more information, see Enabling ssh-key pairs for data archive, data export, data mart.

Syntax

store system public-transfer-key <create | delete | regenerate >

Where:

create - Create the ssh-key pair.

delete - Delete the ssh-key pair.

regenerate - Delete the existing ssh-key pair and then creates a new ssh-key pair.

Show command

show system public-transfer-key

store system remote-root-login

Enable/disable SSH (root access). Secure Shell or SSH is a network protocol that allows data to be exchanged by using a secure channel between two networked devices.

Syntax

store system remote-root-login  ON|OFF

Show command

show system remote-root-login

Returns the public part of the transfer key.

store system ssh

This command sets the security options on the ssh service for the system.

store system ssh <secure|default>

After you run this CLI, the SSH service restarts.

store system scp-ssh-key-mode

Enable/disable the scp-ssh-key-mode, for enabling ssh-key pairs for data archive, data export, and data mart, without passwords. For more information, see Enabling ssh-key pairs for data archive, data export, data mart.

store system scp-ssh-key-mode on|off

Show command

show system scp-ssh-key-mode

store system serialtty

In some environments, the serial TTY is not available so it cannot ever be started successfully. Potentially, this can appear in the system log and be forwarded to SIEM. This is enabled by default to permit connectivity, but can be disabled later if it is determined that serial consoles are unavailable to the system.

Syntax

store system serialtty <on, off>

Show command

show system serialtty

Reports whether or not serial TTYs are enabled on the system.

Reports either:

Serial TTY consoles are enabled on this system.

Serial TTY consoles are disabled on this system.

store system scheduler

Scheduling is managed by a timing mechanism within the IBM Guardium application. If the timing function is disrupted, it will restart after the restart interval designated by this CLI command.

Use store system scheduler restart_interval [5 to 1440 or -1] to restart the timing function after 5 minutes to 1440 minutes. The default is -1, which means the timing restart mechanism is not installed.

Use store system scheduler wait_for_shutdown [ON | OFF] to restart the scheduler after all jobs currently running finish. The parameters are ON or OFF.

Syntax

store system scheduler restart_interval [5 to 1440 or -1]

store system scheduler wait_for_shutdown [ON | OFF]

Show command

show system scheduler

store system service_status

Syntax

store system service_status [enable | disable] <service-name>

Show command

Syntax

show system service_status [ all | <service-name> ]

Display the status of all available Guardium appliance services or specify a service to view. Run show system service_status with no parameters to see the list of services that you can view.

store system shared secret

Sets the system's shared secret value to the specified value. This key must be the same for a Central Manager and all appliances it manages; or an Aggregator, and all appliances from which it aggregates data. After an appliance has registered for management by a Central Manager, the shared secret on that unit is no longer used. (You cannot unregister a unit from Central Management by changing this value.)

Dynamic password for aggregator OS user

The aggregator password is the <the current password> concatenated with the shared secret, meaning: password=<current passwd><share secret>

Users need to make sure the collectors' shared secret and the aggregator's shared secret is the same, otherwise the SCP transfer fails from the collector to the aggregator (This is a requirement for managed units and aggregators, collectors and aggregators, and export setup screen). The shared secret can be set both from CLI and from the System pane in the Admin Console tab.

Syntax

store system shared secret <key>

store system signature [on | off]

When turned off, enables deployment of apps that do not have signatures. Turn off store system signature when you are testing an app on your Guardium system; otherwise the app is blocked. In production this parameter should be on since you are using certified apps from the App Exchange.

Syntax

store system signature [on | off]

store system snif-alerts-facility

This parameter allows the user to configure the facility for snif generated alerts. Previously alerts directly generated by snif used the user facility while indirect alerts used the daemon facility (via the guard_sender utility).

Syntax

store system snif-alerts-facility <facility>

USAGE: store snif-alerts-facility <facility>

facility is one of: daemon ftp local0 local1 local2 local3 local4 local5 local6 local7 lpr user

The default facility is daemon.

Show command

show system snif-alerts-facility

store system snif-buffers-reclaim

Use this CLI command only when directed by IBM Guardium Technical Services.

The new configuration takes effect after you run the restart inspection-core CLI command.

Syntax

store system snif-buffers-reclaim [ON | OFF]

Show command

show system snif-buffers-reclaim

store system snif-thread-number

Use this CLI command to specify how many threads are running.

The new configuration takes effect after you run the restart inspection-core CLI command.

Syntax

store system snif-thread-number [new | default]

Show command

show system snif-thread-number

Snif is running with 6 threads on the 32-bit system.

show system snmp engineid

Use this CLI command to display the SNMP engine ID for the IBM Guardium appliance.

Syntax

show system snmp engineid

store system snmp contact

Stores the email address for the SNMP contact (syscontact) for the IBM Guardium appliance. The default is info@guardium.com.

Syntax

store system snmp contact <email-address>

Show command

show system snmp contact

store system snmp location

Stores the SNMP system location (syslocation) for the IBM Guardium appliance. The default is Unknown.

Syntax

store system snmp location <string>

Show command

show system snmp location

store system snmp query community

Stores the SNMP system query community for the IBM Guardium appliance. The default is guardiumsnmp. This command is valid only for SNMP version 2c.

Syntax

store system snmp query community <string>

Show command

show system snmp query community

store system snmp update_user

Use this command to update an existing SNMP user account for an SNMP version 3 system.

store system snmp update_user

This command overwrites all the information for an existing SNMP user account. Similar to store system snmp user create, you need to provide a username, authentication protocol and passphrase, and encryption protocol and passphrase.

store system snmp user

Use this command to create or remove an SNMP user account for an SNMP version 3 system. You can create only one SNMP user account. The default encryption protocol is AES-128.

store system snmp user [ create | delete ]

show system snmp user

store system snmp version

Use this CLI command to switch between SNMP version 2c and SNMP version 3. The default is v2c. If your system uses SNMPv3, use this command to update Guardium.

Syntax

store system snmp version [v2c | v3]

show system snmp version

Examples

test.usma.ibm.com> show system snmp version
SNMP Version : v2c
ok
test.ibm.com> store system snmp version v3
snmp version v3 enabled
ok
test.usma.ibm.com> show system snmp version
SNMP Version: v3
ok

store system ssh-dsa state

This command enables or disables SSH DSA authentication.

Syntax

store system ssh-dsa state [ON | OFF ]

Show command

show system ssh-dsa state

store system sshd-max-connection

This command allows the maximum number of concurrent sshd connections to be configured. The range is between 100-500. The default value is 250.

Syntax

store system sshd-max-connection <value>

Show command

show sys sshd-max-connection

store system websmartcard

The command enables or disables smart card authentication. For more information, see Enabling Smart card authentication.

Syntax

store system websmartcard [on | off ]

Show command

show system websmartcard

store system admin-only

When smart card or SAML authentication is enabled, run the store system admin-only on command to allow the admin or accessmgr accounts to log in to the Guardium system by using a standard login and password screen.

When enabled, the admin or accessmgr access a separate login page by appending /admin to the URL of the Guardium system. Example URL: https://www.[your_guardium_system's_domain_name].com:[port_number]/admin.

Syntax

store system admin-only [on | off ]

Show command

show system admin-only