Use these CLI commands to configure system settings.
store system banner [message | clear]
To create a banner (warning about unauthorized access, etc. or a welcome message) at the CLI login, use the CLI command, store system banner [message | clear].
Syntax
store system banner clear - use this CLI command to remove an existing banner message.
store system banner message - use this CLI command to create a banner message. Enter the banner message and then press CTRL-D.
Show command
show system banner - use this CLI command to view an existing banner message.
Sets the system clock's date and time to the specified value, where YYYY is the year, mm is the month, dd is the day, hh is the hour (in 24-hour format), mm is the minutes, and ss is the seconds. The seconds portion is required, but will always be set to 00.
Syntax
store system clock datetime YYYY-mm-dd hh:mm:ss>
Show Command
show system clock <all |datetime |timezone>
Example
store system clock datetime 2008-10-03 12:24:00
Lists the allowable time zone value (list option), or sets the time zone for this system to the specified timezone. Use the list option first to display all time zones, and then enter the appropriate timezone from the list.
IBM® Guardium® also logs the local timezone in the standard audit trail, to address cases where data is used in (or aggregated with) data collected in another time zones.
Note: The timezone setting is not updated automatically when Daylight Saving time occurs. In order to update the machine, the user will need to reset the timezone. Reset the timezone means to set a new timezone, different from what currently is, and then resetting to the correct timezone. Just resetting the timezone to the same one will not work and give the message, No change for the timezone.
Syntax
store system clock timezone <list | timezone>
Show Command
show system clock <all | timezone | datetime>
Example
Use the command first with the list option to display all time zones. Then enter the command a second time with the appropriate zone.
CLI> store system clock timezone list
Timezone: Description:
--------- -----------
Africa/Abidjan:
Africa/Accra:
Africa/Addis_Ababa:
...
...output deleted
...
CLI> store system clock timezone America/New_York
Sets the current status of connection tracking subsystem of the Linux kernel. Status can be ON|OFF.
Syntax
store system conntrack ON|OFF
Show command
show system conntrack
Allow configuration of CPU scaling from a CLI command on hardware that supports CPU scaling.
Use this CLI command to set the appropriate CPU scaling policy for your needs:
Guardium software sets the scaling policy to Performance upon installation.
Syntax
store system cpu profile [min|perf|max]
Show command
show system cpu profile
Use this CLI command to set the maximum size of the custom database table (in MB). The Default value is 4000 MB.
Syntax
CLI> store system custom_db_max_size
USAGE: store system custom_db_max_size <N>
where N is number larger than 4000.Show command
show system custom_db_size
Sets the system domain name to the specified value.
Syntax
store system domain <value>
Show Command
show system domain
Sets the system's host name to the specified value.
Syntax
store system hostname <value>
Show Command
show system hostname
store system issue [message | clear]
The CLI command, store system issue message, will receive input from the console until Ctrl-d and write it to /etc/motd after removing from the input any $,\, \followed by single letter, and ` characters. This is a way to enter messages that make this system compliant with the security policies of customers.
The CLI command, store system issue clear, will restore /etc/motd to the default version.
The version comes from /etc/guardium-release. For example, SG70 -> 7.0, SG80 -> 8.0. If the SG is not found in the /etc/guard-release, the default version is an empty string.
Use this CLI command to run ntpq -p and ntptime and send the output directly to the screen. The Guardium system queries ntpd from localhost via udp.
Syntax
show system ntp diagnostics
Example
CLI> show system ntp diagnostics
Output from ntpq -p :
localhost.localdomain:
-------------------------------------------------------------------
Output from ntptime :
(Note that if you have just started the ntp server, it may report an 'ERROR' until it has synchronized.)
-------------------------------------------------------------------
ntp_gettime() returns code 5 (ERROR)
time d3443c21.47a46000 Thu, Apr 26 2012 17:26:57.279, (.279852),
maximum error 16384000 us, estimated error 16384000 us
ntp_adjtime() returns code 5 (ERROR)
modes 0x0 (),
offset 0.000 us, frequency 0.000 ppm, interval 1 s,
maximum error 16384000 us, estimated error 16384000 us,
status 0x40 (UNSYNC),
time constant 2, precision 1.000 us, tolerance 512 ppm,store system ntp server
Sets the host name of up to three NTP (Network Time Protocol) servers. Note that to enable the use of an NTP server, you must use the store system ntp state on command. To define a single NTP server, enter its host name or IP address. To define multiple NTP servers, enter the command with no arguments, an you will be prompted to supply the NTP server host names.
Syntax
store system ntp server
USAGE: store system ntp server
For each server enter either ip or hostname
Enter up to 3 NTP servers to store:
Show Command
show system ntp <all |server>
Delete command
delete ntp-server
store system ntp state
Enables or disables use of an NTP (Network Time Protocol) server.
Syntax
store system ntp state <on | off>
Show Command
show system ntp <all |state>
Installs a single patch or multiple patches as a background process. The ftp and scp options copy a compressed patch file from a network location to the IBM Guardium appliance. Note that a compressed patch file may contain multiple patches, but only one patch can be installed at a time. To install more the one patch, choose all the patches that need to be installed, separated by commas. Internally the CLI will submit requests for each patch on the list (in the order specified by the user) with the first patch taking the request time provided by the user and each subsequent patch three minutes after the previous one. In addition, CLI will check to see if the specified patch(es) are already requested and will not allow duplicate requests.
The last option (sys) is for use when installing a second or subsequent patch from a compressed file that has been copied to the IBM Guardium appliance using this command previously.
To display a complete list of applied patches, see the Installed Patches report on the IBM Guardium Monitor tab of the administrator portal.
In store system patch install CLI command, user can choose multiple patches from the list.
Syntax
store system patch install <type> <date> <time>
<type> is the installation type, cd | ftp | scp | sys
<date> and <time> are the patch installation request time, date is formatted as YYYY-mm-dd, and time is formatted as hh:mm:ss
If no date and time is entered or if NOW is entered, the installation request time is NOW.
Parameters
Regardless of the option selected, you will be prompted to select a patch to apply:
Please choose one patch to apply (1-n,q to quit):
cd - To install a patch from a CD, insert the CD into the IBM Guardium CD ROM drive before executing this command. A list of patches contained on the CD will be displayed.
tp or scp - To install a patch from a compressed patch file located somewhere on the network, use the ftp or scp option, and respond to the prompts shown. Be sure to supply the full path name for the patch, including the filename:
Host to import patch from:
User on hostname:
Full path to the patch, including name:
Password:
In store system patch install scp CLI command, user can use wildcard * for the patch file name.
The compressed patch file will be copied to the IBM Guardium appliance, and a list of patches contained on file will be displayed.
sys - Use this option to apply a second or subsequent patch from a patch file that has been copied to the IBM Guardium appliance by a previous store system patch execution.
The store system patch install command will not delete the patch file from the IBM Guardium appliance after the install. While there is no real need to remove the patch file, as same patches can be reinstalled over existing patches and keeping patch files around can aid in analyze various problems, a user may remove patch files by hand or use the CLI command diag (Note, the CLI command diag is restricted to certain users and roles.)
To delete a patch install request, use the CLI command delete scheduled-patch
Enable/disable SSH (root access). Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices.
Syntax
store system remote-root-login ON|OFF
Show command
show system remote-root-login
Scheduling is managed by a timing mechanism within the IBM Guardium application. If the timing function is disrupted, it will restart after the restart interval designated by this CLI command.
Use store system scheduler restart_interval [5 to 1440 or -1] to restart the timing function after 5 minutes to 1440 minutes. The default is -1 which means the timing restart mechanism is not installed.
Use store system scheduler wait_for_shutdown [ON | OFF] to restart the scheduler after all jobs currently running finish. The parameters are ON or OFF.
Syntax
store system scheduler restart_interval [5 to 1440 or -1]
store system scheduler wait_for_shutdown [ON | OFF]
Show command
show system scheduler
Use this CLI command only when directed by IBM Guardium Technical Services.
The new configuration will be effective once the CLI command, restart inspection-core, is executed.
Syntax
store system snif-buffers-reclaim [ON | OFF]
Show command
show system snif-buffers-reclaim
Use this CLI command to specify how many threads are running.
The new configuration will be effective once the CLI command, restart inspection-core, is executed.
Syntax
store system snif-thread-number [new | default]
Show command
show system snif-thread-number
Snif is running with 6 threads on the 32-bit system
Stores the email address for the snmp contact (syscontact) for the IBM Guardium appliance. By default it is info@guardium.com.
Syntax
store system snmp contact <email-address>
Show Command
show system snmp contact
Stores the snmp system location (syslocation) for the IBM Guardium appliance. By default it is Unknown.
Syntax
store system snmp location <string>
Show Command
show system snmp location
Stores the snmp system query community for the IBM Guardium appliance. By default it is guardiumsnmp.
Syntax
store system snmp query community <string>
Show Command
show system snmp query community