config config [command help] config [command var=val ...]
where command is one of the following: add, boks, ca, del, els, list, save, show, rest
The var=value
pairs are specific for each command and are described below.
The config program is used to set up the RSA Keon Agent Base System, which includes importing the Agent Host Virtual Card and trusted CA certificates, and specifying the ELS servers and Keon 4.x parameters.
The config program is also used to define new instances of installed Agents.
Contextual help is available for selections by entering a question mark ('?') at the prompt.
The rest of this document describes the command line interface of the config program.
help
can always be given. This will list usage and a description of the current
command.
The commands available are as follows:
add help add svc=name port=port server=srv method=meth proto=prot [desc=desc] [var=val ...] add svc=name inetd=tag method=meth proto=prot [desc=desc] [var=val ...]
Description:
Add a new Agent instance to the running set.
This can be achieved by supplying the local port to be protected and the
server to connect to or by having the Agent started by inetd. In the inetd
case, no local port or server needs to be specified since that information
is stored in inetd.conf
.
Apart form the parameters listed, any Agent specific parameters can be specified on the command line on the form var=value. The var is a relative catinfo-name with, i.e. a info path with dot ('.') as node separator but no leading dot.
The below entry from a port.cfg file supplied by an Agent using Agent specific parameters will render the catinfo path ``tunnel.do_server''.
tunnel: do_server=1
To set this parameter to 0 when a new instace of the Agent is configured;
config add <parameters as listed below> tunnel.do_server=0
It is not verified by the config program that a parameter is actually valid for for the Agent, nor is any type checking of the value made.
Parameters:
svc is the service name of the Agent to be configured.
port the port number of the local port to be protected.
server the address of the server to connect to.
method the authentication method name of this instance.
inetd the tag name in inetd.conf
. This is mutually exclusive with the server and port options.
proto the encryption protocol to be used. This can be ssl
(Keon 5.0), dasp
(Keon 4.5), or
plain
(no encryption or authentication).
desc is a descriptive string for the Agent instance. This is used only when viewing the Agent in the configuration.
Example:
The command:
config add svc=agent-1.0 port=4711 server=127.0.0.1:25 method=TEST proto=ssl
will cause the agent-1.0
Agent to protect port 4711 on the local machine and connect to the SMTP
server. The traffic will be protected by SSL.
boks help boks [nodekey=key] [domain=dom] [servers=servlist]
Description:
Set up the Keon 4.5 parameters node key and domain, and set or remove a list of Keon 4.5 servers.
If no servers are specified, Keon 4.5 servers are located by broadcast.
Parameters:
nodekey sets the node key to key.
domain will set the Keon 4.5 domain to dom. Default is 6500.
servers will set the Keon 4.5 servers to be used to those specified in servlist. servlist is a comma (',') separated list of host names or IP addresses.
If servlist is a single dot ('.'), all previously configured servers will be removed.
Example:
The command:
config boks nodekey=aZ74K2aP servers=b1.xyz.com,b2.xyz.com
will set the node key and a server list.
config boks servers=.
will remove the server list (the Agent will then use broadcast).
ca help ca [import=file] [del=index] [list]
Description:
Add, remove, and list entries in the local trusted CA database.
Parameters:
import will install the CA certificate stored in file in the local database.
del will remove the CA certificate with index index from the local CA database. index is obtained by running ``ca list
'' (see below).
list will list all installed CA certificates by a string representation of the subject RDN concatenated with the expiration date. Each certificate entry is preceded by an index number to be used when removing a certificate.
Example:
To install a certificate:
config ca import=myca.crt
To remove the certificate with index 0:
config ca del=0
del help del port=portno
Description:
Delete an Agent instance given a port number.
Parameters:
port specifies that the Agent instance protecting port number portno will be removed.
Example:
To remove the Agent instance protecting port 4711:
config del port=4711
els help els servers=servlist
Description:
Set or remove a list of ELS server for event logging.
Parameters:
servers will set the ELS servers to be used to those specified in servlist. servlist is a comma-separated list of ELS servers with format <hostname:port> or <ip-address:port>. The default ELS port is 2479. If servlist consists of a single dot ('.'), the previously configured servers will be removed.
Examples:
To add an ELS server with IP address 192.168.0.1 and port 2479 (default ELS port):
config els servers=192.168.0.1:2479
list [help]
Description:
Print a listing of all currently configured Agent instances.
save help save [vc] [ca] [cfg] [file=filename]
Description:
Save the current configuration. This means that the configuration data, Agent Host Virtual Card file, password file, and CA certificate database file will be packed together in a single ``backup file''. This configuration file can later be unpacked to restore a previous configuration using the restore command.
WARNING:
A saved configuration file must be handled with extreme care since it may contain the password to the Agent Host Virtual Card!
<Parameters:>
vc indicates that the Agent Host Virtual Card and the password are to be included in the backup file.
ca indicates that the entire CA database is to be included in the backup file.
cfg indicates that all configuration data should be saved. This is needed to backup configuration of Agent instances.
file indicates that the backup information is written to
filename. If not supplied, the information is written to
stdout
.
If none of vc, ca, or cfg is supplied, everything is saved by default.
Note that if the Virtual Card password is stored in the configuration file itself (not in a sepearate file) the Virtual Card password is saved together with all other configuration values (i.e. the cfg switch).
Example:
To save the CA database and the configuration information in file ``mybkp.bkp'':
config save ca cfg file=mybkp.bkp
To save everything and get the result on stdout
:
config save
show [help]
Desctiption:
Display global configuration information for the Base System. This includes, for example ELS servers, the Agent Host Virtual Card file, etc.
rest help rest file=filename
Description:
Restore a previously saved configuration. Only the items that were saved will be restored (Agent Host Virtual Card, CA database file and/or configuration values). All other information will be unaffected.
WARNING:
A saved configuration file must be handled with extreme care since it may contain the password to the Agent Host Virtual Card.
Parameters:
file specifies a file containing the backup information.
Example:
To restore a previous configuration stored in ``mybkp.bkp'':
config rest file=mybkp.bkp