system Command

The system command implements system-wide changes.

Type the following command from your command line.

system [access | advanced_aggregation | data_client | data_vault | fips | firewall | fsck | halt | iptables | keycopy | logu | monitoring_console | monthly_index | monthly_index_load_divisor |passwd | reboot | secureuldp | ipv6_slaac | sshkey_passphrase | update]

`system` Syntax Parameters
Parameter	Description	Options
access	Grants full access to the application.  When Data Privacy mode is disabled, only one password is required to gain the access. The password can be changed using the `system passwd` command. When Data Privacy mode is enabled, the two Security Keys are required to gain access. You cannot change the Security Keys using the `system passwd` command. However, you can use the GUI (from Administration > System Settings > General > Data Privacy Options) to reset your Security Keys, see Data Privacy Settings.	None
advanced_aggregation [enable \| disable \| status]	Enable or disable the Advanced Aggregation features. After enabling the Advanced Aggregation option, the Management > Rules > Aggregation tab is visible to users and they can use the Advanced Aggregation features. By default, Advanced Aggregation is switched off. This feature can be enabled only if the Advanced Features option is enabled. Important: Before disabling Advanced Aggregation, ensure that you delete or disable any advanced aggregation rules to avoid storing unnecessary aggregated data. To enable or disable this feature using the GUI, see the Advanced Aggregation setting.	enable - Enables the Advanced Aggregation feature. disable - Disables the Advanced Aggregation feature. status - Displays whether the Advanced Aggregation feature is enabled or disabled.
data_client [ add<username> \| delete <username> \| list]	Creates or deletes a user account.	add <username> - Creates a new account, the following constraints apply to user names: The first character of the username must be lower/upper case letter, or a number. All characters, except the first character, must be lower/upper case letters, numbers, underscore character ('_') or period character ('.') delete <username> - Deletes the existing user account list - Displays all existing user accounts
data_vault [enable \| status \| unlock \| change_password \|enable_auto_unlock \| disable_auto_unlock \| enable_auto_unlock_once]	Manages encryption of all data volumes including archives. By default, the data vault is disabled and the data volumes are in unlocked state. If the Data Vault feature is enabled on LogLogic EVA, auto unlock is disabled, and you want to attach additional hard drives, run the following command before adding additional hard drives: system data_vault enable_auto_unlock_once When the appliance restarts, the saved encrypted password is used to automatically unlock the data vault. If the Data Vault feature is enabled on LogLogic LMI and you are upgrading to 6.3.0, you must install the hotfix LMI-6.2.1_6.2.0-HF-LLCE-3207-3210 to first decrypt the data volumes. Then encrypt them again by using the `system data_vault` command. For more information, see Data Encryption.	enable - Enables the encryption of data volumes. status - Displays whether the Data Vault feature is enabled or disabled. unlock - Unlocks the data vault after system reboot. change_password - Changes the password of the data vault. enable_auto_unlock - Saves the encrypted password to be used for automatically unlocking the data vault at boot time. disable_auto_unlock - Removes the saved password to be used for automatically unlocking the data vault at restart time. enable_auto_unlock_once - Automatically unlocks the data vault using the saved encrypted password, for only the next system restart. The password is deleted after one use.
fips [enable \| disable \| status]	Enables or disables the Federal Information Processing Standard (FIPS) mode on the appliance. FIPS libraries are preinstalled in LogLogic LMI. Enabling the FIPS mode ensures that FIPS-compliant libraries are used during secure communication.	To enable FIPS mode, run the command: > system fips enable When prompted, type `yes` to reboot the appliance for the changes to take effect. To disable the FIPS mode, run the command: > system fips disable When prompted, type `yes` to reboot the appliance for the changes to take effect. Note: In an HA setup, disable the failover on both appliances, enable the FIPS mode, and then reenable the failover. status - Displays whether FIPS is enabled or disabled.
firewall [enable \| disable \|status \| list \| add <All/SingleIp/CIDR> <port> <TCP/UDP> <accept/deny> \| remove \| port <add/remove> <TCP/UDP> <port> <desc> >]	Configures the firewall setting. On the GUI, the firewall can be configured from Administration > Firewall Settings. SeeAdding an Input Rule.	enable - Enables the firewall. disable - Disables the firewall. status - Displays whether the firewall is enabled or disabled. list - Displays a list of firewall rules in the system. add - Adds a new set of IP address (All or Single IP/ CIDR), port number, protocol (TCP or UDP), and action (accept or deny). Note: The value is case-sensitive. remove - Removes a set of IP address, protocol, port number, and action. port - Adds or removes a port for use in a firewall rule.
fsck [enable \| disable \| status]	Performs a file system check.	enable - Enables fsck check on system reboot or startup. disable - Disables fsck check on system reboot or startup. status - Displays whether fsck is enabled or disabled.
halt	Halts the appliance.	None
iptables [ on \| off ]	Enables or disables the appliance iptables. This can be used for Firewall Settings.	on - Enables the appliance iptables. off - Disables the appliance iptables.
ipv6_slaac [enable \| disable \| status]	Manages the Stateless Autoconfiguration (SLAAC) feature of IPv6. By default, the feature is turned off.	enable - Enables SLAAC. disable - Disables SLAAC. status - Displays whether SLAAC is on or off.
keycopy [dsa]	By default, copies the RSA public key of the LogLogic product family to establish secure file transfer access with another server. The public key is used for user authentication when transferring files using the secure protocols SCP or SFTP.	dsa - Copies the Digital Signature Algorithm (DSA) public key to the target server. This parameter is available for backward compatibility.
logu [enable \| disable \| status]	Enables or disables the Advanced Features. The default is No. After running `logu enable`, you must exit from the root shell for `mtask` to restart and the changes to take effect.	enable - Enables the Advanced Features. disable - Disables the Advanced Features. status - Displays whether Advanced Features are enabled or disabled.
monitoring_console [enable \| disable \| status]	Enables or disables the monitoring console. After enabling the monitoring console, the Monitoring > Console menu is available to users and they can use the monitoring console. You can enable or disable this feature from the GUI using the Monitoring Console setting.	enable - Enables the monitoring console feature. disable - Disables the monitoring console feature. status - Displays whether the monitoring console feature is enabled or disabled.
monthly_index [enable \| disable\| status]	Enables or disables the Monthly Index feature. The default is No. This feature can be enabled only if the Advanced Features option is enabled. To disable archiving of indexes while the raw data is archived, see Monthly Index.	enable - Enables the Monthly Index feature. disable - Disables the Monthly Index feature. status - Displays whether the Monthly Index feature is enabled or disabled.
monthly_index_load_divisor [show \| set [1-5] ]	Controls what fraction of the monthly index terms are loaded into memory during an Advanced Search. You can enable or disable this feature from the GUI using the Monthly Index Load Divisor setting.	show - Displays the value of monthly index load divisor. set - Sets the value of the monthly index load divisor.
passwd [ cli \| shell ]	Changes the password for the CLI or system account. If an old password is present, the system prompts you for the old password and compares it against the stored password. After the system authenticates the user, password aging information is checked to see if the user is permitted to change their password. If the user is authenticated, the system prompts for a replacement password. If the password is accepted, `passwd` prompts again and compares the second entry against the first. Both entries must match to successfully change the password.	This command with no option means change the password for CLI or shell access.
reboot	Reboots the appliance.	None
secureuldp [ create csr \| install rootCA \| install certificate \| delete rootCA \| delete certificate \| show csr]	If secureuldp is On, you must manually restart `engine_uldpcollector` after installing or deleting the rootCA or LogLogic LMI certificate: mtask -s engine_uldpcollector restart	create csr - Creates a certificate signing request. install rootCA - Parses and installs the rootCA certificate. install certificate - Parses and installs the certificate. delete rootCA - Deletes the rootCA certificate. delete certificate - Deletes the certificate from the appliance. show csr - Displays the certificate signing request.
sshkey_passphrase [enable \| disable \| unlock \| change_pass \|status]	This command controls the sshkey_passphrase feature. Once this feature is enabled, the SSH private key is stored in an encrypted format. The private key can only be used after being unlocked with assigned passphrase every time the system boots up. If the passphrase is not unlocked, any file collection or backup configurations using an SSH-based communication channel. HA is affected and stopped until the passphrase is unlocked. Note: The following constraints apply to this feature to work in HA (failover) mode: The feature cannot be enabled or disabled when HA is configured. To use the feature in HA mode, the feature must be enabled separately on both nodes in the HA pair. In HA pair, the unlocked private key is not passed from the MASTER node to VICEMASTER node. This means that, if one node in the pair is rebooted, it requires manual step to login to the node and unlock the private key, for HA to work properly.	enable - Enables the SSH private key encryption feature. disable - Disables the SSH private key encryption feature. The private key is stored in plain text format. unlock - Decrypts the encrypted SSH private key and stores the key in the key management daemon. change_pass - Assigns a new passphrase to the current SSH private key. status - Displays whether sshkey_passphrase feature is enabled or disabled.
update	Checks and updates files from one version to another version. You can use this command to update files on a smaller scale.	None

The system access command differs from the system passwd command. For example, currently the application is password protected. The system access command lets you access the application and use the system passwd command to change the password for the CLI or system account.

To enable IP tables:

> system iptables on

> system reboot

> system passwd cli
Enter password:
Re-enter new password:

> system update
Choose an upgrade file from the list:
0: update.tar.bz2
1: exit
>> 0

Copying the Public Key to Another Server

To securely forward data to another LMI host or to securely perform LMI backups the public part of an SSH keypair must be copied to the destination system.

Prerequisites

For LogLogic LMI 6.2.0 or earlier: Set the permissions of the ~/.ssh/authorized_keys file to 600 by running the following command:

$ chmod 600 ~/.ssh/authorized_keys

Procedure

In the appliance CLI, copy the public SSH key of the appliance to the server:
1. Run the system keycopy command.
```
> system keycopy
```
  The appliance asks whether to test or copy the key.
2. Enter C to copy the key.
  The appliance copies the key to the server and displays its pathname.
3. Note down the displayed server path where the key is copied.
  You later need to append this file to -/.ssh/authorized_keys on the server. The appliance asks for the server IP address.
4. Enter the server IP address (provided by your Administrator).
  The appliance asks for the server user name.
5. Enter the user name (provided by your Administrator).
  The appliance asks for confirmation of the displayed host IP address and RSA key fingerprint.
6. Enter yes.
  The appliance reports that it permanently added the appliance as a known host, and then asks for the password.
7. Enter the password.
  The appliance prompts you to configure the server with the appliance’s key, appending it to -/.ssh/authorized_keys on the server. For example:
```
SCP Server: IP-address
login as: scpdata
=============================================================
Machine Name:  sqalinux
Owner: SQA Administrator
Groups: RE/SQA/Documentation
Last Update: Mar 25, 2009
=============================================================
SCP_server:~> ls -l /tmp/LOGLOGICPUBKEY
-rw-r--r--    1 scpdata  users         611 2009-12-03 18:07 LOGLOGICPUBKEY
SCP_server:~> cat /tmp/LOGLOGICPUBKEY >> ~/.ssh/authorized_keys
```
  The server setup is complete.
Verify the server setup.
1. Run the system keycopy command.
```
> system keycopy
```
  The appliance asks whether to test or copy the key.
2. Enter T to test the key.
  The appliance tasks for the server IP address.
3. Enter the server IP address (provided by your Administrator).
  The appliance asks for the server user name.
4. Enter the user name (provided by your Administrator).
  The appliance copies a test file (scptestfile) to the server and then copies it back to the LogLogic appliance.
  The appliance displays when the test copy is complete successfully.

Applying the File Updates

> system update
Choose an upgrade file from the list:
0: update.tar.bz2
1: exit
>> 0

Contents