system Command

The system command implements system-wide changes.

Type the following command from your command line.

system [access | data_client | data_vault | firewall | fsck | halt | iptables | keycopy | logu | monthly_index | passwd | reboot | secureuldp | slaac | sshkey_passphrase | update]

`system` Syntax Parameters
Parameter	Description
access	Grants full access to the application.  When Data Privacy mode is disabled, only one password is required to gain the access. The password can be changed using the system passwd command. When Data Privacy mode is enabled, the two Security Keys will be required to gain access. You cannot change the Security Keys using the `system passwd` command. However, you can use the GUI (from Administration > System Settings > General > Data Privacy Options) to reset your Security Keys, see Data Privacy Options.
data_client [ add<username> \| delete <username> \| list]	add <username> - Creates a new account, the following constraints apply to usernames: The first character of the username must be lower/upper case letter, or a number. All characters, except the first character, must be lower/upper case letters, numbers, underscore character ('_') or period character ('.') delete <username> - Deletes the existing user account list - Displays all existing user accounts
data_vault [enable \| status \| lock \| unlock \| change_password \|enable_auto_unlock \| disable_auto_unlock]	The Data Vault feature manages encryption of all data volumes including archives. By default, the data vault is disabled and the data volumes are in unlocked state. Once the feature is enabled, it cannot be disabled. Enabling the data vault feature begins the encryption of data volumes; but the data volumes are in unlocked state and are accessible to users. An administrator logged in via the CLI as `root` has the rights to enable, lock, or unlock the data vault, or to check the status of the data volumes. If the system is restarted for any purpose by any user, the data volumes are locked. If `N` was entered at the prompt `Save the password to automatically decrypt the data on boot time? (y/N)`while enabling the Data Vault feature, an administrator user must run the `data_vault` command to unlock the data volumes to be able to resume using the data volumes. Whereas, if `y` was entered at the prompt while enabling the Data Vault feature, the data volumes are automatically unlocked after the system reboot. Note: This feature can be used on a new LogLogic LMI installation, but not after an upgrade. The Data Vault feature is not supported in an HA setup and for data archived on Centera volumes. Data migration is not supported when the Data Vault feature is enabled. If you are using LogLogic^® Management Center with LogLogic LMI, you must use the auto unlock configuration, that is, you must type `y` at the prompt `Save the password to automatically decrypt the data on boot time? (y/N)`. If you are not using LogLogic^® Management Center, then saving the password is not recommended. enable - Enables the encryption of data volumes. status - Displays the status of the Data Vault feature. lock - Stops all LogLogic LMI processes and locks the data vault. This option is useful in testing. unlock - Unlocks the data vault after system reboot. change_password - Changes the password of the data vault. enable_auto_unlock - Saves the encrypted password to be used for automatically unlocking the data vault at boot time. disable_auto_unlock - Removes the saved password to be used for automatically unlocking the data vault at boot time.
firewall [enable \| disable \|status \| list \| add <All/SingleIp/CIDR> <port> <TCP/UDP> <accept/deny> \|remove]	Configures the firewall setting. enable - Enables the firewall. disable - Disables the firewall. status - Displays the status of the firewall. list - Displays a list of firewall rules in the system. add - Adds a new set of IP address (All or Single IP/ CIDR), protocol (TCP or UDP), port number, and action (accept or deny). remove - Removes a set of IP address, protocol, port number, and action. On the GUI, the firewall can be configured from Administration > Firewall Settings.
halt	Halts the appliance.
iptables [ on \| off ]	Enables (on) or disables (off) the appliance iptables. This can be used for Firewall Settings.
keycopy	Copies the LogLogic product family public key to establish secure file transfer access with another server. The public key is used for file authentication when transferring files using the secure protocols SCP or SFTP.
logu [enable \| disable \| status]	Enables or disables the Advanced Features. The default is No. status - Prints the status of the Advanced Features.
monthly_index [enable \| disable\| status]	Enables or disables the Monthly Index feature. The default is No. status - Displays the status of the Monthly Index feature. This feature can be enabled only if the Advanced Features option is enabled. To disable archiving of indexes while the raw data is archived, see How Archive Storage Works.
passwd [ cli \| shell ]	Changes the password for the CLI or system account. If an old password is present, the system prompts you for the old password and compares it against the stored password. After the system authenticates the user, password aging information is checked to see if the user is permitted to change their password. If the user is authenticated, the system prompts for a replacement password. If the password is accepted, `passwd` prompts again and compares the second entry against the first. Both entries must match to successfully change the password. This command with no option means change the password for CLI or shell access.
reboot	Reboots the appliance.
secureuldp [ create csr \| install rootCA \| install certificate \| delete rootCA \| delete certificate \| show csr]	create csr - Creates a certificate signing request. install rootCA - Parses and installs the rootCA certificate. install certificate - Parses and installs the certificate. delete rootCA - Deletes the rootCA certificate. delete certificate - Deletes the certificate from the appliance. show csr - Displays the certificate signing request. If secureuldp is On, you must manually restart `engine_uldpcollector` after installing or deleting the rootCA or LogLogic LMI certificate: mtask -s engine_uldpcollector restart
slaac [enable \| disable \| status]	This command manages the Stateless Autoconfiguration (SLAAC) feature of IPv6. By default, the feature is turned off. enable - Enables SLAAC. disable - Disables SLAAC. status - Displays the status of SLAAC.
sshkey_passphrase [enable\|disable\|unlock\|change_pass\|status]	This command controls the sshkey_passphrase feature. Once this feature is enabled, the SSH private key is stored in an encrypted format. The private key can only be used after being unlocked with assigned passphrase every time the system boots up. If the passphrase is not unlocked, any file collection or backup configurations using an SSH-based communication channel. HA is affected and stopped until the passphrase is unlocked. enable - Enables the SSH private key encryption feature. disable - Disables the SSH private key encryption feature. The private key is stored in plain text format. unlock - Decrypts the encrypted SSH private key and stores the key in the key management daemon. change_pass - Assigns a new passphrase to the current SSH private key. status - Prints the status of the sshkey_passphrase feature. Note: The following constraints apply to this feature to work in HA (failover) mode: The feature cannot be enabled or disabled when HA is configured. To use the feature in HA mode, the feature must be enabled separately on both nodes in the HA pair. In HA pair, the unlocked private key is not passed from the MASTER node to VICEMASTER node. This means that, if one node in the pair is rebooted, it requires manual step to login to the node and unlock the private key, for HA to work properly.
update	Checks and updates files from one version to another version. You can use this command to update files on a smaller scale.

The system access command differs from the system passwd command. For example, currently the application is password protected. The system access command lets you access the application and use the system passwd command to change the password for the CLI or system account.

To enable IP tables:

> system iptables on

> system reboot

> system passwd cli
Enter password:
Re-enter new password:

> system update
Choose an upgrade file from the list:
0: update.tar.bz2
1: exit
>> 0

Copying the Public Key to Another Server

To copy the LogLogic product family public key to another server, you must establish a secure file transfer.

Prerequisites

Set the permissions of the ~/.ssh/authorized_keys file to 600 by running the following command:

chmod 600 ~/.ssh/authorized_keys

Unless the file has permission 600, the files cannot be backed up to the server.

Procedure

In the appliance CLI, copy the public SSH key of the appliance to the server:
1. Run the system keycopy command.
  > system keycopy
  The appliance asks whether to test or copy the key.
2. Enter C to copy the key.
  The appliance copies the key to the server and displays its pathname.
3. Note down the displayed server path where the key is copied.
  You later need to append this file to -/.ssh/authorized_keys on the server. The appliance asks for the server IP address.
4. Enter the server IP address (provided by your Administrator).
  The appliance asks for the server user name.
5. Enter the user name (provided by your Administrator).
  The appliance asks for confirmation of the displayed host IP address and RSA key fingerprint.
6. Enter yes.
  The appliance reports that it permanently added the appliance as a known host, and then asks for the password.
7. Enter the password.
  The appliance prompts you to configure the server with the appliance’s key, appending it to -/.ssh/authorized_keys on the server. For example:
```
SCP Server: IP-address
login as: scpdata
=============================================================
Machine Name:  sqalinux
Owner: SQA Administrator
Groups: RE/SQA/Documentation
Last Update: Mar 25, 2009
=============================================================
SCP_server:~> ls -l /tmp/LOGLOGICPUBKEY
-rw-r--r--    1 scpdata  users         611 2009-12-03 18:07 LOGLOGICPUBKEY
SCP_server:~> cat /tmp/LOGLOGICPUBKEY >> ~/.ssh/authorized_keys
```
  The server setup is complete.
Verify the server setup.
1. Run the system keycopy command.
  > system keycopy
  The appliance asks whether to test or copy the key.
2. Enter T to test the key.
  The appliance tasks for the server IP address.
3. Enter the server IP address (provided by your Administrator).
  The appliance asks for the server user name.
4. Enter the user name (provided by your Administrator).
  The appliance copies a test file (scptestfile) to the server and then copies it back to the LogLogic appliance.
  The appliance displays when the test copy is complete successfully.

Applying the File Updates

> system update
Choose an upgrade file from the list:
0: update.tar.bz2
1: exit
>> 0

Contents