HP TippingPoint Next Generation Firewall CLI Reference Guide

HP TippingPoint
Security Management System
CLI Reference

Version 4.0

Abstract

This information describes HP TippingPoint Security Management System (SMS) high and low level commands, and
contains information for using the SMS command line interface. This information is for system administrators,
technicians, and maintenance personnel responsible for installing, configuring, and maintaining HP TippingPoint SMS
appliances and associated devices.

*5998-5015*

Par t N umbe r: 5998-5015
August 2013

Legal and notice information

© Copyright 2011–2013 Hewlett-Packard Development Company, L.P.

Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this material.

This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or
translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any
kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.

TippingPoint®, the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard All other company and product names
may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are
the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative
work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.

UNIX® is a registered trademark of The Open Group.

Security Management System CLI Reference

Publication Part Number: 5998-5015

Product Part Number: JC679A

Table of Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi

Typefaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi

Document Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

1 Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Command Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Remote Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

HTTP and HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

SMB (Samba) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

The help Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 SMS Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

cls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

diags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

factoryreset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

fips-mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

ftp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

get . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

ipconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

kbdcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

mgmtsettings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

nic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

nicsettings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

quit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Security Management System CLI Reference i

reverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

scp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

service-access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

snmp-request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

snmp-trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

snmpget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

snmpwalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

who . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3 SMS Attributes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Attribute Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

cli. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

ctl. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

kbd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

pkg. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

pwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

route. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

route6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

smtp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

svc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

sys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

ii

List of Tables

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

1 Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Table 1-1 - Help Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 SMS Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Table 2-1 - Help Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Table 2-2 - Security Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 2-3 - ping Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 2-4 - ping6 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Table 2-5 - traceroute Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Table 2-6 - vi Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3 SMS Attributes and Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Table 3-1 - CLI Attribute Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Table 3-2 - cli Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Table 3-3 - ctl Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Table 3-4 - db Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 3-5 - dns Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Table 3-6 - HA Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Table 3-7 - health Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Table 3-8 - kbd Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Table 3-9 - license Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Table 3-10 - logs Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Table 3-11 - net Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

Table 3-12 - ntp Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Table 3-13 - pkg Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Table 3-14 - pwd Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Table 3-15 - radius Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Table 3-16 - route Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Table 3-17 - route6 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 3-18 - smtp Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Table 3-19 - snmp-request Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Table 3-20 - snmp-trap Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 3-21 - svc Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Table 3-22 - sw Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Table 3-23 - sys Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Table 3-24 - time Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Security Management System CLI Reference iii

iv

About This Guide

The Security Management System CLI Reference provides information about using the SMS command line
interface to configure the HP TippingPoint Security Management System (SMS). This guide includes an
SMS command reference as well as reference information about attributes and objects used by the SMS.

This section covers the following topics:

• Target Audience, page v

• Related Documentation, page v

• Document Conventions, page vi

• Customer Support, page viii

Target Audience

The intended audience includes technicians and maintenance personnel responsible for installing,
configuring, and maintaining HP TippingPoint security systems and associated hardware. Users should be
familiar with networking concepts as well as the following standards and protocols:

•TCP/IP

•UDP

•ICMP

•Ethernet

• Simple Network Time Protocol (SNTP)

• Simple Mail Transport Protocol (SMTP)

• Simple Network management Protocol (SNMP)

Related Documentation

Access the documentation at http://www.hp.com/support/manuals . For the most recent updates for your
products, check the HP Networking Support web site at http://www.hp.com/networking/support

.

Security Management System CLI Reference v

Document Conventions

This guide uses the following document conventions.

• Typefaces, page vi

• Document Messages, page vii

Typefaces

HP TippingPoint publications use the following typographic conventions for structuring information:

Document Typographic Conventions

Convention Element

Medium blue text Cross-reference links and e-mail addresses.

Medium blue, underlined text Website addresses.

Bold font • Key names.

Italics font Text emphasis, important terms, variables, and publication titles.

Monospace font • File and directory names.

• Text typed into a GUI element, such as into a box.

• GUI elements that are clicked or selected, such as menu and list

items, buttons, and check boxes. Example: Click

•System output.

•Code.

• Text typed at the command-line.

OK to accept.

Monospace, italic font •Code variables.

• Command-line variables.

Monospace, bold font Emphasis of file and directory names, system output, code, and text

typed at the command line.

vi

Document Messages

Document messages are special text that is emphasized by format and typeface. This guide contains the
following types of messages:

• Warning

•Caution

•Note

•Tip

WARNING! Warning notes alert you to potential danger of bodily harm or other potential harmful

consequences.

CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow

directions could result in damage to equipment or loss of data.

NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific

importance in clarifying information or instructions are denoted as such.

IMPORTANT: Another type of note that provides clarifying information or specific instructions.

TIP: Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more

easily or more efficiently.

Security Management System CLI Reference vii

Customer Support

HP TippingPoint is committed to providing quality customer support to all customers. Each customer
receives a customized support agreement that provides detailed support contact information. When you
need technical support, refer to your support agreement or use the following information to contact
Customer Support.

Before You Contact Support

For a quick and efficient resolution of your problem, take a moment to gather some basic information from
before you contact HP TippingPoint customer support:

Information Find It Here...

Your customer number Customer Support Agreement or the shipping invoice that came

with the appliance.

SMS serial number Bottom of the SMS server chassis, or use SMS CLI

SMS version number In the SMS client, on the Admin screen, or in the Updates area of

TOS version number In the SMS client, on the Devices screen (an entry for each

DV Toolkit version number In the SMS client, on the Profiles (DV Toolkit Packages) screen.

Managed device serial numbers Local Security Manager Dashboard or the shipping invoice that

Contact Information

For additional information or assistance, contact the HP Networking Support:

http://www.hp.com/networking/support

Before contacting HP, collect the following information:

• Product model names and numbers

• Technical support registration number (if applicable)

• Product serial numbers

• Error messages

• Operating system type and revision level

• Detailed questions

key command.

the SMS dashboard.

device).

came with the appliance.

viii

Contact an HP Authorized Reseller

For the name of the nearest HP authorized reseller, see the contact HP worldwide website:

http://www.hp.com/country/us/en/wwcontact.html

1 Using the Command Line Interface

The command line interface (CLI) can be used to configure many aspects of the SMS. It includes wizards,
high level commands, and low level commands.

Overview

This chapter explains how to use the SMS CLI.

NOTE: To use the SMS CLI, you must be logged in with an account that has SuperUser rights.

This section includes the following topics:

•”Usage” on page 1

•”The help Command” on page 3

Usage

Most SMS commands consist of the following elements:

• command — the name of the command you want to issue

• object — the name of a collection of related attributes (attribs)

• attrib — the name of a data variable or parameter on which you want to run the command

[=value] — optional syntax you can use with the set command and other writable commands to
define the value of the attrib you specify. If you do not use this syntax, the system goes into interactive
mode and prompts you for the value. See ”Command Types” on page 1 for more information about
interactive commands.

NOTE: To clear the value of any attribute type a period (.) after the equal sign (=) or when prompted.

These elements are case-sensitive. You can use any of the following syntax to run an SMS command:

command
command object
command object.attrib
command object.attrib=value

Other SMS commands use a syntax similar to standard UNIX commands, as shown in the following
example:

command -option value

Command Types

SMS commands are either read, write, or read and write. In addition, commands are either interactive,
non-interactive, or might support both options.

• Interactive commands — automatically prompt you for attribute values if you use the appropriate

syntax. Interactive commands also provide you with the current values of their attributes.

• Non-interactive commands — are either read-only or require you to specify the values you want to set.
For example, the get command is non-interactive because it is read-only. As another example, the date
command is non-interactive. If you want to set the date, you must type

date value.

Security Management System CLI Reference 1

Interactive Mode Syntax

You can use any of the following syntax options to initiate an interactive CLI command:

•

command — If you type the command name, the CLI prompts you to set values for all attribs associated

with that command.

•

command object — If you specify the object of a particular command, the CLI prompts you to set

values for all attribs associated with that object.

•

command object.attrib — If you specify an object and attribute of a particular command, the CLI

prompts you to set the value of the attribute you specified.

Example

Following is an example of the set command in interactive mode. Items in bold are typed by the user. Items
in brackets ([ ]) indicate the current value of the attribute specified.

Set All System Information Using Interactive Mode

1. Type the following command:

set sys

The system returns prompts for information. Default values are listed in brackets. To use the default
value, press Enter.

2. The system prompts you to set the value for the contact attribute:

System contact (sys.contact=[Customer Contact]) = Brit

3. Type a value for the location attribute and press Enter:

System location (sys.location=[First floor lab]) =

4. Type a value for name attribute and press Enter:

System name (sys.name=[sms25]) =

5. The system returns the following confirmation message:

Result: Success

System contact (sys.contact ) = Brit
System location (sys.location ) = First floor lab
System name (sys.name ) = sms25
System serial number (sys.serialNum) = X-SMA-ST-SMS25-0001

Remote Paths

Several commands accept remote paths as input. The remote paths specify a resource on an external
server that can be accessed by the SMS server. Remote files that can be specified as input to an operation
may be accessed using the HTTP, HTTPS, FTP, NFS, or SMB (Samba) protocols.

Remote directories that are used for saving SMS-based files to a remote server can be accessed through
the NFS or SMB protocols. Files are always mounted with read-only access. Directories are mounted
read-only when possible.

Remote paths are specified as a single string value. The details for each protocol are listed in the following
sections. In each example, items in italics are variables. When using the path syntax, you must replace
them with the appropriate values for your paths. Items in brackets ([ ]) are optional.

FTP

You can use the following formats for the FTP protocol:

• Complete specification:

•Anonymous FTP: ftp://server/directory/filename

• Specifying a user name and password: ftp://username:password@server/directory/filename

• FTP Examples:

ftp://10.11.12.13/pub/sms-0.0-0.500.pkg
ftp://steve:password@10.11.12.13/pub/sms-0.0-0.500.pkg

ftp://[username:password@]server[:port]/directory/filename

2 Using the Command Line Interface

HTTP and HTTPS

You can use the following format for the HTTP and HTTPS protocols:

• Complete specification:

https://[username:password@]server[:port]/directory/filename

• HTTP Example:

http://www.servername.com:8000/files/sms-0.0-0.500.pkg

NFS

You can use the following formats for the NFS protocol:

• Remote directory specification—server:/exportedDirectory

• Remote file specification—server:/exportedDirectory/filename

•NFS Example:

nfsserver.domain.com:/public/upgrades/sms-0.0-0.500.pkg

SMB (Samba)

You can use the following formats for the SMB protocol:

• Remote file specification:

• Complete specification: //server/sharename[/directory][/filename] [-o option-list]

Options can be provided to the SMB mount operation by appending them to the end of the mount point
value, and using a space character to separate the values. Options might include the username, password,
and workgroup. Options can be joined together using a comma as a separator.

• SMB Example:

//winbox/pub/sms.pkg -o workgroup=mydomn,username=steve,password=ps111

http://[username:password@]server[:port]/directory/filename or

//server/sharename/directory/filename

The help Command

The help command returns documentation about the specified command, object, or attribute.

Syntax

help
help --full
help --attribs
help object.attrib
help --cmds
help cmd
help --objs
help object
help --background
help background
help --topic
help topic

Description

The help command is a non-interactive, read command that returns documentation about a command,
object, or attribute that you specify.

NOTE: In the help command syntax, you can use the question mark (?) interchangeably with the word

“help.” For example, you could type the following to view documentation about all commands:

? --cmds

Security Management System CLI Reference 3

Objects and Attributes

The following objects and attributes can be used with the help command:
Table 1-1 Help Commands

Command Description

help --full

help -- attribs

help --objs

help --cmds

help --background

Lists all commands, objects, and attributes

Lists all attributes

Lists all objects, or collections of attributes

Lists all commands

Lists background topics

Example

To see documentation about the sys object, type help sys. The system returns the following results:

sys: System information
System information can be viewed and updates using the “sys” object.

Read-write:
name, contact, location

Read-only:
serialNum

4 Using the Command Line Interface

2 SMS Command Reference

This chapter describes the SMS commands and the options available for each command.

NOTE: To use the SMS CLI, you must be logged in with an account that has SuperUser rights.

clear

Clears the screen.

Usage

clear

Aliases

cls

cls

Clears the screen.

Usage

cls

Aliases

clear

console

date

delete

The console command shows a list of messages that have been sent to the console since the last reboot.

Usage

console

Displays and sets the system time. Without a parameter, date will return the current system date and time.
The parameter allows a new date to be specified.

Usage

date [MMDDhhmm[[CC]YY][.ss]]

Related Objects

time

Deletes user files. User files are archived and exported files generated from the database contents.

Usage

delete file [...]

Related Commands

dir, view, vi

diags

Runs diagnostics tests and checks system health. The --force option will run diagnostics without prompting
for confirmation. Runs tests for the system, database, network, tmc, and password and provides status. For
tmc, tests the connection to the tmc and the package server.

Security Management System CLI Reference 5

dir

dns

Usage

diags [--force]

Returns a listing of files contained in the user directory.

Usage

dir

Related Commands

delete, view, vi

The dns command interactively prompts for DNS (Domain Name Service) settings used to resolve host
names to IP address values. To clear server values, use a period (.). The dns object contains default domain
name, DNS search list, and DNS server information.

Usage

dns

Related Commands

nic, ntp

Related Objects

dns

exit

Closes the session.

Usage

exit

Aliases

quit, Ctrl-D

factoryreset

This command is an interactive command that resets the system to the factory defaults. The SMS version is
not changed, however, all other system settings are restored to the factory defaults and all data is lost. You
MUST reboot the SMS for this command to complete.

The factory reset command also resets this system network settings. You CAN NOT access the system via
networking after the reboot is completed. A VGA console, or serial port access is required to reconfigure
networking.

Usage

factoryreset

Related Command

setup

fips-mode

Used to configure the SMS into one of three levels of FIPS operation:

• Disabled – When placed into this mode, no additional FIPS compliance actions/restrictions are

activated in the SMS.

• Crypto – When the SMS is placed into Crypto mode, the SSH terminal negotiates connections using

only FIPS 140-2 approved algorithm. This mode affects only the SSH terminal connections for the SMS.

6 SMS Command Reference

ftp

• Full – When placed into this mode, the SMS functions in a manner compliant with the FIPS 140-2
publication specified by the National Institute of Standards and Technology. The SMS automatically
reboots when placed into full FIPS mode or when full FIPS mode is disabled.

Usage

fips-mode

Caveats

Full FIPS mode is not available for vSMS. Transitioning the SMS to operate in Full FIPS mode implements
changes to core elements of the SMS server, reboots the SMS, and requires you to upload a new SMS key
package. A transition to Full FIPS mode does the following:

• Deletes all SMS users.

• Removes all SMS backup and device snapshots stored on the SMS server.

• Deletes all custom responder actions.

• Regenerates SSH server and HTTPS web security keys.

For more information about FIPS mode, see the SMS User Guide.

The FTP (File Transfer Protocol) client is used to move files to and from the user directory for the SMS server.
The contents of the user directory can be listed with the dir command. Files can be viewed with the view
command, and deleted with the delete command.

Usage

ftp [hostName|hostAddress]

After starting the ftp client, issue the command lcd /tmp.

get

help

Caveats

The dir/delete/view commands all operate over the contents of the user directory (/tmp). The cd or
change-directory command is disabled from the shell for reasons of security. In order for the ftp program to
see, and have access to the contents of the user directory, it is important to first change the local directory
with the command lcd /tmp. After this point, files can be copied both to and from the SMS server.

Related Commands

dir, view, delete, vi

Retrieves the value of one or more attribs or a list of attribs contained within an object.

Usage

get <attrib|object> [...]

The get command can use any read-write or read-only attribute. See ”SMS Attributes and Objects” on
page 21 for a list of attribs.

Related Commands

list, set

Returns background information on various topics and command syntax.

Usage

help [--full | --attribs | --cmds | --objs | --background | topic]

Alias

?

Security Management System CLI Reference 7

Table 2-1 Help Options

Option Description

ifconfig

ipconfig

--full

--attribs

--objs

--cmds

--background

Lists all commands, objects and attribs.

Lists all attribs.

Lists all objects (collections of attribs).

Lists all commands (default).

Lists background topics.

Displays the network settings for the box. ifconfig is an alias for the command get net, which displays the
values of the attribs contained in the net object. To change the values, use the set net command. See ”net”
on page 30.

Usage

ifconfig

Aliases

get net, ipconfig

Related Objects

net

kbdcfg

Displays the network settings for the box. ipconfig is an alias for the command get net, which displays the
values of the attribs contained in the net object. To change the values, use the set net command. See ”net”
on page 30.

Usage

ipconfig

Aliases

get net, ifconfig

Related Objects

net

Loads the kernel keymap for the console. This is useful if the console is using a non-QWERTY keyboard.
This command leads you through the configuration of a new keyboard layout.

WARNING! Do not use this option if you are using a standard QWERTY keyboard. Setting your

keyboard layout to a value with which you are not familiar could render your system inaccessible.

See Also

kbd.layout (attrib)

8 SMS Command Reference