secure_settings
12.1 and later This API command is used to manage the security commands in Guardium.
REST API syntax
This API is available as a REST service with the
secureSettings
method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/secure_settings
GuardAPI syntax
secure_settings parameter=value
Parameters
Parameter | Value type | Description |
---|---|---|
component | String | Valid values are:
|
api_target_host | String |
Specifies the target hosts where the API executes. Valid values:
IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode. |
Secure settings for ssh
Parameter | Value type | Description |
---|---|---|
show | String | Valid values are:
|
store | String | Valid values are:
|
value | String | Options are:
|
Secure settings for ciphers
Parameter | Value type | Description |
---|---|---|
type | String | Valid values are:
|
delete | String | Valid value is:
|
disable | String | Valid values are:
|
enable | String | Valid values are:
|
show | String | Valid values are:
|
show_like | String | Valid value is:
|
store | String | Valid values are:
|
Secure settings for services
Parameter | Value type | Description |
---|---|---|
disable | String | Valid value is:
|
enable | String | Valid value is:
|
status | String | Valid value is:
|
Examples
The following command lists the secure settings.
grdapi secure_settings
ID=0
Usage: grdapi secure_settings component={sshd|ciphers|services}
arguments as necessary for the components
The following command is used to manage the ssh daemon sshd component.
grdapi secure_settings component=sshd <options>
options:
show=all
show=dsa_state
show=max_connection
show=port_number
show=secure_state
show=ssh_key_mode
show=ssh_match_address
show=version
store=dsa_state value={on|off}
store=max_connection value=<number>
store=port_number value=<number>
store=secure_state value={secure|default}
store=ssh_key_mode value={on|off}
store=ssh_match_address value=<address_expression>
The following command is used to manage the ciphers component.
grdapi secure_settings component=ciphers <options>
options:
type=java show={current|disabled}
type=java show_like=<pattern>
type=java disable=<ciphers>
type=java enable={cbc|dhe|cipherlist}
type=inspection_core show={default|all|current}
type=inspection_core show_like=<pattern>
type=inspection_core store={default|cipherlist}
type=inspection_core delete=<cipherlist>
The following command is used to manage the services component.
grdapi secure_settings component=services
usage:
grdapi secure_settings component=services status=<service>
grdapi secure_settings component=services enable=<service>
grdapi secure_settings component=services disable=<service>
Possible services to view status:
all
cas (16019)
classifier
docker
gim (8446)
guard-insights (8586)
guard-snifbufusage
gui
jproxyforwarder
jproxytimer.timer
nanny
patch_installer
readahead-disable-services
sniffer
snmpd
sonarjproxyd
stap_upload (8444)
These services can be enabled/disabled:
cas (16019)
docker
gim (8446)
guard-insights (8586)
guard-snifbufusage
patch_installer
snmpd
stap_upload (8444)