Command-line interface
Access the command-line interface (CLI) of the appliance by using either an ssh session or the console.
The following example shows the transcript of using an ssh session to access the appliance:
usernameA@example.ibm.com>ssh -l admin webapp.vwasp.gc.au.ibm.com
admin@webapp.vmasp.gc.au.ibm.com's password:
Welcome to the IBM Security Access Manager Appliance
Enter "help" for a list of available commands
webapp.vwasp.gc.au.ibm.com>isam
webapp.vwasp.gc.au.ibm.com:isam> help
Current mode commands:
admin Start an administration session which can be used to administer
the ISAM security policy.
aac Work with the auto-configuration options.
dscadmin Start an administration session which can be used to administer
the Distributed Session Cache.
logs Work with the ISAM log files.
policy_db_dump Validate and maintain the Security Access Manager policy database.
Global commands:
back Return to the previous command mode.
exit Log off from the appliance.
help Display information for using the specified command.
reboot Reboot the appliance.
shutdown End system operation and turn off the power.
top Return to the top level.Tip: Use the help command to display
usage notes about a specific command.
The following example shows the options available under the menu.
webapp.vwasp.gc.au.ibm.com:locked> help
Current mode commands:
list List all of the locked accounts and the amount of time before each
of the accounts will be automatically unlocked.
unlock_all Unlock all of the locked accounts.
unlock <account> Unlock a specific account.The following example shows the options available under the logs menu.
webapp.vwasp.gc.au.ibm.com:logs> help
Current mode commands:
archive Archive the log files to a USB device.
delete Delete the log files which have been rolled over by the system.
delete_trace Delete the trace files (trace, stats, translog) from the system.
monitor Monitor log files on the system.The following example shows the options available under the network menu.
webapp.vwasp.gc.au.ibm.com:network> help
Current mode commands:
defgw Work with the default gateway.
dns Work with the appliance DNS settings.
hostname Work with the applaince host name.
interfaces Work with interface settings.
routes Work with the static routes.The following example shows the options available under the routes menu.
webapp.vwasp.gc.au.ibm.com:routes> help
Current mode commands:
add Add a static route.
delete Delete a static route.
edit Edit a static route.
show Show the static routes including both Active and Configured.
The usage of the policy_db_dump command is as follows:
policy_db_dump {-f <db_name>} {-l [1|2]} {-g} {-n} {-q} {-s} {-r}
{-d <find-entry-name> [-c <replace-entry-name>[:<hostname}[:<principal>]}
-f <db_name> : Specifies the name of the policy database. This argument is optional
if there is only a single ISAM domain.
-l [1|2] : The validation check level (2 is the default).
-g : Display the glossary information only.
-n : Display the object names only.
-q : Display the sequence number of the policy database.
-s : Display statistical information from the policy database.
-r : Validate and repair the policy database. The policy server will be
restarted as a result of this command.
-d: Locate an entry in the database. If the -c flag is also specified the
located entry is replaced with the new entry, otherwise the located
entry is deleted from the database. The policy server will be restarted
as a result of this command.
-c: Replace the located entry in the database. This flag can only be used
in conjunction with the -d flag. The policy server will be restarted
as a result of this command.The following example shows the options available under the aac menu.
webapp.vwasp.gc.au.ibm.com:aac> help
Current mode commands:
config Start a session which can be used to configure a Web Reverse
Proxy instance so that it can act as a point of contact for
Advanced Access Control.
unconfig Start a session which can be used to unconfigure a Web Reverse
Proxy instance so that it can no longer act as a point of
contact for Advanced Access Control.
The following example shows the options available under the tools menu:
webapp.vwasp.gc.au.ibm.com:tools> help
Current mode commands:
connect Test network connection to a certain port on a specified host.
connections Display the network connections for the appliance.
nslookup Query internet domain name servers.
ping Send an ICMP ECHO_REQUEST to network hosts.
traceroute Trace a packet from a computer to a remote destination, showing
how many hops the packet required to reach the destination and
how long each hop took.
session Test network sessions with TCP or SSL.The following example shows the options available under the support menu:
webapp.vwasp.gc.au.ibm.com:support> help
Current mode commands:
create Create a support information file.
delete Delete a support information file.
download Download a support information file to a USB flash drive.
get_comment View the comment associated with a support information file.
list List the support information files.
purge Purge the support files from the hard drive.
set_comment Replace the comment associated with a support information file.Note: The purge command deletes all core files, crashmap files,
and support files from the /var/support/ directory.
The following example shows the options available under the
pending_changes
menu:
webapp.vwasp.gc.au.ibm.com:pending_changes> help
Current mode commands:
discard Discard the pending changes for a particular user or all users.
list List all users who have outstanding pending changes.The method to access the console differs between the hardware appliance and the virtual appliance:
- For the hardware appliance, a serial console device must be used. For more information about attaching a serial console device to the hardware, see Connecting a serial console to the appliance.
- For the virtual appliance, you can access the console by using
the appropriate VMWare software.
For example, VMWare vSphere Client.
Note: The CLI contains only a subset of the functions available from the local management
interface. The following list gives a high-level overview of the functions available from the
command-line interface. To see a list of the options for these commands, type the command name
followed by -help.
- firmware
- Work with firmware images.
- fixpacks
- Work with fix packs.
- hardware
-
Work with the baseboard management controller (BMC) module. This command is not available on the virtual appliance.
- license
- Work with licenses.
- lmi
- Work with the local management interface.
- management
- Work with management settings.
- snapshots
- Work with policy snapshot files.
- support
- Work with support information files.
- tools
- Work with network diagnostic tools.
- updates
- Work with firmware and security updates.
You can also use a web service call to run most CLI commands. The web service URL
is https:<appliance>/core/cli. For details about the usage of this web
service, see the REST API documentation.
Note: The following CLI commands cannot be run via the web service:
- isam > admin
- isam > dscadmin
- isam > logs > monitor
- isam > thales > rocs
- isam > thales > hsconfig
- isam > thales > cknfastrc
- isam > thales > nfdiag
- isam > thales > ckcheckinst
- hardware > ipmitool
- management > set_password
A customizable access banner can be presented on the command line interface. Use the Login Screen Header and Login Screen Message properties on the Administrator Settings page to set the access banner content.