Do+Able Products 12347 Uživatelský manuál Strana 19

  • Stažení
  • Přidat do mých příruček
  • Tisk
  • Strana
    / 57
  • Tabulka s obsahem
  • KNIHY
  • Hodnocené. / 5. Na základě hodnocení zákazníků
Zobrazit stránku 18
Hardware Management Console Best Practices
- 19 -
Because the full list of HMC commands is published at the IBM HMC’s web site,
we will only reference a few security-related commands in this paper.
MKAUTHKEYS: This command updates the caller’s authorized_keys2 file
under the $HOME/.ssh/ directory with a given DSA or RSA key
generated from a client. Typically, on Linux and UNIX systems, the key
can be generated using the ssh-keygen command. With the setup of the
key in this file, a user can run HMC commands from a script without
having to enter a password or passphrase.
MKHMCUSR: This command creates a user on the HMC.
CHHMCUSR: This command changes the properties of an HMC user. This
command must be used to change hscroot’s password. Using an operating
system command to change the password will render the HMC unusable
because hscroot’s password is encrypted and safely saved away for
communicating with various subsystems running on the HMC.
RMHMCUSR: This command removes a user on the HMC. Root and
hscroot users cannot be removed using this command.
LSHMCUSR: This command lists users on the HMC.
CHHMC: This command changes subsystems and network settings on the
HMC, such as SSH, WebSM, syslog, http and network settings.
LSHMC: This command displays various HMC’s configuration settings,
code version and Vital Product Data.
LSSVCEVENTS: This command displays console events entries.
HMCSHUTDOWN: This command can be used from a remote client to shut
down or reboot the HMC. This command notifies the FSP on the
managed server that it is gracefully going away. If this command is not
used, the FSP will attempt to generate an error to indicate unexpected loss
of communication with the HMC.
UPDHMC: This command performs Software updates on the HMC.
Software can be installed from a remote ftp server or locally from the
DVD-RAM drive on the HMC.
4.7 Auditing capabilities on the HMC
A secure system also requires strong auditing capabilities. This section describes
some of the logging/auditing functions on the HMC.
Most tasks performed on the HMC (either locally or remotely) are logged in a file
iqyylog.log. These entries can be viewed by using the View Console Events task,
under the HMC Management—System Configuration application, or by using the
lssvcevents command from the restricted shell. A log entry contains the
timestamp, the user name and the task being performed. When a user logs in to
the HMC locally or from a remote client, entries are also recorded in this file. For
remote login, the client hostname or IP address are also captured. For example:
Zobrazit stránku 18
1 2 ... 14 15 16 17 18 19 20 21 22 23 24 ... 56 57

Komentáře k této Příručce

Žádné komentáře