NAME

config - configuration interface

SYNOPSIS

 config
 config [command help]
 config [command var=val ...]

where command is one of the following: add, boks, ca, del, els, list, save, show, rest

The var=value pairs are specific for each command and are described below.

DESCRIPTION

The config program is the interface used to configure Agents. It can be run in interactive mode (started without arguments) or as a command line application.

The config program is used to set up the RSA Keon Agent Base System, which includes importing the Agent Host Virtual Card and trusted CA certificates, and specifying the ELS servers and Keon 4.x parameters.

The config program is also used to define new instances of installed Agents.

Interactive mode

If run with no arguments, the config program will enter interactive mode and the tasks to be performed can be chosen from menus.

Contextual help is available for selections by entering a question mark ('?') at the prompt.

The rest of this document describes the command line interface of the config program.

Command line

Perform a single administrative operation from the command line. The parameters to be used are different for each command, but the argument help can always be given. This will list usage and a description of the current command.

The commands available are as follows:

add
Add a new Agent instance to the running set.

boks
Set up parameters for Keon 4.x.

ca
Install, remove, or list trusted CA certificates in the local database.

del
Remove an Agent instance from the running set.

els
Set up parameters for the ELS logging system.

list
List configured Agents.

save
Save current configuration.

show
Show global Base System settings.

rest
Restore a previously saved configuration.

ADD

Synopsis:

 add help
 add svc=name port=port server=srv method=meth proto=prot [desc=desc] [var=val ...]
 add svc=name hook port=port method=meth proto=prot [desc=desc] [var=val ...]

Description:

Add a new Agent instance to the running set.

This is achieved by specifying the local port to be protected and the server to connect to.

Apart form the parameters listed, any Agent specific parameters can be specified on the command line on the form var=value. The var is a relative catinfo-name with, i.e. a info path with dot ('.') as node separator but no leading dot.

The below entry from a port.cfg file supplied by an Agent using Agent specific parameters will render the catinfo path ``tunnel.do_server''.

  tunnel:
     do_server=1

To set this parameter to 0 when a new instace of the Agent is configured;

  config add <parameters as listed below> tunnel.do_server=0

It is not verified by the config program that a parameter is actually valid for for the Agent, nor is any type checking of the value made.

Parameters:

svc is the service name of the Agent to be configured.

port the port number of the local port to be protected.

server the address of the server to connect to.

method the authentication method name of this instance.

hook indicates that this port should be protected by bindhook. This is mutually exclusive with the server option.

proto the encryption protocol to be used. This can be ssl (Keon 5.0), dasp (Keon 4.5), or plain (no encryption or authentication).

desc is a descriptive string for the Agent instance. This is used only when viewing the Agent in the configuration.

Example:

The command:

 config add svc=agent-1.0 port=4711 server=127.0.0.1:25 method=TEST proto=ssl

will cause the agent-1.0 Agent to protect port 4711 on the local machine and connect to the SMTP server. The traffic will be protected by SSL.

BOKS

Synopsis:

 boks help
 boks [nodekey=key] [domain=dom] [servers=servlist]

Description:

Set up the Keon 4.5 parameters node key and domain, and set or remove a list of Keon 4.5 servers.

If no servers are specified, Keon 4.5 servers are located by broadcast.

Parameters:

nodekey sets the node key to key.

domain will set the Keon 4.5 domain to dom. Default is 6500.

servers will set the Keon 4.5 servers to be used to those specified in servlist. servlist is a comma (',') separated list of host names or IP addresses.

If servlist is a single dot ('.'), all previously configured servers will be removed.

Example:

The command:

 config boks nodekey=aZ74K2aP servers=b1.xyz.com,b2.xyz.com

will set the node key and a server list.

 config boks servers=.

will remove the server list (the Agent will then use broadcast).

CA

Synopsis:

 ca help
 ca [import=file] [del=index] [list]

Description:

Add, remove, and list entries in the local trusted CA database.

Parameters:

import will install the CA certificate stored in file in the local database.

del will remove the CA certificate with index index from the local CA database. index is obtained by running ``ca list'' (see below).

list will list all installed CA certificates by a string representation of the subject RDN concatenated with the expiration date. Each certificate entry is preceded by an index number to be used when removing a certificate.

Example:

To install a certificate:

 config ca import=myca.crt

To remove the certificate with index 0:

 config ca del=0

DEL

Synposis:

 del help
 del port=portno

Description:

Delete an Agent instance given a port number.

Parameters:

port specifies that the Agent instance protecting port number portno will be removed.

Example:

To remove the Agent instance protecting port 4711:

 config del port=4711

ELS

Synopsis:

 els help
 els servers=servlist

Description:

Set or remove a list of ELS server for event logging.

Parameters:

servers will set the ELS servers to be used to those specified in servlist. servlist is a comma-separated list of ELS servers with format <hostname:port> or <ip-address:port>. The default ELS port is 2479. If servlist consists of a single dot ('.'), the previously configured servers will be removed.

Examples:

To add an ELS server with IP address 192.168.0.1 and port 2479 (default ELS port):

 config els servers=192.168.0.1:2479

LIST

Synopsis:

 list [help]

Description:

Print a listing of all currently configured Agent instances.

SAVE

Synposis:

 save help
 save [vc] [ca] [cfg] [file=filename]

Description:

Save the current configuration. This means that the configuration data, Agent Host Virtual Card file, password file, and CA certificate database file will be packed together in a single ``backup file''. This configuration file can later be unpacked to restore a previous configuration using the restore command.

WARNING:

A saved configuration file must be handled with extreme care since it may contain the password to the Agent Host Virtual Card!

<Parameters:>

vc indicates that the Agent Host Virtual Card and the password are to be included in the backup file.

ca indicates that the entire CA database is to be included in the backup file.

cfg indicates that all configuration data should be saved. This is needed to backup configuration of Agent instances.

file indicates that the backup information is written to filename. If not supplied, the information is written to stdout.

If none of vc, ca, or cfg is supplied, everything is saved by default.

Note that if the Virtual Card password is stored in the configuration file itself (not in a sepearate file) the Virtual Card password is saved together with all other configuration values (i.e. the cfg switch).

Example:

To save the CA database and the configuration information in file ``mybkp.bkp'':

 config save ca cfg file=mybkp.bkp

To save everything and get the result on stdout:

 config save

SHOW

Synopsis:

 show [help]

Desctiption:

Display global configuration information for the Base System. This includes, for example ELS servers, the Agent Host Virtual Card file, etc.

REST

Synopsis:

 rest help
 rest file=filename

Description:

Restore a previously saved configuration. Only the items that were saved will be restored (Agent Host Virtual Card, CA database file and/or configuration values). All other information will be unaffected.

WARNING:

A saved configuration file must be handled with extreme care since it may contain the password to the Agent Host Virtual Card.

Parameters:

file specifies a file containing the backup information.

Example:

To restore a previous configuration stored in ``mybkp.bkp'':

 config rest file=mybkp.bkp