Reset the device to default

Reboot the box

Power Down (stops and prompts for power down, but will eventually reboot)

Default login credentials

 

Start the IP config wizard
wiz

Set motd. You can also set the path in /etc/ssh/sshd_conf if you want it some place else
touch /etc/motd
edit motd and add your banner

Configuration that can be done in the WebUI can also be done in
/etc/portslave/pslave.conf

SSH configuration is done in
/etc/sshd/sshd.config

SSL configuration is done in
/etc/ssl_version.conf

Add files to backup script
/etc/config_files

When you make a configuration change, you’ll need to activate the change with
signal_ras HUP

Save changes by executing
saveconf
The saveconf command creates an archive of the files listed in /etc/config_files and
saves it to /mnt/flash/config.tgz. From there you can copy to another location for backup.

Exiting the TS_MENU
~.

If you’re in a device and you want to exit out of the device and TS_MENU
~~..

Script to stop iptables and permit everyone (fail safe)

#!/bin/sh 
echo “Stopping firewall and allowing everyone…” 

iptables -F 
iptables -X 
iptables -t nat -F 
iptables -t nat -X 
iptables -t mangle -F 
iptables -t mangle -X 
iptables -P INPUT ACCEPT 
iptables -P FORWARD ACCEPT 
iptables -P OUTPUT ACCEPT

In a Cisco IOS device CTRL + Z exits you from configuration mode to privilege mode. When connected via the ACS device, CTRL + Z pops the menu for connecting. You can change the CTRL + Z in ACS . You change it in /etc/portslave/pslave.conf (look for all.escape_char)

Setting the SSH protocol to v2 only. In /etc/ssh/sshd_config edit the Protocol line and set it to 2
Port 22
Protocol 2

You set the authentication parameters in /etc/ssh/sshd_conf
LoginGraceTime    1
MaxAuthTries      3

Configure user profiles so they automatically run ts_menu upon login. Append to the end of the /etc/profile
if [ “$USER” != “root” ]; then
# trap exit INT
ts_menu
exit
fi
HINT – Remove the trap line if the user should be able to get a shell by pressing CTRL + C .

Here is a script to reset the ports on ACS. Place the script in /home and make it executable (chmod 755). All users will have access to run the script.
#!/bin/sh
for i in ps -ax |grep "RW_srv"| grep -v "grep" |cut -f3 -d" "
do
kill -15 $i
done

Add the username mmessier to the local user database
adduser mmessier admin no password mYsEcReT

Set ports access with groups/users. Use vi editor to edit /etc/portslave/pslave.conf and add the following lines
# Create User Groups
conf.group network_ops: mmessier, agraves, mrichter
conf.group ITSec: sstevens,mbroduer,jpandolfo
# Assign Groups to Ports
all.users network_ops
s1.users ITSec, network_ops
s6.users ITSec, network_ops

Edit your /etc/pam.d/tacplus, /etc/pam.d/tacplusdownlocal or /etc/pam.d/tacpluslocal file and change the account and session lines to use the PAM module pam_permit.so instead of pam_tacplus.so. E.g. for the /etc/pam.d/tacplus file configure the following
#account required pam_tacplus.so
account required pam_permit.so
#session required pam_tacplus.so
session required pam_permit.so

Root password reset
If you forget your root password and want to recover it, you can do so by accessing the ACS via the console port and rebooting the box. During the boot process,
when you see the line:

“Linux/PPC load: root=/dev/ram ramdisk=0x0000F000”

You must press the space key once, type single and press enter (see diagram below). The ACS will continue the boot process and will give you the root prompt.

With the root prompt you can change the password using the command passwd. You will have to reboot the unit again for the new password to take effect.