Reset the device to default
defconf
Reboot the box
/sbin/reboot
Power Down (stops and prompts for power down, but will eventually reboot)
/sbin/powerdown
Default login credentials
root/tslinux
Start the IP config wizard
wiz
Set motd. You can also set the path in /etc/ssh/sshd_conf if you want it some place else
touch /etc/motd
edit motd and add your banner
Configuration that can be done in the WebUI can also be done in
/etc/portslave/pslave.conf
SSH configuration is done in
/etc/sshd/sshd.config
SSL configuration is done in
/etc/ssl_version.conf
Add files to backup script
/etc/config_files
When you make a configuration change, you’ll need to activate the change with
signal_ras HUP
Save changes by executing
saveconf
The saveconf command creates an archive of the files listed in /etc/config_files and
saves it to /mnt/flash/config.tgz. From there you can copy to another location for backup.
Exiting the TS_MENU
~.
If you’re in a device and you want to exit out of the device and TS_MENU
~~..
Script to stop iptables and permit everyone (fail safe)
#!/bin/sh
echo “Stopping firewall and allowing everyone…”
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
In a Cisco IOS device CTRL + Z exits you from configuration mode to privilege mode. When connected via the ACS device, CTRL + Z pops the menu for connecting. You can change the CTRL + Z in ACS . You change it in /etc/portslave/pslave.conf (look for all.escape_char)
Setting the SSH protocol to v2 only. In /etc/ssh/sshd_config edit the Protocol line and set it to 2
Port 22
Protocol 2
You set the authentication parameters in /etc/ssh/sshd_conf
LoginGraceTime 1
MaxAuthTries 3
Configure user profiles so they automatically run ts_menu upon login. Append to the end of the /etc/profile
if [ “$USER” != “root” ]; then
# trap exit INT
ts_menu
exit
fi
HINT – Remove the trap line if the user should be able to get a shell by pressing CTRL + C .
Here is a script to reset the ports on ACS. Place the script in /home and make it executable (chmod 755). All users will have access to run the script.
#!/bin/sh
for i in `ps -ax |grep “RW_srv”| grep -v “grep” |cut -f3 -d” “`
do
kill -15 $i
done
Add the username mmessier to the local user database
adduser mmessier admin no password mYsEcReT
Set ports access with groups/users. Use vi editor to edit /etc/portslave/pslave.conf and add the following lines
# Create User Groups
conf.group network_ops: mmessier, agraves, mrichter
conf.group ITSec: sstevens,mbroduer,jpandolfo
# Assign Groups to Ports
all.users network_ops
s1.users ITSec, network_ops
s6.users ITSec, network_ops
Edit your /etc/pam.d/tacplus, /etc/pam.d/tacplusdownlocal or /etc/pam.d/tacpluslocal file and change the account and session lines to use the PAM module pam_permit.so instead of pam_tacplus.so. E.g. for the /etc/pam.d/tacplus file configure the following
#account required pam_tacplus.so
account required pam_permit.so
#session required pam_tacplus.so
session required pam_permit.so
Root password reset
If you forget your root password and want to recover it, you can do so by accessing the ACS via the console port and rebooting the box. During the boot process,
when you see the line:
“Linux/PPC load: root=/dev/ram ramdisk=0x0000F000”
You must press the space key once, type single and press enter (see diagram below). The ACS will continue the boot process and will give you the root prompt.
Hardware boot. Entry Point = 0x00002120 loaded at: 00002120 00B9B3CC relocated to: 00800020 013992CC board data at: 01396024 0139623C relocated to: 00806730 00806948 zimage at: 00807150 008A9FB3 initrd at: 008AA000 013956F4 avail ram: 0139A000 08000000 Linux/PPC load: root=/dev/ram ramdisk=0x0000F000 single
With the root prompt you can change the password using the command passwd. You will have to reboot the unit again for the new password to take effect.
[root@(none) /]# passwd root New password: tslinux Re-enter new password: tslinux Password changed [root@(none) /]# saveconf [root@(none) /]# reboot