Security in CLI

 

To prevent the possibility of deliberate or accidental attack (intrusion) on a CLI NE, Security is provided in the CLI Agent. Security enables Authentication that helps an administrator to prevent unauthorized access to a particular resource. Using this Security feature, you can prevent anyone from accessing the CLI NE, performing undesirable operation on any resource, using any particular command, etc.

 

Please go through the topic Built-In Commands to know the commands that are built-in CLI Agents for security purposes.



 

Configuring CLI Security Settings

 

The WebNMS CLI Agent supports the Security feature in String Mode CLI Agent. The Settings to be configured in Agent Compiler for the same are described here. Go to Settings -> Project Settings sub-menu. A wizard opens up wherein the Projects Settings panel has the CLI group under it. The CLI settings have been classified as General and Security. Select Security in the group.

 

Enable Authentication

 

Selecting this option enables the Authentication feature in the CLI Agent. You can add the User Name and Password for authenticating the client to access the CLI Agent resources.

 

Security Parameters

 

The following Authentication Parameters need to be provided for the users to access the CLI Agent:

The default authentication parameters are

Parameters in User Security file

 

Following are the list of parameters created and maintained in the cliusersecurity.txt once the agent is created:

The default authentication parameters are

Defining a Role Model

 

The term Privilege defines the access level for a user. By default, there are two levels of users. They are ADMIN and MAINT. The access level given to these users cannot be modified. You can configure more access levels by defining a role model.

 

Thus Role Model concept is used for the Privilege option. To define a role model and include this privilege to an user, follow these steps:

  1. In the Security Settings dialog box of CLI Agent Compiler, you can add, delete, or modify a user. While trying to add a new user for Authentication purposes, a dialog box appears wherein the option Add / View Privilege is available.

  2. Click on this option which opens up another UI wherein the default access levels are listed.

  3. Click on Add New Role Name to add a level.

  4. Enter a Name for the Role Model across the text field Add Role Name. Say for example, add: NewUser. The CLI Tree in the left side lists all the commands of the loaded CCS file.

  5. Select the required command and Add it to the Right-side list. This list specifies that the NewUser level has access to these commands only.

  6. Click OK after adding the required commands. You can see the NewUser present along with the default access levels ADMIN and MAINT. The commands that can be accessed for the level NewUser also get listed on selection.

  7. Select a Level and click OK in this dialog box. This adds the level to the initial screen, i.e., across the Privilege Text field. Multiple selection is also possible. This adds multi-level access to the user and all the levels can be viewed across the Privilege Text field.

  8. Click OK in the initial screen and thus a user is added with Privilege.



Copyright © 2012, ZOHO Corp. All Rights Reserved.