Are there any interface (GUI) software to manage ACL? Using Cisco ACL, but it's hard to manage with command line. Any ideas?
Basically, need a software tool to manage ACL permissions with GUI instead of command line.
You can use ASDM to manage ACLs for ASA Firewalls.
Related
I would like to configure on a linux client ssh to use TACACS+ server.
To do so I configure sshd on pam.d directory to auth using pam_tacplus.so.
The problem
Unless I have the user LOCALLY declared on the linux machine - I can't authenticate it.
This is quite normal as I must have a user on a linux session.
The question(s)
Do I HAVE TO declare the user locally when the 'device' is a linux machine? (I know that on network devices I don't).
If I don't have to, then how do I grab the user's permissions, environment, etc from the tacacs server?
Thanks.
TACACS+ doesn't natively provide sufficient details to fulfill the "name service" needs of Linux systems. It is this functionality of glibc that is responsible for providing the system with details for the user's 'passwd' entry, for example.
It is would be possible to achieve this with a custom NSS module, which could pull the correct details from the TACACS+ backend. This would be similar to what is done for LDAP-based authentication, where a user is given additional attribute that represent items like UID, GID, HOME, SHELL, etc.
I am not aware if there is an open source module that provides this functionality today, but it possible.
I want to develop some kind of automation system i can control some pcs in my network.Features i am looking to develop are as follows:
1)Ability to establish a connection with some remote systems and executing some commands on those
2)Ability to transfer files from main controller pc to those pcs
3)Ability to get status of other pc
I dont want to install some explicit server on each of the client machines , and want to use some in built protocol /services running on windows a my clinets are windows.
The only this available with my controller pc is Administator user name and passwd and clinet machine ips.
IBM TPM uses some port to do such things but am not usre which protocal /service it uses?
I have done a remote software installation using ibm tpm.I dont think it uses telnet or ssh.
Which inbuilt service/protocol i should use? (not telnet or ssh)
I need to design a tool that can install software on remote client machine.
Basically i need Deploy MSI, EXE, BAT etc. on various client machines without user interaction.
There are lots of tool on net that provide these features but i need to develop such type of utility.
Please suggest
you can setup remote desktop on the machines.
For Establishing command : you can setup remote desktop
For transferring files: You can map drives of other machines programmatically using the method WNetAddConnection2().
Its unmanaged code ...
This might help :
http://vbnet.mvps.org/index.html?code/network/wnetaddconnection2.htm
http://www.pinvoke.net/default.aspx/mpr/wnetaddconnection2.html
Does anyone know how I can:
create IP security policy
manage IP filters and IP filter actions
PROGRAMMATICALLY on windows 2003? Not use Microsoft GUI utility.
I tried to achieve this by programming with windows registry,
all data I need that is under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\IPSec\Policy\Local
but I have no idea with some data. e.g the value of IPsecData,
Thank you
This is not programmatically but not GUI either:
You can use command-line netsh ipsec...
http://technet.microsoft.com/en-us/library/cc739550(WS.10).aspx
I'm going to write a script to disable/enable network access for applications in windows. My idea was to write a script that runs a windows shell command that do this.
The scripting is the easy path, but i don't know how to do the "denying" part. Any ideas?
This sounds like a task better suited to letting Windows user / group security handle.
For example, assuming you're on Active Directory and have administration privileges, you could create a user account with the very specific access your app needs, and configure your app to authenticate with the network using that user's credentials.
Then your app through AD would access the network within the constraints of that user account's privileges, and if necessary deny them access to specific network resources.
I've had a FTP server (Mac OS X, but not the server version) set up for a while where the users are virtual, i.e. they are not actual user accounts in the server's OS, but accounts handled by the FTP server software -- to the OS they all look like the ftp user account. I'd like to retire the FTP server software and go SFTP instead.
Is there a way to set up SFTP/SSH so that I can create virtual users and at the same time sandbox them?
The reason I want virtual users is because I add and remove accounts from time to time, and doing that with proper user accounts tend to get messy, and I don't know of a good way to sandbox them. There's always some files left and each user has their own user directory (with a lot of files only relevant if they would actually log on to the machine when sitting in front of it), which is quarantined when the account is removed, so you have to remove it by hand yourself, and so on.
The usual generic Unix answer to this is 'PAM'. If you want plain old OpenSSH SSHD to handle your SFTP, you need something plugged in to SSHD's PAM stack (/etc/pam.d/sshd) that does what you need and leaves out what you don't need. This might be a general-purpose directory server (probably LDAP) that maps all your virtual users to one home directory and gives them a restricted or scponly kind of shell.
If you want to look at FTP servers that can also do FTP-ssl (which is not the same as SFTP), good ftp servers like Pure-ftpd or vsftp will do that. FTP-ssl servers have simpler virtual user support.
http://www.bsdguides.org/guides/freebsd/networking/pure-ftpd_virtual_users.php
If you're open to commercial products, VShell Server from Van Dyke Software is available on Unix/Linux/Windows, supports virtual users (multiple backends) with SSH and SFTP protocols:
VShell Server
JSCAPE SFTP Server is a commercial, cross-platform server that does what you want.
http://www.jscape.com/
I know, sounds like I work for them, but I don't :)
There is sftpgo which supports virtual users and much more.