The Guardium command line interface (CLI) is an administrative tool that allows for configuration, troubleshooting, and management of the Guardium system.
The GuardAPI command is described in a separate appendix. See GuardAPI Reference.
Most Guardium CLI commands consist of a command word followed by one or more arguments. The argument may be a keyword or a keyword followed by a variable value (for example an IP address, subnet mask, date, etc. Commands and keywords are not case sensitive, but element names are.
To display command syntax and usage options, enter a question mark (?) as an argument following the command word.
Commands and keywords can be abbreviated by entering enough characters so the commands are not ambiguous. For example, show can be abbreviated sho.
All CLI command examples are written in courier text (for example, show system clock).
To illustrate syntax rules, some command descriptions use dependency delimiters. Such delimiters indicate which command arguments are mandatory, and in what context. Each syntax description shows the dependencies between the command arguments by using special characters:
The < and > symbols denote a required argument.
The [ and ] symbols denote an optional argument.
The | (vertical bar) symbol separates alternative choices when only one can be selected. For example:
store full-bypass <on | off>
An administrator can access the CLI though:
A physically connected PC console or serial terminal
OR
A network connection using an SSH client
Interactive access to the Guardium appliance is through the serial port or the system console.
PC keyboard and monitor – A PC video monitor can be attached to either the front panel video connector or the video connector on the back of the appliance.
A PC keyboard with a PS/2 style connector can be attached to the PS/2 connector on the back of the appliance. Alternatively, a USB keyboard can be connected to the USB connectors located at the front or back of the appliance.
Serial port access – Using a NULL modem cable, connect a terminal or another computer to the 9-pin serial port at the back of the appliance. The terminal or a terminal emulator on the attached computer should be set to communicate as 19200-N-1 (19200 baud, no parity, 1 stop bit).
A login prompt displays once the terminal is connected to the serial port, or the keyboard and monitor are connected to the console. Enter cli as the user name, and continue with CLI Login, below.
Remote access to the CLI is available on the management IP address or domain name, using an SSH client. SSH clients are freely or commercially available for most desktop and server platforms. A Unix SSH connect command to log in as the cli user might look like this:
ssh –l cli 192.168.2.16
The SSH client may ask you to accept the cryptographic fingerprint of the Guardium appliance. Accept the fingerprint to proceed to the password prompt.
Note: If, after the first connection, you are asked again for a fingerprint, someone may be trying to induce you to log into the wrong machine.
The only CLI account name defined on the system and available for access to the CLI, is cli. Either use the cli password supplied by Guardium, or be sure to set a strong password to protect this account.
If you have just rebuilt the system from an installation CD, the Guardium cli user has a default password of guardium. You should change that password immediately.