Sophos-Konsole: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=ssh= *ssh loginuser@sophos30 loginuser@sophos30:/home/login > ==root access== *su - sophos30:/root #“)
 
 
(17 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 5: Zeile 5:
 
*su -
 
*su -
 
  sophos30:/root #
 
  sophos30:/root #
 +
=cc=
 +
command-line client
 +
==password reset==
 +
*cc system_password_reset
 +
next login
 +
 +
[[Datei:sophos-konsole2.png]]
 +
==factory reset==
 +
*cc
 +
127.0.0.1 MAIN > RAW
 +
Switched to RAW mode.
 +
127.0.0.1 RAW > system_factory_reset
 +
Calling Confd function system_factory_reset()
 +
result: 1
 +
127.0.0.1 RAW > exit
 +
*reboot
 +
 +
=ifstat=
 +
*ifstat
 +
<pre>
 +
#kernel
 +
Interface        RX Pkts/Rate    TX Pkts/Rate    RX Data/Rate    TX Data/Rate 
 +
                RX Errs/Drop    TX Errs/Drop    RX Over/Rate    TX Coll/Rate 
 +
lo                    0 0            0 0            0 0            0 0     
 +
                      0 0            0 0            0 0            0 0     
 +
eth0                  17 0            15 0          1218 0          2254 0     
 +
                      0 0            0 0            0 0            0 0     
 +
eth1                  0 0            0 0            0 0            0 0     
 +
                      0 0            0 0            0 0            0 0     
 +
eth2                  0 0            0 0            0 0            0 0     
 +
                      0 0            0 0            0 0            0 0
 +
</pre>
 +
=iftop=
 +
*iftop
 +
[[Datei:sophoscomman-line1.png]]
 +
=iptables=
 +
==view automatic firewall rules==
 +
*iptables -L AUTO_FORWARD
 +
<pre>
 +
Chain AUTO_FORWARD (1 references)
 +
target    prot opt source              destination       
 +
CONFIRMED  all  --  192.168.3.0/24      10.2.2.0/24          policy match dir in pol ipsec mode tunnel
 +
CONFIRMED  all  --  10.2.2.0/24          192.168.3.0/24      policy match dir out pol ipsec mode tunnel
 +
CONFIRMED  all  --  192.168.77.0/24      10.2.2.0/24          policy match dir in pol ipsec mode tunnel
 +
CONFIRMED  all  --  10.2.2.0/24          192.168.77.0/24      policy match dir out pol ipsec mode tunnel
 +
DROP      icmp --  anywhere            anywhere            icmptype 8 code 0 policy match dir in pol none
 +
CONFIRMED  icmp --  anywhere            anywhere            icmptype 8 code 0
 +
DROP      icmp --  anywhere            anywhere            icmptype 0 code 0 policy match dir in pol none
 +
CONFIRMED  icmp --  anywhere            anywhere            icmptype 0 code 0
 +
</pre>
 +
==view own firewall rules==
 +
*iptables -L  USR_FORWARD
 +
<pre>
 +
Chain USR_FORWARD (1 references)
 +
target    prot opt source              destination       
 +
CONFIRMED  tcp  --  10.2.2.0/24          anywhere            tcp spts:tcpmux:65535 multiport dports http,https
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 dpt:domain
 +
CONFIRMED  udp  --  192.168.2.0/24      anywhere            udp spts:tcpmux:65535 dpt:domain
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 dpt:net-assistant
 +
CONFIRMED  udp  --  192.168.2.0/24      anywhere            udp spts:tcpmux:65535 dpt:net-assistant
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 multiport dports ms-wbt-server,5900,ms-wbt-server,5900,ssh,telnet,ica
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 multiport dports smtps,imaps,imap,pop3,smtp,pop3s
 +
CONFIRMED  udp  --  192.168.2.0/24      anywhere            udp spts:tcpmux:65535 dpt:tftp
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 dpt:ftp
 +
CONFIRMED  tcp  --  192.168.2.0/24      anywhere            tcp spts:tcpmux:65535 multiport dports http-alt,http,ndl-aas,https
 +
</pre>
 +
==number of established connections==
 +
*less /proc/net/ip_conntrack | grep ESTA | wc -l
 +
1907
 +
==number of all connections==
 +
*less /proc/net/ip_conntrack | wc -l
 +
3315
 +
==number of connections with status WAIT (close_wait)==
 +
*less /proc/net/ip_conntrack | grep WAIT | wc -l
 +
39
 +
 +
=ipsec=
 +
==status==
 +
*ipsec status
 +
<pre>
 +
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
 +
000 "L_REF_IpsL2tForTic_0":  newest ISAKMP SA: #0; newest IPsec SA: #0;
 +
000 "L_REF_IpsL2tForTic_1": 192.168.2.199[192.168.2.199]:17/0...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
 +
000 "L_REF_IpsL2tForTic_1":  newest ISAKMP SA: #0; newest IPsec SA: #0;
 +
000 "S_REF_IpsSitSophosipfi_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.151[192.168.2.151]===192.168.77.0/24; unrouted; eroute owner: #0
 +
000 "S_REF_IpsSitSophosipfi_0":  newest ISAKMP SA: #0; newest IPsec SA: #0;
 +
000 "S_REF_IpsSitVpnasasop_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.198[192.168.2.198]===192.168.3.0/24; erouted; eroute owner: #43
 +
000 "S_REF_IpsSitVpnasasop_0":  newest ISAKMP SA: #42; newest IPsec SA: #43;
 +
000
 +
000 #44: "S_REF_IpsSitSophosipfi_0" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 13s
 +
000 #44: pending Phase 2 for "S_REF_IpsSitSophosipfi_0" replacing #0
 +
000 #43: "S_REF_IpsSitVpnasasop_0" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1919s; newest IPSEC; eroute owner
 +
000 #43: "S_REF_IpsSitVpnasasop_0" esp.4bfe2b0a@192.168.2.198 (0 bytes) esp.73ee7324@192.168.2.199 (0 bytes); tunnel
 +
000 #42: "S_REF_IpsSitVpnasasop_0" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 6243s; newest ISAKMP
 +
</pre>
 +
*ipsec status L_REF_IpsL2tForTic_0
 +
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
 +
000 "L_REF_IpsL2tForTic_0":  newest ISAKMP SA: #0; newest IPsec SA: #0;
 +
==view tunnel status==
 +
*cc get_ipsec_status
 +
<pre>
 +
{
 +
          'REF_IpsSitVpnasasop' => {
 +
                                    0 => {
 +
                                            0 => {
 +
                                                  'established' => 1,
 +
                                                  'ike_auth' => 'psk',
 +
                                                  'ike_dh' => 'MODP_1024',
 +
                                                  'ike_dpd' => 1,
 +
                                                  'ike_encryption' => 'AES_CBC_256',
 +
                                                  'ike_hash' => 'HMAC_MD5',
 +
                                                  'ike_lifetime' => '7800s',
 +
                                                  'ike_natt' => 0,
 +
                                                  'ike_pfs' => 'MODP_1536',
 +
                                                  'ipsec_encryption' => 'AES_CBC_256',
 +
                                                  'ipsec_hash' => 'HMAC_MD5',
 +
                                                  'ipsec_lifetime' => '3600s',
 +
                                                  'ipsec_sa' => 46,
 +
                                                  'ipsec_spi_in' => '85efc153',
 +
                                                  'ipsec_spi_out' => '5e91d523',
 +
                                                  'isakmp_sa' => 45,
 +
                                                  'left' => '192.168.2.199',
 +
                                                  'leftid' => '192.168.2.199',
 +
                                                  'leftsubnet' => '10.2.2.0/24',
 +
                                                  'right' => '192.168.2.198',
 +
                                                  'rightid' => '192.168.2.198',
 +
                                                  'rightsubnet' => '192.168.3.0/24'
 +
                                                }
 +
                                          },
 +
                                    'all_established' => 1,
 +
                                    'established' => 1,
 +
                                    'expected' => 1
 +
                                  }
 +
        }
 +
</pre>
 +
 +
=links=
 +
*https://community.sophos.com/products/unified-threat-management/f/51/t/21326
 +
*http://www.greenvalleyconsulting.org/2013/07/09/sophos-utm-command-line-useful-shell-commands-and-processes/?doing_wp_cron=1474373506.6931669712066650390625
 +
*https://valentin-laett.ch/projekte/sophos-utm_tipps.php

Aktuelle Version vom 20. September 2016, 12:45 Uhr

ssh

  • ssh loginuser@sophos30
loginuser@sophos30:/home/login >

root access

  • su -
sophos30:/root #

cc

command-line client

password reset

  • cc system_password_reset

next login

Sophos-konsole2.png

factory reset

  • cc
127.0.0.1 MAIN > RAW
Switched to RAW mode.
127.0.0.1 RAW > system_factory_reset
Calling Confd function system_factory_reset()
result: 1
127.0.0.1 RAW > exit
  • reboot

ifstat

  • ifstat
#kernel
Interface        RX Pkts/Rate    TX Pkts/Rate    RX Data/Rate    TX Data/Rate  
                 RX Errs/Drop    TX Errs/Drop    RX Over/Rate    TX Coll/Rate  
lo                     0 0             0 0             0 0             0 0      
                       0 0             0 0             0 0             0 0      
eth0                  17 0            15 0          1218 0          2254 0      
                       0 0             0 0             0 0             0 0      
eth1                   0 0             0 0             0 0             0 0      
                       0 0             0 0             0 0             0 0      
eth2                   0 0             0 0             0 0             0 0      
                       0 0             0 0             0 0             0 0

iftop

  • iftop

Sophoscomman-line1.png

iptables

view automatic firewall rules

  • iptables -L AUTO_FORWARD
Chain AUTO_FORWARD (1 references)
target     prot opt source               destination         
CONFIRMED  all  --  192.168.3.0/24       10.2.2.0/24          policy match dir in pol ipsec mode tunnel
CONFIRMED  all  --  10.2.2.0/24          192.168.3.0/24       policy match dir out pol ipsec mode tunnel
CONFIRMED  all  --  192.168.77.0/24      10.2.2.0/24          policy match dir in pol ipsec mode tunnel
CONFIRMED  all  --  10.2.2.0/24          192.168.77.0/24      policy match dir out pol ipsec mode tunnel
DROP       icmp --  anywhere             anywhere             icmptype 8 code 0 policy match dir in pol none
CONFIRMED  icmp --  anywhere             anywhere             icmptype 8 code 0
DROP       icmp --  anywhere             anywhere             icmptype 0 code 0 policy match dir in pol none
CONFIRMED  icmp --  anywhere             anywhere             icmptype 0 code 0

view own firewall rules

  • iptables -L USR_FORWARD
Chain USR_FORWARD (1 references)
target     prot opt source               destination         
CONFIRMED  tcp  --  10.2.2.0/24          anywhere             tcp spts:tcpmux:65535 multiport dports http,https
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 dpt:domain
CONFIRMED  udp  --  192.168.2.0/24       anywhere             udp spts:tcpmux:65535 dpt:domain
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 dpt:net-assistant
CONFIRMED  udp  --  192.168.2.0/24       anywhere             udp spts:tcpmux:65535 dpt:net-assistant
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 multiport dports ms-wbt-server,5900,ms-wbt-server,5900,ssh,telnet,ica
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 multiport dports smtps,imaps,imap,pop3,smtp,pop3s
CONFIRMED  udp  --  192.168.2.0/24       anywhere             udp spts:tcpmux:65535 dpt:tftp
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 dpt:ftp
CONFIRMED  tcp  --  192.168.2.0/24       anywhere             tcp spts:tcpmux:65535 multiport dports http-alt,http,ndl-aas,https

number of established connections

  • less /proc/net/ip_conntrack | grep ESTA | wc -l
1907

number of all connections

  • less /proc/net/ip_conntrack | wc -l
3315

number of connections with status WAIT (close_wait)

  • less /proc/net/ip_conntrack | grep WAIT | wc -l
39

ipsec

status

  • ipsec status
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_0":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "L_REF_IpsL2tForTic_1": 192.168.2.199[192.168.2.199]:17/0...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_1":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "S_REF_IpsSitSophosipfi_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.151[192.168.2.151]===192.168.77.0/24; unrouted; eroute owner: #0
000 "S_REF_IpsSitSophosipfi_0":   newest ISAKMP SA: #0; newest IPsec SA: #0; 
000 "S_REF_IpsSitVpnasasop_0": 10.2.2.0/24===192.168.2.199[192.168.2.199]...192.168.2.198[192.168.2.198]===192.168.3.0/24; erouted; eroute owner: #43
000 "S_REF_IpsSitVpnasasop_0":   newest ISAKMP SA: #42; newest IPsec SA: #43; 
000 
000 #44: "S_REF_IpsSitSophosipfi_0" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 13s
000 #44: pending Phase 2 for "S_REF_IpsSitSophosipfi_0" replacing #0
000 #43: "S_REF_IpsSitVpnasasop_0" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1919s; newest IPSEC; eroute owner
000 #43: "S_REF_IpsSitVpnasasop_0" esp.4bfe2b0a@192.168.2.198 (0 bytes) esp.73ee7324@192.168.2.199 (0 bytes); tunnel
000 #42: "S_REF_IpsSitVpnasasop_0" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 6243s; newest ISAKMP
  • ipsec status L_REF_IpsL2tForTic_0
000 "L_REF_IpsL2tForTic_0": 192.168.2.199[192.168.2.199]:17/1701...%any[%any]:17/%any==={0.0.0.0/0}; unrouted; eroute owner: #0
000 "L_REF_IpsL2tForTic_0":   newest ISAKMP SA: #0; newest IPsec SA: #0;

view tunnel status

  • cc get_ipsec_status
{
          'REF_IpsSitVpnasasop' => {
                                     0 => {
                                            0 => {
                                                   'established' => 1,
                                                   'ike_auth' => 'psk',
                                                   'ike_dh' => 'MODP_1024',
                                                   'ike_dpd' => 1,
                                                   'ike_encryption' => 'AES_CBC_256',
                                                   'ike_hash' => 'HMAC_MD5',
                                                   'ike_lifetime' => '7800s',
                                                   'ike_natt' => 0,
                                                   'ike_pfs' => 'MODP_1536',
                                                   'ipsec_encryption' => 'AES_CBC_256',
                                                   'ipsec_hash' => 'HMAC_MD5',
                                                   'ipsec_lifetime' => '3600s',
                                                   'ipsec_sa' => 46,
                                                   'ipsec_spi_in' => '85efc153',
                                                   'ipsec_spi_out' => '5e91d523',
                                                   'isakmp_sa' => 45,
                                                   'left' => '192.168.2.199',
                                                   'leftid' => '192.168.2.199',
                                                   'leftsubnet' => '10.2.2.0/24',
                                                   'right' => '192.168.2.198',
                                                   'rightid' => '192.168.2.198',
                                                   'rightsubnet' => '192.168.3.0/24'
                                                 }
                                          },
                                     'all_established' => 1,
                                     'established' => 1,
                                     'expected' => 1
                                   }
        }

links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Sophos-Konsole&oldid=11235