Kevsters Blog

My little part of the Internet

Category: Networking (page 2 of 2)

RSA Authentication Manager–Custom Reports

Working with this product, its evident that the inbuilt reports are not that useful for certain things.   I wanted to find a way of logging users who have used SecurID to authenticate against a number of hosts.

So time to learn the custom queries section of the product, me thinks.

The Server is (obviously) SQL based.  The schema is fairly easy to understand, especially if you look at the examples within the help text or provided on the server.

It is possible to import my SQL scripts by creating a new Custom Query then pasting in the SQL. So…. scripts:

Todays Unique User Count

SELECT COUNT(DISTINCT chUserName) 
FROM SDLogEntry 
WHERE dtLocalDate = GMTDateNow   
AND iMessageNum = 1011   
AND (CHClientName = "host1" OR CHClientName = "host2")

Remember to change the host1 and host2 entries to your device host names obviously.  If you have more then add more to the last AND

Message Number 1011 is a ‘Passcode Successful’ – meaning a successful authentication

Todays Successful Users

SELECT SDLogEntry.dtLocalDate, SDLogEntry.TLocalTOD, SDLogEntry.chUserName, SDLogEntry.chLogin, SDLogEntry.chClientName, SDLogMessage.chShortMessage
FROM SDLogEntry, SDLogMessage 
WHERE SDLogEntry.dtLocalDate = GMTDateNow   
AND SDLogEntry.iMessageNum = 1011   
AND SDLogMessage.iMessageNum = SDLogEntry.iMessageNum  
AND (SDLogEntry.CHClientName = "host1" OR SDLogEntry.CHClientName = "host2")

Again 1011 is a successful passcode.

This uses a select from multiple tables to get the actual description of the message number to make the report more readable.

Todays Failures

SELECT SDLogEntry.dtLocalDate, SDLogEntry.TLocalTOD, SDLogEntry.chUserName, SDLogEntry.chLogin, SDLogEntry.chClientName, SDLogMessage.chShortMessage
FROM SDLogEntry, SDLogMessage 
WHERE SDLogEntry.dtLocalDate = GMTDateNow   
AND SDLogEntry.iMessageNum <> 1011   
AND SDLogMessage.iMessageNum = SDLogEntry.iMessageNum  
AND (SDLogEntry.CHClientName = "host1" OR SDLogEntry.CHClientName = "host2")

This uses the same format as success but with a ‘not’ 1011.  The report can be useful to troubleshoot users having problems or who are dim 🙂

Using Arguments to Select Dates

All of the above are for a single day, which is which is specified by the ‘GMTDateNow’ value.  This can be changed to use Argument Selectors which you can build in the same screen as the SQL entry.  Thus an example of ‘Successful Users’ would be:

SELECT SDLogEntry.dtLocalDate, SDLogEntry.TLocalTOD, SDLogEntry.chUserName, SDLogEntry.chLogin, SDLogEntry.chClientName, SDLogMessage.chShortMessage
FROM SDLogEntry, SDLogMessage 
WHERE SDLogEntry.dtLocalDate > ARG01 AND SDLogEntry.dtLocalDate < ARG02
AND SDLogEntry.iMessageNum = 1011   
AND SDLogMessage.iMessageNum = SDLogEntry.iMessageNum  
AND (SDLogEntry.CHClientName = "host1" OR SDLogEntry.CHClientName = "host2")

Where ARG01 = Start Date and ARG02 = End Date

These can be applied to any of the reports.

Other Information

One thing I found is that the custom queries are stored locally on the machine that create the reports so to share them to others you have to use a fileshare, USB disk or similar method.

Also the HTML format reports aren’t to bad so its worth a look at using this output method.

Awesome Multifactor Authentication – and Free !

If you have any need for strong authentication for *nix systems, WordPress, Juniper/Cisco VPN devices, RADIUS servers then check out http://www.duosecurity.com/
Its simply awesome and free for up to 10 users !
I’m using it for a variety of projects……

Quick Tip: 6500 Chassis Serial Number

Why oh why Cisco ?

Most devices the serial number can been seen on a show version or similar prompt.

c6500’s are different…….   use  show idprom backplane instead

Useful IOS commands

Shamefully taken from  https://www.eng.uwaterloo.ca/twiki/bin/view/Engcomp/CommonCiscoCommands

To enable privileged command mode

enable

To enter switch configuration mode (from privileged command mode)

configure terminal

To enter port configuration mode (from switch configuration mode)

interface FastEthernet0/5

To return from one mode to the previous mode

exit

To show the mac table

show mac-address-table

To show port information

show interfaces

To show the switch version

show version

To save the configuration

write memory

To show the configuration

show running-config

To set the port description of FastEthernet0/5 to “engmail”

configure terminal
interface FastEthernet0/5
description engmail
exit

To remove the port description from FastEthernet0/5

configure terminal
interface FastEthernet0/5
no description
exit

To set FastEthernet0/5 to 100/full

configure terminal
interface FastEthernet0/5
speed 100
duplex full
exit

To set FastEthernet0/5 to auto/auto

configure terminal
interface FastEthernet0/5
speed auto
duplex auto
exit

To turn FastEthernet0/5 into a dot1q trunk

configure terminal
interface FastEthernet0/5
no switchport access vlan
switchport mode trunk
switchport trunk encapsulation dot1q
exit

To turn FastEthernet0/5 into a non trunk

configure terminal
interface FastEthernet0/5
no switchport mode trunk
no switchport trunk encapsulation
no switchport trunk allowed vlan
no switchport trunk native vlan
switchport mode access
exit

To set the allowed vlans on trunk port FastEthernet0/5 to 20,50,100

configure terminal
interface FastEthernet0/5
switchport trunk allowed vlan 20,50,100
exit

To remove the allowed vlans from trunk port FastEthernet0/5 (will default to all vlans in vlan database)

configure terminal
interface FastEthernet0/5
no switchport trunk allowed vlan
exit

To restrict the number of mac address on FastEthernet0/5 to 1

2900/3500 series…

configure terminal
interface FastEthernet0/5
port security max-mac-count 1
exit

2950/3550 series…

conf term
interface FastEthernet0/5
switchport port-security
switchport port-security maximum 1
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security aging static
exit

To remove the mac address restriction from FastEthernet0/5

configure terminal
interface FastEthernet0/5
no port security
exit

To set the vlan on FastEthernet0/5 to 150

configure terminal
interface FastEthernet0/5
switchport access vlan 150
exit

To remove the vlan from FastEthernet0/5 (port will default to vlan 1)

configure terminal
interface FastEthernet0/5
no switchport access vlan
exit

To set the native vlan (untagged vlan) on trunk FastEthernet0/5 to 75

configure terminal
interface FastEthernet0/5
switchport trunk native vlan 75
exit

To remove the native vlan (untagged vlan) from trunk FastEthernet0/5

configure terminal
interface FastEthernet0/5
no switchport trunk native vlan
exit

To set FastEthernet0/5 to portfast

configure terminal
interface FastEthernet0/5
spanning-tree portfast
exit

To set FastEthernet0/5 to not be portfast

configure terminal
interface FastEthernet0/5
no spanning-tree portfast
exit

To disable spanning tree on vlan 20

configure terminal
no span vlan 20
exit

To enable spanning tree on vlan 20

configure terminal
span vlan 20
exit

To disable port FastEthernet0/5

configure terminal
interface FastEthernet0/5
shutdown
exit

To enable port FastEthernet0/5

configure terminal
interface FastEthernet0/5
no shutdown
exit

To get a GBIC port to talk to a BayStack

configure terminal
interface GigabitEthernet0/2
no negotiation auto
exit

IOS upgrade (general procedure)

Important. Read the Cisco documentation. This procedure is minimal, and does not install the web management interface. Do not follow these instructions unless you are familliar with the procedure.

dir flash:

delete the html directory, and diag file (if any)

delete flash:html/*

rename the existing image to the name of the new image

rename flash:c3500XL-c3h2s-mz.120-5.WC2.bin flash:c3500xl-c3h2s-mz.120-5.WC5a.bin
conf term
boot system flash:c3500xl-c3h2s-mz.120-5.WC5a.bin
exit
copy tftp://129.97.x.y/tmpdata/c3500xl-c3h2s-mz.120-5.WC5a.bin flash:c3500xl-c3h2s-mz.120-5.WC5a.bin
copy flash:c3500xl-c3h2s-mz.120-5.WC5a.bin tftp://129.97.x.y/tmpdata/junk

check the md5 on junk compared to c3500xl-c3h2s-mz.120-5.WC5a.bin before doing the reload

write mem
reload

Network Overdesign….

Stumbled over on a real intresting document over on the Register (http://www.theregister.co.uk/2006/05/22/network_overdesign_gartner/) about Gartner saying companies waste money on overdesigning network kit.
So true however you wont see that with my designs

Newer posts »

© 2019 Kevsters Blog

Theme by Anders NorénUp ↑