Cronicas en Computacion: Trabajando con NBAC en un symantec appliance 5230. (2.6.1.1)

Estos pasos fueron realizados tanto para configurar inicialmente esta caracteristica en el appliance y despues se desactivo dado que se presentaron problemas en el acceso.

Se creo un usuario administrador para el CLI; este usuario se adiciono mediante la consola web.

Con ese usuario se entra al appliance para habilitar el NBAC, esta es la salida:

Using keyboard-interactive authentication.

Password:

**********************************************************************

*** Welcome NetBackup CLI Administrator to the NetBackup Appliance ***

**********************************************************************

adminCLI@nb5230-ac:~> bpnbaz -setupmaster

You will have to restart NetBackup services on this machine after the command completes successfully.

Do you want to continue(y/n)y

Gathering configuration information.

Please be patient as we wait for 10 sec for the security services to start their operation.

Generating identity for host 'nb5230-ac'

Setting up basic authorization information. Please be patient.

Basic authorization information generated successfully.

Granting authorization check permissions to host 'nb5230-ac'

Configuring authentication domains within Netbackup

Setting up authorization information in Netbackup configuration files.

Setting up NBAC on target host: nb5230-ac

Warning: NetBackup Master Server is currently configured in AUTOMATIC mode. Security will be enforced only in REQUIRED mode. This can be done after entire NetBackup domain is configured with NBAC

Operation completed successfully.

adminCLI@nb5230-ac:~>

Como resultado no se pudo administrar desde la consola java el appliance.

Se deshabilita el IPS appliance para poder deshabilitar el NBAC. Aqui el log

login as: admin
Using keyboard-interactive authentication.
Password:
Last login: Mon Aug 17 08:49:21 2015 from spw-monitor.xxx.xxx

Appliance Manage master and media appliances.
Exit       Logout and exit from the current shell.
Manage     Manage NetBackup appliance.
Monitor    Monitor NetBackup appliance activities.
Network    Network Administration.
Reports    Examine the running and historical state of the host.
Settings   Change NetBackup appliance settings.
Shell      Shell operations.
Support    NetBackup Support.

nb5230-ac.Main_Menu> Support
Entering NetBackup support view...
nb5230-ac.Support> Maintenance
<!-- Maintenance Mode --!>
maintenance's password:
maintenance-!> /opt/Symantec/scspagent/IPS/sisipsoverride.sh
Symantec Critical System Protection Policy Override

    Agent Version: 5.2.9 (build 913)
   Current Policy: NetBackup Appliance Prevention Policy, r32
Policy Prevention: Enabled
Policy Override: Allowed
   Override State: Not overridden

To override the policy and disable protection, enter your login password.
Password:

Choose the type of override that you wish to perform:
1. Override Prevention except for Self-Protection
2. Override Prevention Completely
Choice? [1]

Choose the amount of time after which to automatically re-enable:
1. 15 minutes
2. 30 minutes
3. 1 hour
4. 2 hours
5. 4 hours
6. 8 hours
7. never
Choice? [1] 4

Enter a comment. Press Enter to continue.
NBAC

Please wait while the policy is being overridden.
.............

The policy was successfully overridden.

Se sigue la guia del documento de symantec (http://www.symantec.com/docs/TECH175054) para deshabilitar NBAC

maintenance-!>
maintenance-!> elevate
nb5230-ac:/home/maintenance # netbackup stop
stopping the NetBackup Service Monitor
stopping the NetBackup CloudStore Service Container
stopping the NetBackup Vault daemon
stopping the NetBackup Web Management Console
stopping the NetBackup Agent Request Server
stopping the NetBackup Indexing Manager
stopping the NetBackup Service Layer
stopping the NetBackup Remote Monitoring Management System
stopping the NetBackup Storage Lifecycle Manager
stopping the NetBackup Policy Execution Manager
stopping the NetBackup Job Manager
stopping the NetBackup request daemon
stopping the NetBackup compatibility daemon
stopping the NetBackup database daemon
stopping the Media Manager volume daemon
stopping the NetBackup Resource Broker
stopping the NetBackup Enterprise Media Manager
stopping the NetBackup Deduplication Multi-Threaded Agent
stopping the NetBackup Deduplication Engine
stopping the NetBackup Deduplication Manager
stopping the NetBackup Audit Manager
stopping the NetBackup Event Manager
stopping the NetBackup Authorization daemon
stopping the NetBackup Database Server
stopping the NetBackup Discovery Framework
stopping the NetBackup client daemon
stopping the NetBackup network daemon
stopping the NetBackup Authentication daemon
nb5230-ac:/home/maintenance #
nb5230-ac:/home/maintenance #
nb5230-ac:/home/maintenance # vxpbx_exchanged stop
Stopped Symantec Private Branch Exchange
nb5230-ac:/home/maintenance # bpps -x
NB Processes
------------

MM Processes
------------

Shared Symantec Processes
-------------------------
root      85894      1 0 Aug13 ?        00:01:45 /opt/SYMCnbappws/eat/bin/vxatd -c /opt/SYMCnbappws/eat/data
nb5230-ac:/home/maintenance # mv /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/VRTSatlocal.conf.tmplt /usr/openv/var/global/vxss/eab/data/root/.VRTSat/VRTSatlocal.conf.tmplt
nb5230-ac:/home/maintenance # rm -rf /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/*
nb5230-ac:/home/maintenance # cp /usr/openv/var/global/vxss/eab/data/root/.VRTSat/VRTSatlocal.conf.tmplt /usr/openv/var/global/vxss/eab/data/root/.VRTSat/profile/VRTSatlocal.conf
nb5230-ac:/home/maintenance # rm -rf /usr/openv/var/vxss
nb5230-ac:/home/maintenance # rm -rf $HOME/.vxss
nb5230-ac:/home/maintenance # mv /usr/openv/db/data/NBAZDB.db /usr/openv/db/data/NBAZDB.db.old
nb5230-ac:/home/maintenance # mv /usr/openv/db/data/NBAZDB.log /usr/openv/db/data/NBAZDB.log.old
nb5230-ac:/home/maintenance # vi /usr/openv/db/data/vxdbms.conf
nb5230-ac:/home/maintenance # vi /usr/openv/db/data/vxdbms.conf
nb5230-ac:/home/maintenance # pwd
/home/maintenance
nb5230-ac:/home/maintenance # id
uid=0(root) gid=0(root) groups=0(root)
nb5230-ac:/home/maintenance # cd /usr/openv/db/data/
nb5230-ac:/usr/openv/db/data # ls -l vxdbms
vxdbms.conf       vxdbms_conf.lock
nb5230-ac:/usr/openv/db/data # cp vxdbms.conf vxdbms.old
nb5230-ac:/usr/openv/db/data # vi vxdbms.conf
nb5230-ac:/usr/openv/db/data # cp /usr/openv/db/data/NBAZDB.db.template /usr/openv/db/data/NBAZDB.db
nb5230-ac:/usr/openv/db/data # vi /usr/openv/netbackup/bp.conf
nb5230-ac:/usr/openv/db/data # USE_VXSS=PROHIBITED
nb5230-ac:/usr/openv/db/data # /opt/VRTSpbx/bin/vxpbx_exchanged start
Started Symantec Private Branch Exchange
nb5230-ac:/usr/openv/db/data # netbackup start
NetBackup Authentication daemon started.
NetBackup network daemon started.
NetBackup client daemon started.
NetBackup SAN Client Fibre Transport daemon started.
NetBackup Discovery Framework started.
NetBackup Database Server started.
NetBackup Authorization daemon started.
NetBackup Event Manager started.
NetBackup Audit Manager started.
NetBackup Deduplication Manager started.
NetBackup Deduplication Engine started.
NetBackup Deduplication Multi-Threaded Agent started.
NetBackup Enterprise Media Manager started.
NetBackup Resource Broker started.
Rebuilding device nodes.
Media Manager daemons started.
NetBackup request daemon started.
NetBackup compatibility daemon started.
NetBackup Job Manager started.
NetBackup Policy Execution Manager started.
NetBackup Storage Lifecycle Manager started.
NetBackup Remote Monitoring Management System started.
NetBackup Key Management daemon started.
NetBackup Service Layer started.
NetBackup Indexing Manager started.
NetBackup Agent Request Server started.
NetBackup Bare Metal Restore daemon started.
NetBackup Web Management Console started.
NetBackup Vault daemon started.
NetBackup CloudStore Service Container started.
NetBackup Service Monitor started.
NetBackup Bare Metal Restore Boot Server daemon started.
nb5230-ac:/usr/openv/db/data # /usr/openv/db/vxdbms_env.sh
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/dblog -t NBAZDB.log /usr/openv/db/data/NBAZDB.db
/usr/openv/db/bin/dblog: error while loading shared libraries: libdbtool16_r.so: cannot open shared object file: No such file or directory
nb5230-ac:/usr/openv/db/data # . /usr/openv/db/vxdbms_env.sh
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/dblog -t NBAZDB.log /usr/openv/db/data/NBAZDB.db
SQL Anywhere Transaction Log Utility Version 16.0.0.2034
"/usr/openv/db/data/NBAZDB.db" was using log file "vrtsaz_db.log"
"/usr/openv/db/data/NBAZDB.db" is using no log mirror file
"/usr/openv/db/data/NBAZDB.db" is now using log file "NBAZDB.log"
Transaction log starting offset is 0000422309
Transaction log current relative offset is 0000004194
nb5230-ac:/usr/openv/db/data #
nb5230-ac:/usr/openv/db/data # ls /usr/openv/db/data
.odbc.ini.az           EMM_DATA.db         NBAZDB.log.old   SLP_INDEX.db
.odbc.ini.az.template EMM_INDEX.db        NBDB.db          vrtsaz_db.log
DARS_DATA.db           JOBD_DATA.db        NBDB.log         vxdbms.conf
DARS_INDEX.db          NBAZDB.db           SEARCH_DATA.db   vxdbms.old
DBM_DATA.db            NBAZDB.db.old       SEARCH_INDEX.db vxdbms_conf.lock
DBM_INDEX.db           NBAZDB.db.template SLP_DATA.db
nb5230-ac:/usr/openv/db/data # /usr/openv/db/bin/nbdb_admin -dba nbusql
You must be Security Administrator to execute /usr/openv/db/bin/nbdb_admin

Cronicas en Computacion

martes, 18 de agosto de 2015

Trabajando con NBAC en un symantec appliance 5230. (2.6.1.1)

No hay comentarios.:

Publicar un comentario