Beruflich Dokumente
Kultur Dokumente
version 8.1.1
COPYRIGHT
Copyright 2011 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or
affiliate companies.
TRADEMARK ATTRIBUTIONS
McAfee , the McAfee logo, Avert, ePO, ePolicy Orchestrator, Foundstone, GroupShield, IntruShield, LinuxShield, MAX
(McAfee SecurityAlliance Exchange), NetShield, PortalShield, Preventsys, SecureOS, SecurityAlliance, SiteAdvisor,
SmartFilter, Total Protection, TrustedSource, Type Enforcement, VirusScan, and WebShield are registered
trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries.
You can access the command line interface using the following methods:
Locally attached console
SSH
Telnet
For more information about these methods, see the McAfee Firewall Enterprise Product Guide.
firewall_name:User {1} %
3 Enter the srole command to change to the Admn domain.
4 When you are finished, enter the exit command to return to the User domain.
Administrator accounts
Use these commands to manage administrator accounts.
Table 1 Administrator account commands
Command
Description
man cf_adminuser
cf adminuser delete
username=username
cf adminuser query
Anti-virus
Use these commands to manage the anti-virus feature.
Table 2 Anti-virus commands
Command
Description
man cf_antivirus
cf antivirus query
cf antivirus version
cf antivirus applyavpatch
patch=patch_name
cf antivirus download
Audit
Use these commands to configure and view audit.
Table 3 Audit commands
Command
Description
Configures the audit output level for rules to control what is logged:
1 Fatal errors only
2 [Default] Fatal errors, major errors, and denied rules
3 Fatal errors, major errors, denied rules, and allowed rules
4 Everything (for troubleshooting only)
Tip: See the Policy area for commands about rules.
acat /var/log/audit.raw.time1.time2.gz
> /var/tmp/audit.txt
Writes the contents of the specified compressed binary audit file to the
ASCII text file /var/tmp/audit.txt.
acat k
acat_acls -d
acat_acls -a
acat -c
showaudit kp
showaudit kH x.x.x.x
rollaudit R d w
Enables the audit server. Reports will not generate until this server is
enabled.
Displays the access control rule usage report for the specified number
of hours.
Displays the access control rule usage report for the specified number
of days.
Displays the application usage report for the specified number of hours.
Displays the application usage report for the specified number of days.
Displays the IPS signature usage report for the specified number of
hours.
Displays the IPS signature usage report for the specified number of
days.
cf passport list
blackhole dump
Configuration backups
Use these commands to create and restore configuration backups.
Table 4 Configuration backup commands
Command
Description
Description
DNS
Use these commands to configure and troubleshoot DNS.
Table 5 DNS commands
Command
Description
cf dns query
cf dns status
cf daemond restart
agent=named-internet
cf daemond restart
agent=named-unbound
cf dns reload
cf dns dumpdb
cf dns trace
cf dns notrace
Disables tracing.
hostname
named-checkconf /etc/named.conf.[u/i]
named-checkzone zone
/etc/namedb.[i/u]/file.db
dig host.domain.tld
dig zone MX
dig x X.X.X.X
tail f /var/log/daemon.log
less /etc/named.conf.[i/u]
ls /etc/namedb.[i/u]
Downloads
Use these commands to download the application database, Geo-Location database, and IPS
signatures.
Table 6 Download commands
Command
Description
cf appdb download
cf appdb version
cf appdb rollback
Description
cf geolocation download
cf geolocation version
cf ips download
cf message load
cf message version
cf message list
Description
shutdown now
cf policy restore_console_access
Restores default Admin Console and Login Console rules when you are
locked out of the firewall.
less /var/run/dmesg.boot
mount a
fsck
General cf commands
Use the commands in this section to view cf man pages and control the behavior of cf commands.
Table 8 cf commands
Command
Description
man cf
man cf_area
cf area command
Marks the changes caused by the command with the specified ticket ID.
cf area query
T Formats the output in a table that contains one column per key.
File system
Use these commands to display free space and find files in the file system.
Table 9 File system commands
Command
Description
df -h
du a / | sort nr | more
Finds files that include the text name in the file name.
ls /var/log/crash
High Availability
Use these commands to configure and troubleshoot High Availability.
Table 10 High Availability commands
Command
Description
man cf_cluster
cf cluster failover_status
cf cluster status
cf cluster query
tcpdump -p
Interfaces
Use these commands to configure network interfaces.
Table 11 Network interface commands
Command
Description
man cf_interface
cf interface q
Sets the media type for the NIC, such as autoselect or 1000baseTX.
Licensing
Use these commands to view and configure the firewall license.
Table 12 Licensing commands
Command
Description
cf license features
cf license q
cf license get
cf license systemID
Displays the system IDs available to be used for license activation. Only
one system ID can be used to activate.
Manual pages
Use these commands to find and view manual pages.
Table 13 Manual page commands
Command
Description
man command
man cf_command
man k term
Networking
Use these commands to view networking information and troubleshoot networking problems.
Table 14 Networking commands
Command
netstat in
Description
Displays statistics for network interfaces.
Tip: See man netstat for additional flags.
netstat I interface -w 5
Shows live statistics for the specified network interface every five
seconds.
ifconfig a
cf interface q
ping X.X.X.X
arp a
NTP
Use these commands to configure and troubleshoot the NTP (Network Time Protocol) server.
Table 15 NTP commands
Command
Description
cf ntp query
ntpdate bu time_serverIP
Captures NTP traffic (UDP port 123) on the specified network interface.
ntpdc
Policy
Use these commands to troubleshoot policy issues.
Table 16 Policy commands
Command
Description
man cf_policy
cf policy q | less
cf appdb list
cf application query
cf appgroup query
cf geolocation list
cf server status
cf agent query
cf appfilter query
ipfilter -v
cf policy reload
cf policy repair
Description
cf policy restore_console_access
Restores default Admin Console and Login Console rules when you are
locked out of the firewall.
Tip: If you are unable to log on to your firewall, run this command
from emergency maintenance mode. See Emergency maintenance
mode (EMM).
Routing
Use these commands to configure and troubleshoot static routes.
Table 17 Routing commands
Command
Description
netstat nr
Displays the routing tables, including static routes and learned routes.
traceroute -n destination
cf static query
cf static status
Description
cf zone query
region
cf zonegroup query
10
sendmail
Use these commands to troubleshoot sendmail issues.
Table 19 sendmail commands
Command
Description
cf sendmail rebuild
mailq
tail f /var/log/maillog
ls /var/spool/mqueue.#
newaliases
telnet X.X.X.X 25
pss sendmail
Shutdown
Use these commands to shut down the firewall.
Table 20 Shutdown commands
Command
Description
shutdown r now
shutdown h now
shutdown -p now
shutdown now
Software management
Use these commands to manage software packages.
Table 21 Software management commands
Command
Description
man cf_package
cf package list
cf package install
packages=package_name
cf package uninstall
packages=package_name
uname r
11
System
Use these commands to troubleshoot firewall system issues.
Table 22 System commands
Command
Description
top
man netstat
netstat na
netstat -m
uptime
vmstat
connect_mon
pss | more
pss process_name
dmesg
kill pid#
kill -9 pid#
setconsole device
Selects the primary console device. The available devices are video,
serial, both, or default (which is both).
tcpdump
Use these commands to capture network traffic.
Table 23 tcpdump commands
Command
man tcpdump
Description
Displays the man page for tcpdump.
Tip: See also www.tcpdump.org.
12
Captures all bytes and writes a raw packet dump to filename in the
current working directory.
tcpdump -p
Technical support
Use these commands to submit files to technical support.
Table 24 Technical support commands
Command
Description
ktrace p pid#
ktrace c pid#
kill -6 pid#
sysctl -w kern.corefile=%N.core.%P
Configures the firewall to include the process ID in the file name of core
files. Allows multiple core files to coexist without overwriting each
other.
Note: Use sysctl -w kern.corefile='%N.core' to return to the
previous operating mode.
Description
vi filename
emacs filename
less filename
view
Views the contents of the specified text file with a read-only version of
vi.
cat filename
Type Enforcement
Use these commands to view and modify Type Enforcement.
Table 26 Type Enforcement commands
Command
Description
ll (lowercase L)
ps -axZ
VPN
Use these commands to view and troubleshoot VPNs.
Table 27 VPN commands
Command
Description
cf ipsec q
cf ipsec policydump
13
Available cf areas
Description
Flushes all existing keys and policy, then reloads the VPNs.
cf pool q
showaudit vk
Displays ISAKMP, ESP (IP Proto 50), or AH (IP Proto 51) traffic on
network interface em0.
Available cf areas
The following table lists the cf areas, showing the primary commands available for each area.
Table 28 Available cf areas
cf area
Area description
accelerator
acl
adminuser
agent
antivirus
appdb
appfilter
appgroup
application
audit
Configures auditing, including auditbot (response), email, filter options, and network defenses.
auth
Manages authenticators.
catgroups
cert
cluster
Displays the current status and connection state of a High Availability cluster and registers a
secondary/standby to a High Availability cluster primary.
cmd
Configures global settings for the certificate management server on the firewall.
commandcenter
Manages registration with a McAfee Firewall Enterprise Control Center Management Server.
config
crontab
Configures the status (enabled/disabled) and frequency of the available cron jobs.
Note: For information on default cron jobs, see KnowledgeBase article KB65627 at
http://mysupport.mcafee.com.
daemond
14
dhcrelay
Manages the DHCP Relay agent, which forwards DHCP and BOOTP requests from one subnet to
another.
dns
domain
export
externalgroup
fips
Enables and disables FIPS 140-2 compliance mode, and examines the default_SSL_cert to verify
FIPS 140-2 compliance.
geolocation
Available cf areas
Area description
host
hostname
Note: If you change the host name, additional configuration changes are also required.
For detailed instructions, see KnowledgeBase article KB61343 at
http://mysupport.mcafee.com.
ids
Manages the shunning service. Available settings include IDS entries that specify an IP address
of an IDS (Intrusion Detection Server), a shared password, and a timeout value that identifies
the amount of seconds to shun an IP address.
interface
ipaddr
iprange
ips
ipsec
ipsresponse
Manages how the firewall responds if its signature-based IPS inspection detects an intrusion.
ipssig
knownhosts
lca
Manages the local (firewall-hosted) certificate authority. This feature is not widely used.
license
message
netgroup
netmap
ntp
package
passport
policy
pool
Manages client address pools used for dynamic client addressing in IPsec VPN definitions.
qos
reports
sendmail
Provides limited utilities for sendmail, including rebuilding database files and flushing queues.
server
snmp
smartfilter
ssl
Manages SSL rules and assigns SSL certificates for firewall administrative sessions (for example,
Admin Console connections).
static
subnet
timeperiod
timezone
trustedsource
udb
ups
urltranslation
usergroup
utt
15
700-3237A00
cf area
Area description
zone
zonegroup