-
Cisco Content Security and Control SSM Administrator Guide, 6.1
-
Preface
-
Introducing the Content Security and Control SSM
-
Verifying Initial Setup
-
Configuring Mail Traffic (SMTP and POP3)
-
Configuring Web (HTTP) and File Transfer (FTP) Traffic
-
Managing Updates and Log Queries
-
Administering Trend Micro InterScan for Cisco CSC SSM
-
Monitoring Content Security
-
Troubleshooting Trend Micro InterScan for Cisco CSC SSM
-
Reimaging and Configuring the CSC SSM Using the Command Line
-
Using CSC SSM with Trend Micro Control Manager
-
Glossary
-
Index
-
Feedback
Table Of Contents
Reimaging and Configuring the CSC SSM Using the Command Line
Preparing to Reimage the Cisco CSC SSM
Change Password for Command Line Interface
Reset Management Port Access Control
Configuration via Command Line
Reimaging and Configuring the CSC SSM Using the Command Line
The Trend Micro InterScan for Cisco CSC SSM software is preinstalled on the appliance. Typically, you will only need to use the information in this appendix for password or system recovery procedures.
Note
The setup wizard launched from the ASDM is the preferred method of installation, if installation is required. See Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide for more information.
This appendix includes the following sections:
•
•
Installation Checklist
Before you start, be prepared to supply the following information. Print a copy of this page and use it as a checklist if you prefer, to record the values you are prompted to enter during installation.
Preparing to Reimage the Cisco CSC SSM
During installation, you are prompted to synchronize the date and time on the SSM with the security appliance. Before you begin, make sure that the date/time settings on the appliance are correct.
To install via the command line, perform the following steps:
Step 1
Step 2
hostname# hw module 1 recover configThe system response is similar to the following example:
Image URL [tftp://insidehost/sg-6.0-1177-tftp.img]: tftp://insidehost/sg-6.0-1177-tftp.imgPort IP Address [192.168.7.20]:VLAN ID [0]:Gateway IP Address [0.0.0.0]:hostname# hw module 1 recover bootThe module in slot 1 will be recovered. This mayerase all configuration and all data on that device andattempt to download a new image for it.Recover module in slot 1? [confirm]Step 3
Recover issued for module in slot 1
Caution
hw module 1 recover stop
Step 4
hostname# debug module-bootdebug module-boot enabled at level 1hostname# Slot-1 199> Cisco Systems ROMMON Version (1.0(8)1) #0: Thu Jan 20 20:28:49 PST 2005Slot-1 200> Platform SSM-IDS20Slot-1 201> GigabitEthernet0/0Slot-1 202> Link is UPSlot-1 203> MAC Address: 000b.fcf8.0134Slot-1 204> ROMMON Variable Settings:Slot-1 205> ADDRESS=192.168.7.20Slot-1 206> SERVER=192.168.7.100Slot-1 207> GATEWAY=0.0.0.0Slot-1 208> PORT=GigabitEthernet0/0Slot-1 209> VLAN=untaggedSlot-1 210> IMAGE=sg-6.0-1177-tftp.imgSlot-1 211> CONFIG=Slot-1 212> tftp sg-6.0-1177-tftp.img@192.168.7.100Slot-1 213> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Slot-1 214> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...
Note
...Slot-1 389>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Slot-1 390> Received 57985402 bytesSlot-1 391> Launching TFTP Image...Slot-1 392> Cisco Systems ROMMON Version (1.0(8)1) #0: Thu Jan 20 20:28:49 PST 2005Slot-1 393> Platform SSM-IDS20Slot-1 394> GigabitEthernet0/0Slot-1 395> Link is UPSlot-1 396> MAC Address: 000b.fcf8.0134Slot-1 397> Launching BootLoader...Step 5
hostname# no debug module-bootStep 6
JDPIX# show module 1 dGetting details from the Service Module, please wait...SSM-IDS/10-K9Model: SSM-IDS10Hardware version: 1.0Serial Number: 0Firmware version: 1.0(8)1Software version: CSC SSM 6.0 (Build#1345)MAC Address Range: 000b.fcf8.0159 to 000b.fcf8.0159App. name: CSC SSMApp. Status: DownApp. Status Desc: CSC SSM scan services are not availableApp. version: 6.0 (Build#1345)Data plane Status: UpStatus: UpHTTP Service: DownMail Service: DownFTP Service: DownActivated: NoMgmt IP addr: <not available>Mgmt web port: 8443Peer IP addr: <not enabled>Step 7
hostname# session 1Opening command session with slot 1.Connected to slot 1. Escape character sequence is 'CTRL-^X'.Step 8
login: ciscoPassword:Step 9
You are required to change your password immediately (password aged)Changing password for cisco(current) UNIX password:New password:Retype new password:
Reimaging the CSC SSM
To reimage the appliance using the command line Setup Wizard:
Step 1
Trend Micro InterScan for Cisco CSC SSM Setup Wizard--------------------------------------------------------------------------To set up the SSM, the wizard prompts for the following information:1. Network settings2. Date/time settings verification3. Incoming email domain name4. Web console administrator password5. Notification settings6. Activation CodesThe Base License is required to activate the SSM.Press Control-C to abort the wizard.Press Enter to continue ...Choose 1 to configure network settings and press Enter.
Step 2
Network Settings--------------------------------------------------------------------------Enter the SSM card IP address:Enter subnet mask:Enter host name:Enter domain name:Enter primary DNS IP address:Enter optional secondary DNS IP address:Enter gateway IP address:Do you use a proxy server? [y|n]Respond to the network settings prompts, using values from the installation checklist. When you are finished with the last network settings prompt, your entries display for a visual verification. For example:
Network Settings--------------------------------------------------------------------------IP 192.168.7.20Netmask 255.255.255.0Hostname CSCSSMDomain name example.comPrimary DNS 10.2.200.2Secondary DNS 10.2.203.1Gateway 192.168.7.1No ProxyAre these settings correct? [y|n] yStep 3
Step 4
Applying network settings ...Optionally confirm the network settings by pinging the gateway IP address. To skip pinging, enter n.
Do you want to confirm the network settings using ping? [y|n] yEnter an IP address to ping: 192.168.7.1PING 192.168.7.1 (192.168.7.1): 56 data bytes64 bytes from 192.168.7.1: icmp_seq=0 ttl=255 time=0.2 ms64 bytes from 192.168.7.1: icmp_seq=1 ttl=255 time=0.1 ms64 bytes from 192.168.7.1: icmp_seq=2 ttl=255 time=0.2 ms64 bytes from 192.168.7.1: icmp_seq=3 ttl=255 time=0.1 ms64 bytes from 192.168.7.1: icmp_seq=4 ttl=255 time=0.1 ms--- 192.168.7.1 ping statistics ---5 packets transmitted, 5 packets received, 0% packet lossround-trip min/avg/max = 0.1/0.1/0.2 msPress Enter to continue ...Step 5
Date/Time Settings---------------------------------------------------------------------SSM card date and time: 10/06/2005 18:14:14The SSM card periodically synchronizes with the chassis.Is the time correct? [y|n] yRespond y to set the date and time to be synchronous with the chassis. To update the date and time, enter n, exit the installation wizard, update the date/time or NTP settings on the ASA chassis, and restart installation of the SSM.
Step 6
Incoming Domain Name---------------------------------------------------------------------Enter the domain name that identifies incoming email messages: (default:example.com)Domain name of incoming email: example.comIs the incoming domain correct? [y|n] yType your highest level domain name for your organization and enter y to continue.
Step 7
Administrator/Notification Settings---------------------------------------------------------------------The password will be hidden while you type.Web console administrator password:Retype Web console administrator password:Administrator email address:Notification email server IP:Notification email server port: (default:25)When you have made your entries, a confirmation appears as shown in the following example:
Administrator/Notification Settings---------------------------------------------------------------------Administrator email address: tester@example.comNotification email server IP: 10.2.202.28Notification email server port: 25Are the notification settings correct? [y|n] yEnter y to continue.
Step 8
Activation---------------------------------------------------------------------You must activate your Base License, which enables you to updateyour virus pattern file. You may also activate your Plus License.Activation Code example: BV-43CZ-8TYY9-D4VNM-82We9-L7722-WPX41Enter your Base License Activation Code: PX-ABTD-L58LB-XYZ9K-JYEUY-H5AEE-LK44NBase License activation is successful.(Press Enter to skip activating your Plus License.)Enter your Plus License Activation Code: PX-6WGD-PSUNB-9XBA8-FKW5L-XXSHZ-2G9MNPlus License activation is successful.Step 9
Activation Status---------------------------------------------------------------------Your Base License is activated.Your Plus License is activated.Stopping services: OKStarting services: OKThe Setup Wizard is finished.Please use your Web browser to connect to the management console at:https://192.168.7.20:8443Press Enter to exit ...Remote card closed command session. Press any key to continue.Command session with slot 1 terminated.hostname#The services starting message lets you know that installation is complete. As suggested in the prompt at the end of the Setup Wizard, use your browser to log on to the CSC SSM console. Enter the URL in the following format:
https://<SSM IP address>:8443/
Confirming the Installation
When the reimaging is complete, perform the following steps:
Step 1
hostname# show module 1 detailsThe system responds as follows:
Getting details from the Service Module, please wait...SSM-IDS/20-K9Model: SSM-IDS20Hardware version: 1.0Serial Number: 0Firmware version: 1.0(8)1Software version: CSC SSM 6.0 (Build#1177)MAC Address Range: 000b.fcf8.0134 to 000b.fcf8.0134App. name: CSC SSM proxy services are not availableApp. version:App. name: CSC SSMApp. version: 6.0 (Build#1177)Data plane Status: UpStatus: UpHTTP Service: UpMail Service: UpFTP Service: UpActivated: YesMgmt IP addr: 192.168.7.20Mgmt web port: 8443Peer IP addr: <not enabled>hostname#Step 2
hostname# session 1Opening command session with slot 1.Connected to slot 1. Escape character sequence is 'CTRL-^X'.Step 3
login: ciscoPassword:Last login: Mon Oct 10 13:24:07 from 127.0.1.1The Trend Micro InterScan for Cisco CSC SSM Setup Main menu appears.
Trend Micro InterScan for Cisco CSC SSM Setup Main Menu---------------------------------------------------------------------1. Network Settings2. Date/Time Settings3. Product Information4. Service Status5. Change Password for Command Line Interface6. Restore Factory Default Settings7. Troubleshooting Tools8. Reset Management Port Access Control List9. Ping10. Exit ...Enter a number from [1-10]:
View/Change Network Settings
Choose option 1 to view and/or modify your network settings configuration. The following appears:
Network Settings---------------------------------------------------------------------IP 192.168.7.20Netmask 255.255.255.0Hostname CSCSSMDomain name tester@example.comMAC address 00:0B:FC:F8:01:34Primary DNS 10.2.200.2Secondary DNS 10.2.203.1Gateway 192.168.7.1No ProxyDo you want to modify the network settings? [y|n] nAny of these settings can be changed via the command-line interface.
View Date/Time Settings
Choose option 2 to view the SSM date and time settings. The Date/Time Settings prompts appear:
Date/Time Settings---------------------------------------------------------------------SSM card date and time: 10/10/2005 13:27:09 PDTPress Enter to continue ...The settings cannot be changed, this information is for reference only.
View Product Information
Choose option 3 to view the component (version and build) settings. The Product Information prompts appear:
Product Information---------------------------------------------------------------------Main version 6.0 build 1177Mail component version 5.5 build 1064Web component version 2.1 build 1103Press Enter to continue ...The settings cannot be changed, this information is for reference only.
View Service Status
Choose option 4 to view the component (version and build) settings. The following appears:
Service Status---------------------------------------------------------------------The CSC SSM RegServer service is runningThe CSC SSM HTTP service is runningThe CSC SSM FTP service is runningThe CSC SSM Notification service is runningThe CSC SSM Mail service is runningThe CSC SSM GUI service is runningThe CSC SSM SysMonitor service is runningThe CSC SSM Failoverd service is runningThe CSC SSM LogServer service is runningThe CSC SSM SyslogAdaptor service is runningThe CSC SSM Syslog-ng service is runningDo you want to restart all services? [y|n] nThe Do you want to restart all services prompt allows you to restart scanning services. If everything is running smoothly, there is no need to restart. If you are trying to troubleshoot a problem, restarting may get you back in a proper operating status. See the "Restart Scanning Service" section on page 8-12 for more information about the impact of restarting services.
Change Password for Command Line Interface
Choose option 5 to display the Set Password for Command Line Interface prompts. The following appears:
Set Password for Command Line Interface---------------------------------------------------------------------This option allows you to change the password for the Command Line Interfacethat you are currently using.Do you want to continue? [y|n]The password will be hidden while you type.Changing password for ciscoEnter the new password (minimum of 5, maximum of 8 characters)Please use a combination of upper and lower case letters and numbers.Enter new password:Re-enter new password:Password changed.Follow the prompts to update your password.
Restore Factory Defaults
Choose option 6 to restore the pre-installation configuration settings. The Restore Factory Default Settings prompt appears:
Restore Factory Default Settings---------------------------------------------------------------------Are you sure you want to restore the factory default settings? [y|n] n
Caution
While this option is available from the command line, a better alternative for restoring configuration settings is available from the CSC SSM console. Click Administration > Configuration Backup to view the Configuration Backup window. The Configuration Backup window allows you to save (export) your configuration settings into a configuration file that can be imported (restored) at a later time.
Choose the Restore Factory Default Settings option only if you need to start over and re-install the CSC SSM.
Troubleshooting Tools
Choose option 7 to display a menu of troubleshooting tools.
Troubleshooting Tools---------------------------------------------------------------------1. Enable Root Account2. Show System Information3. Gather Logs4. Gather Packet Trace5. Modify Upload Settings6. Return to Main MenuEnter a number from [1-6]:These tools are available to help you or Cisco TAC get information from the system to troubleshoot a problem.
Enable Root Account
Option 1 enables the root account. The following warning appears:
************************ WARNING ************************UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.This account is intended to be used for support andtroubleshooting purposes only. Unauthorized modificationsare not supported and will require this device to bere-imaged to guarantee proper operation.*********************************************************Do you want to accept the warning and enable the root account? [y|n]This warning appears only the first time you enable the root account. Once the root account is enabled, it cannot be disabled.
Caution
Show System Information
Option 2 allows you to view helpful system information, either directly on the screen, or you can save the data to a file and transfer the information using FTP or TFTP. When you select option 2, Show System Information menu displays:
Troubleshooting Tools - Show System Information---------------------------------------------------------------------1. Show System Information on Screen2. Upload System Information3. Return to Troubleshooting Tools MenuShow System Information on Screen
Here is an example of system information displayed on the screen when you select option 1 from the Show System Information menu. This information is available from various locations on the ASDM and CSC SSM interfaces, but this CLI version makes it quickly available all in one place:
++++++++++++++++++++++ Mon Jan 9 18:38:01 PST 2006 (-8)System is : Up# Product Information Trend Micro InterScan for Cisco CSC SSM Version: 6.0 (Build#1340 ) SSM Model: SSM-10# Scan Engine and Pattern Information Virus Scan Engine: 8.100.1002 (Updated: 2006-01-09 14:10:07) Virus Pattern: 3.149.00 (Updated: 2006-01-09 14:10:39) Garyware Pattern: 0.327.00 (Updated: 2006-01-09 14:13:11) PhishTrap Pattern: 223 (Updated: 2006-01-09 14:13:28) AntiSpam Engine: 14196 (Updated: 2006-01-09 14:11:04) AntiSpam Rule: 3.51.1033 (Updated: 2006-01-09 14:12:53)# License Information Product:Base License Version:Full Activation Code:BX-9YWQ-3685S-X39PZ-H96NW-MAJR7-CWBXR Seats:000250 Status:Expired within grace period Expiration date:12/31/2005 Product:Plus License Version:Full Activation Code:PX-P67G-WCJ6G-M6XJS-2U77W-NM37Y-EZVKJ Seats:000250 Status:Expired within grace period Expiration date:12/31/2005Daily Node Count: 0 Current Node Count: 0# Kernel Information Linux csc 2.4.26-cscssm #2 SMP Mon Dec 19 11:53:05 PST 2005 (1.0.6) i686 unknnASDP Driver 1.0(0) is UP:Total Connection Records: 169600 Connection Records in Use: 0 Free Connection Records: 169600The information continues to scroll. Enter q to quit.
Upload System Information
When you select option 2 from the Show System Information menu, the following prompts display:
Gathering System Information ...Creating temporary file CSCSSM-SYSINFO-20060109-184511.txtUploading temporary file CSCSSM-SYSINFO-20060109-184511.txtUploading file ...Deleting temporary file CSCSSM-SYSINFO-20060109-184511.txtPress Enter to continue ...Follow and respond to the prompts to upload the system information. The system information is sent using the upload settings created using option 5, Modify Upload Settings. See Modify Upload Settings for more information. If you did not configure the upload settings, the prompts are preceded by the following:
Choose a protocol [1=FTP 2=TFTP]: 1Enter FTP server IP: 10.2.15.235Enter FTP server port: (default:21)Enter FTP user name: ftpThe password will be hidden while you type.Enter FTP password:Retype FTP server password:Saving Upload Settings: OKSelect option 3, Return to Troubleshooting Tools menu, when you are finished on the Show System Information menu.
Gather Logs
Option 3 allows you to collect all logs on the CSC SSM and send them out via FTP or TFTP, for example, to Cisco TAC. The logs are sent using the upload settings created using option 5, Modify Upload Settings. See Modify Upload Settings for more information.
Troubleshooting Tools - Gather Logs---------------------------------------------------------------------Gather logs now? [y|n] yGathering logs ...Creating temporary file CSCSSM-LOG-20060109-184525.tar.gzUploading temporary file CSCSSM-LOG-20060109-184525.tar.gzUploading file ...Deleting temporary file CSCSSM-LOG-20060109-184525.tar.gz
Note
Gather Packet Trace
Option 4 allows you to capture packets passing between the CSC SSM and ASA. This information is typically used by Cisco TAC.
The following prompts display:
Troubleshooting Tools - Gather Packet Trace---------------------------------------------------------------------Gather packet trace now? [y|n] yPress Control-C to stop.Gathering packet trace ...Creating temporary file CSCSSM-PACKET-20060109-184529.gzUpload the packet trace now? [y|n] yUploading temporary file CSCSSM-PACKET-20060109-184529.gzUploading file ...To enable packet tracing:
Step 1
Step 2
Step 3
The packets are uploaded using the protocol defined using option 5, Modify Upload Settings. See Modify Upload Settings for more information.
Modify Upload Settings
Option 5 allows you to set the uploading method to either FTP or TFTP, as used by features described previously in this chapter.
Note
When you select option 5, the following prompts display:
Troubleshooting Tools - Upload Settings---------------------------------------------------------------------Choose a protocol [1=FTP 2=TFTP]: (default:1) 2Enter TFTP server IP: (default:10.2.42.134)Enter TFTP server port: (default:69)Saving Upload Settings: OKPress Enter to continue ...Follow and respond to the prompts to configure the upload settings. The settings are saved for future use.
Select option 6, Return to Main menu, when you are finished on the Troubleshooting Tools menu.
Reset Management Port Access Control
Choose option 8 to reset the management port access control list. The following appears:
Resetting management port access control list: OKPress Enter to continue ...If the ASDM is unable to communication with the SSM, try resetting port access via this option.
Ping IP
The ping option is available for diagnostic purposes. Choose option 9 to ping an IP address. The following appears:
Enter an IP address to ping:After you enter the IP address, the system responds as follows:
PING 192.168.7.1 (192.168.7.1): 56 data bytes64 bytes from 192.168.7.1: icmp_seq=0 ttl=255 time=0.1 ms64 bytes from 192.168.7.1: icmp_seq=1 ttl=255 time=0.1 ms64 bytes from 192.168.7.1: icmp_seq=2 ttl=255 time=0.1 ms64 bytes from 192.168.7.1: icmp_seq=3 ttl=255 time=0.2 ms64 bytes from 192.168.7.1: icmp_seq=4 ttl=255 time=0.1 ms--- 192.168.7.1 ping statistics ---5 packets transmitted, 5 packets received, 0% packet lossround-trip min/avg/max = 0.1/0.1/0.2 msPress Enter to continue ...Exit Options
Choose option 10, Exit, to exit the setup options. The Exit Options menu appears:
Exit Options---------------------------------------------------------------------1. Logout2. Reboot3. Return to Main MenuEnter a number from [1-3]: 1Remote card closed command session. Press any key to continue.Command session with slot 1 terminated.hostname#From the Exit Options menu, you can log out. Alternatively, you can reboot the system, or return to the Setup menu.
Configuration via Command Line
This section describes some command-line alternatives that are available for users who prefer command line over use of the CSC SSM console. Not all features have an alternative available.
Re-set Configuration
After you have installed Trend Micro InterScan for Cisco CSC SSM, if you have used TFTP to re-image the SSM, you may see this prompt for the first time when you access the CLI:
"Do you want to restore the previous configuration? [y/n]"
The question appears in the Setup Wizard menu, as shown below.
Trend Micro InterScan for Cisco CSC SSM Setup Wizard---------------------------------------------------------------------Do you want to restore the previous configuration? [y|n] nTo set up the SSM, the wizard prompts for the following information:1. Network settings2. Date/time settings verification3. Incoming email domain name4. Web console administrator password5. Notification settings6. Activation CodesThe Base License is required to activate the SSM.Press Control-C to abort the wizard.Press Enter to continue ...If you choose y, the SSM configuration settings are restored to the state they were in the last time you saved configuration. This is a command-line alternative to the functionality on the Administration > Configuration Backup window in the CSC SSM console.
