Sophos UTM: usefull shell commands | GOLINE
Goline Logo

Home

    About Us

      Services

      Solutions

      Systems Architecture

      Support

      FAQ

      News

      • Route RPKI validation April 1st, 2022
        RPKI is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks. The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements,...
      • RIPE – Atlas Anchor February 17th, 2022
        We have become an even more integral part of the RIPE Atlas project by hosting an anchor, a device that allows for latency analysis of traffic between autonomous systems.https://atlas.ripe.net/probes/7073/RIPE Atlas anchors play an integral role in the RIPE Atlas network by acting both as enhanced RIPE Atlas probes with more measurement capacity, as well as regional measurement targets within the greater RIPE Atlas network. Anchors are able to perform many more measurements than a regular RIPE Atlas probe, and the large amount of data they collect is made available to everyone. In addition, anchors act as powerful targets that can...
      • MANRS June 20th, 2020
        GOLINE firmly believes in initiatives to protect networks, improve security and resilience of the global routing system. Therefore we decided to support the MANRS project and join as participants.Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Internet Society, that provides crucial fixes to reduce the most common routing threats. MANRS offers specific actions via four programs for Network Operators, Internet Exchange Points, CDN and Cloud Providers, and Equipment Vendors. Requirements for Participation Please read the full MANRS Actions document before applying. You can become a participant if you meet these requirements: You (or your company) support...

      Sophos UTM: usefull shell commands

      Paolo Caparrelli Sophos 22 June 2022

      Sophos UTM Shell Commands:

      Remember:
      Direct configuration of Astaro from the shell is unsupported, unless directed to by Astaro Support staff or official documentation.
      For paid licenses, modifications done from the shell without direction or sanction may nullify your support agreement.

      Run Astaro HTTP proxy database localy
      1. ssh to ASG and login with loginuser
      2. su – root
      3. cc set http sc_local_db [disk][mem][none] (Choose what you prefer)
      4. /var/mdw/scripts/httpproxy restart
      Websurfing will be extremely slow until the database has downloaded and been put into place. The time is link speed dependent.

      View the link speed for the ASG’s interfaces?
      ‘ifstat’.

      Bandwidth usage – IFTOP
      Astaro also offers the command ‘iftop’ to see the live traffic and traffic statistics.
      One can see the traffic live on an interface for Source Host, Destination Host, and Ports.
      The peak and accumulative traffic is also displayed.
      Run ‘iftop’
      Example:
      root # iftop -i eth1

      Host display:————————–General:
      n – toggle DNS host resolution——P – pause display
      s – toggle show source host———h – toggle this help display
      d – toggle show destination host—–b – toggle bar graph display
      t – cycle line display mode———–B – cycle bar graph average
      ————————————— T – toggle cummulative line totals
      —————————————- Port display: j/k – scroll display
      N – toggle service resolution———f – edit filter code
      S – toggle show source port———-l – set screen filter
      D – toggle show destination port—–L – lin/log scales
      p – toggle port display—————- ! – shell command
      q – quit
      Sorting:
      1/2/3 – sort by 1st/2nd/3rd column
      < – sort by source name
      > – sort by dest name
      o – freeze current order

      Concurrent Connections      :
      sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_establ ished=86400

      number of established connections:
      less /proc/net/ip_conntrack | grep ESTA | wc -l
      1907

      number of all connections:
      less /proc/net/ip_conntrack | wc -l
      3315

      number of connections with status WAIT (close_wait):
      less /proc/net/ip_conntrack | grep WAIT | wc –l
      39

      Saving Snapshots of TOP automatically every half hour
      create a cron job with,
      top -b -n 1 >>/tmp/top-report.txt
      An entry for each CPU core, and possibly another if the CPU(s) has hyperthreading:
      cat /proc/cpuinfo

      stopped and started again the HTTP proxy:
      “/var/mdw/scripts/httpproxy stop” and “/var/mdw/scripts/httpproxy start”

      Restarting MiddleWare:
      service mdw restart
      (from root)
      Warning: it doesn’t cause a complete reboot, but it does cause an HA failover, interruption of any up/downloads and VoIP calls, etc.

      HD
      Find what is taking the space type
      df –h
      df will only tell you how full the disk is.
      du will tell you what files/folders are using the most space
      I’d recommend:
      cd /var/storage
      du -sh *
      find the offending directories

      What kind of CPU
      “cat /proc/cpuinfo”?

      Determine if the disk is overloaded
      vmstat -d 5
      or
      vmstat -d | head -2 ; vmstat -d 5 | grep hda
      if hda is your hard disk; sda for scsi
      That should have similar output.
      The ‘5’ is 5 second updates.
      You’ll have to look at the differences between the lines to figure out how many IO’s you’re getting in those 5 seconds, and whether you’re saturating the disk or not.

      See detailed info about your eth      :
      # ethtool eth1
      OR
      -mii-diag eth1

      webadmin passwd lost
      A user may use the following commands to reset the system passwords:
      cc
      RAW
      system_password_reset
      Ctrl c

      Upon saving the file and exiting, the admin may immediately navigate to WebAdmin and re-specify all passwords for the system accounts of Astaro Security Linux.

      DNS Flush cache option missing in V7
      the current workaround is to restart the DNS proxy from the command line as root with the following command:
      /var/mdw/scripts/named restart

      To change version number
      login as loginuser
      su –
      edit /etc/version
      save the file
      restart the ASG so the new version is displayed in Webadmin dashboard

      Change NIC order
      login as loginuser
      su –
      edit /etc/udev/rules.d/70-persistent-net.rules
      save the file
      restart the ASG so the new order is loaded.

      Locked out – How to regain all logins
      1) Shutdown the firewall and connect a screen and a keyboard to the firewall
      2) Power on the firewall, wait until the GRUB-loader starts and press ‘ESC’
      3) Select ‘Astaro Security Gateway 7.2’ (not previous or rescue!)
      4) Press ‘e’ to edit and select the 2nd entry
      5) Press ‘e’ once again and enter ‘init=/bin/bash’
      6) Press ‘ENTER’ and ‘b’ to boot up
      7) Now you are able to change the passwords for ‘loginuser’ and ‘root’
      8) After that press CTRL + ALT + DEL to reboot the system and wait until you get the login prompt

      Reset to factory settings
      Login the command-line as ‘loginuser’, afterwards as ‘root’ and enter following commands to restore to factory settings:
      1. cc [Press ENTER]
      2. RAW [Press ENTER]
      3. system_factory_reset [Press ENTER]

      The system will automatically shutdown when it’s finished.

      0 0 votes
      Article Rating
      Subscribe
      Notify of
      0 Comments
      Inline Feedbacks
      View all comments
      0
      Would love your thoughts, please comment.x
      ()
      x