Configure ASMS machines
This section describes how to access the ASMS Administration Interface, also known as the algosec_conf menu CLI, and perform basic configurations on your ASMS appliances.
Connect to and Utilize the Administration Interface
Connect to the ASMS Administration Interface, or algosec_conf menu CLI as follows:
During initial setup |
Do one of the following:
|
After initial setup | Connect to algosec_conf via SSH. |
-
If iLO is available on your appliance:
- Open the console.
- In a browser, navigate to the IP address of the iLO interface. By default, this is done via DHCP.
- Log in using the username and password printed on the sticker on top of the hardware appliance.
- Select Remote Console in the menu on the left.
- Click Java Integrated Remote Console.
The system prompts you for your login credentials.
-
If iLO is not available on your appliance, use a monitor/VGA cable to connect directly.
-
Log into the machine as user root.
Default password: algosec.
The algosec_conf main menu is displayed:
Tip: Click the links in the simulation below to display details about each action, respectively.
Please select a configuration item:
11. Configure NAS
12. Install License
13. HA/DR Setup
14. Product and cloud configuration
15. Distributed Architecture configuration
17. System health
18. Collect Logs
Q Logout
Press 'a' to exit to shell
Your choice:
>
-
Connect to the IP address of your machine via your SSH client.
-
Login as user root with password algosec.
-
When the algosec_conf main menu is displayed, perform the configuration actions you require:
Tip: Click the links in the simulation below to display details about each action, respectively.
Please select a configuration item:
11. Configure NAS
12. Install License
13. HA/DR Setup
14. Product and cloud configuration
15. Distributed Architecture configuration
17. System health
18. Collect Logs
Q Logout
Press 'a' to exit to shell
Your choice:
>
Basic configurations
This section describes how to configure basic settings.
Do the following:
- Connect to the Administration interface. For details, see on this page Connect to and Utilize the Administration Interface.
-
Do any of the following. When you are done, enter Q to exit.
Configure IP address
This section describes configuration of an ASMS machine's IP address.
For changing the address of a Remote Agent, see To change the IP address of a Remote Agent.
Note: Configuring the IP address is mandatory during initial configuration.
Note: if you change the IP address of the ASMS Central Manager and you use the machine as the Application Discovery Server, be sure to update the Application Discovery configuration. On the Central Manager:
-
Go to the algosec_conf menu, and enter option 14 - Product configuration.
-
Enter option 2 - AutoDiscovery configuration
-
Enter option 2 - Configure AutoDiscovery on local machine (POC).
-
Enter the new IP address of the Central Manager.
In the algosec_conf main menu, enter 1 Configure IP address to do any of the following:
1. Configure static device IP address |
Tip: We recommend using static IP addresses for Central Manager appliances, primary nodes, Load Units or Remote Agents, and so on. |
2. Use dynamic IP configuration (DHCP) |
Requires AlgoSec services to be restarted. Note: might cause users that are logged into the AlgoSec Suite to be logged off. |
Note: If you are working with clusters, and you change the IP address for an HA cluster, you must re-build the cluster afterward. For details, see Build a cluster.
Configure Time and Date
In the algosec_conf main menu, enter 2 Configure Time and Date to do any of the following:
1. Change time zone |
Requires AlgoSec services to be restarted. Note: might cause users that are logged into the AlgoSec Suite to be logged off. Tip: To set GMT time, Set continent Africa (option 1), City Bissau (option 10). |
2. Configure NTP server |
You can add or remove NTP server. |
3. Set Data and time |
Requires AlgoSec services to be restarted. Note: might cause users that are logged into the AlgoSec Suite to be logged off. |
Configure DNS Server
In the algosec_conf main menu, enter 3 Configure DNS Server to do any of the following:
1. Add new DNS server |
Add new DNS server. |
2. Remove DNS Server |
Remove DNS server. |
Change DNS domain name
In the algosec_conf main menu, enter 4 Change DNS domain name:
Please enter a new domain name (press 'a' to abort):
>
Change Hostname
In the algosec_conf main menu, enter 5 Change Hostname:
Please enter a new hostname (press 'a' to abort):
>
Change root password
In the algosec_conf main menu, enter 6 Change root password:
Please enter a password for user root (press 'a' to abort):
>
Change afa password
In the algosec_conf main menu, enter 7 Change afa password:
Please enter a password for AFA (press 'a' to abort):
>
Password resets
- In the algosec_conf main menu, enter 9 to reset the AFA admin password (web-interface).
- In the algosec_conf main menu, enter 10 to reset the database password.
Product and cloud configuration
In the algosec_conf main menu, enter 14 Product and cloud configuration. Four options appear:
To run the FireFlow setup program. | |
To set up AutoDiscovery. |
|
|
|
To configure AlgoBot with ASMS, see .Welcome to AlgoBot. |
System Health
In the algosec_conf main menu, enter 17 System health. Three options appear:
To check that basic ASMS processes are running on your machines | |
The Check System Health option checks your system against prerequisites of the current build. To check your system's health, choose:
For the text file report of your system health, see /var/log/algosec_toolbox/system_check_output.json. Tip: You can also check system health straight from the CLI. Log into your ASMS machine and enter: algosec_conf --check-system-health -[check type] For check type use the controls: q for quick check; f for full check. For example, for full check: algosec_conf --check-system-health -f |
|
You can check your system's readiness for upgrade by running checks based on prerequisites of the version/build you want to upgrade to. Before running the check, download build files to your system. To download the builds, See Download ASMS software packages. |