test

SunScreen EFS Release 3.0 Reference Manual

What Is the Command Line?

All the functionality of SunScreen EFS 3.0 that is available through the administration GUI is also available through a command. Administering your Screens through the command line can be useful when you want to manage one or more remote Screen or if you use more than one network address.

You can access a Screen using the command line from its own keyboard, when the Screen is being administered locally and requires that you have superuser (root) access; or you can access a Screen using the command line from an Administration Station, when the Screen is being administered remotely and requires that you use SKIP encryption and an Administration User name and password.

You maintain user-controlled data, such as common objects like Edit, and policy objects like Rules and NAT entries, using the edit command that is a sub-command of ssadm.

When you need to look at or change a policy in some way like Move or Delete, you invoke the configuration editor and enter a series of commands that end with save and quit requests.

Note -

Be sure to save change commands like add, del, rename, renamereference, insert, replace, and move, before you quit. Run save just before the quit command to avoid accumulating too many policy versions.

You invoke the configuration editor with the edit command, which is a sub-command of ssadm, and the name of your policy, such as Initial. Once it is running, the prompt becomes: edit>.

For a locally administered Screen, type:


# ssadm edit policy_name

For a remotely administered Screen, type:


# ssadm -r Screen_name edit policy_name

Sub-Command man Pages

When running Solaris 7, if you are not able to read the man pages for the following ssadm sub-commands, use the workaround shown below.

ssadm-activate(1M) ssadm-active(1M) ssadm-algorithm(1M) ssadm-backup(1M) ssadm-debug_level(1M) ssadm-edit(1M) ssadm-ha(1M) ssadm-lock(1M) ssadm-log(1M) ssadm-logdump(1M) ssadm-login(1M) ssadm-logout(1M) ssadm-logstats(1M) ssadm-patch(1M) ssadm-policy(1M) ssadm-product(1M) ssadm-restore(1M) ssadm-spf2efs(1M) ssadm-sys_info(1M) ssadm-traffic_stats(1M)

To read the man pages, type the following:


# man -F ssadm-activate