SunScreen 3.2 Administration Guide

ssadm Subcommand Summary

The following table lists the SunScreen ssadm subcommands and their descriptions. Many ssadm subcommands duplicate administration GUI functions, while others provide a context for other subcommands.

Table 10-2 SunScreen ssadm Subcommand Summary


`ssadm` Subcommand	Description
`activate`	Activate a Screen policy
`active`	List information about the currently active policy
`algorithm`	List algorithms supported by SKIP
`backup`	Write a SunScreen backup file to standard output
`certdb`	Allows a user to manually administer the two databases of public key certificates used by SKIP and IKE. These databases store long term certificates so that they may be accessed by the key manager.
`certlocal`	A utility for managing the two local identity databases on a Screen. `ssadm certlocal` is the primary tool for administering local IDs.
`certrldb`	A utility for managing the certificate revocations lists in the IKE certificate database. `ssadm certrldb` can add, delete, extract, and list IKE certificates based on the command option specified.
`configure`	Create an initial SunScreen configuration. `ssadm configure`, when combined with `pkgadd`, is equivalent to using the installation wizard graphical user interface.
`debug_level`	Set or clear the level of debugging output generated by a Screen
`edit`	Run the SunScreen configuration editor (see "Configuration Editor Reference" in SunScreen 3.2 Administrator's Overview)
`ha`	Configure the features of a high availability (HA) Screen
`lock`	Examine or remove the protection lock that the configuration editor places on a policy file
`log`	Maintain the Screen log file
`logdump`	Interpret Screen logs and display their contents
`login`	Authenticate a user for administrative access through `ssadm` to a Screen from a remote Administration Station
`logmacro`	Expands SunScreen `logmacro` objects
`logout`	Terminate the session created by `ssadm login`.
`logstats`	Print information about the SunScreen log
`patch`	Install patch, as needed
`policy`	Create, delete, list, rename Screen policies
`product`	Print single line describing the SunScreen product in use
`restore`	Read a backup file from standard input
`securid`	Configure the client layer of the SecurID system
`sys_info`	Print a description of running SunScreen software
`traffic_stats`	Report summary information about the traffic flowing through the SunScreen, classified by interface

You maintain user-controlled data by using the ssadm edit subcommand.

To look at or change a policy in some way, invoke the configuration editor and type a series of commands that end with save and quit requests.

ssadm configure Command

ssadm configure is a text-based command line utility for creating an initial SunScreen configuration. ssadm configure, combined with pkgadd, is the command line equivalent of the installation wizard graphical user interface.

ssadm configure interactively queries you with various options for configuring the SunScreen, creates a configuration, stores it under the policy name Initial, and activates it. After ssadm configure finishes, you can administer the firewall.