SunScreen 3.2 Administration Guide

ssadm Subcommand Summary

The following table lists the SunScreen ssadm subcommands and their descriptions. Many ssadm subcommands duplicate administration GUI functions, while others provide a context for other subcommands.

Table 10-2 SunScreen ssadm Subcommand Summary

ssadm Subcommand

Description 

activate

Activate a Screen policy 

active

List information about the currently active policy 

algorithm

List algorithms supported by SKIP 

backup

Write a SunScreen backup file to standard output 

certdb

Allows a user to manually administer the two databases of public key certificates used by SKIP and IKE. These databases store long term certificates so that they may be accessed by the key manager. 

certlocal

A utility for managing the two local identity databases on a Screen. ssadm certlocal is the primary tool for administering local IDs.

certrldb

A utility for managing the certificate revocations lists in the IKE certificate database. ssadm certrldb can add, delete, extract, and list IKE certificates based on the command option specified.

configure

Create an initial SunScreen configuration. ssadm configure, when combined with pkgadd, is equivalent to using the installation wizard graphical user interface.

debug_level

Set or clear the level of debugging output generated by a Screen 

edit

Run the SunScreen configuration editor (see "Configuration Editor Reference" in SunScreen 3.2 Administrator's Overview)

ha

Configure the features of a high availability (HA) Screen 

lock

Examine or remove the protection lock that the configuration editor places on a policy file 

log

Maintain the Screen log file 

logdump

Interpret Screen logs and display their contents 

login

Authenticate a user for administrative access through ssadm to a Screen from a remote Administration Station

logmacro

Expands SunScreen logmacro objects

logout

Terminate the session created by ssadm login.

logstats

Print information about the SunScreen log 

patch

Install patch, as needed 

policy

Create, delete, list, rename Screen policies 

product

Print single line describing the SunScreen product in use 

restore

Read a backup file from standard input 

securid

Configure the client layer of the SecurID system 

sys_info

Print a description of running SunScreen software 

traffic_stats

Report summary information about the traffic flowing through the SunScreen, classified by interface 

You maintain user-controlled data by using the ssadm edit subcommand.

To look at or change a policy in some way, invoke the configuration editor and type a series of commands that end with save and quit requests.

ssadm configure Command

ssadm configure is a text-based command line utility for creating an initial SunScreen configuration. ssadm configure, combined with pkgadd, is the command line equivalent of the installation wizard graphical user interface.

ssadm configure interactively queries you with various options for configuring the SunScreen, creates a configuration, stores it under the policy name Initial, and activates it. After ssadm configure finishes, you can administer the firewall.