ControlTower 3L Console Management for Linux User`s Guide
Contents
1. 6 11 AUtNUSer oce te 6 13 be eee Tai 6 14 t p nabl beoe angagas a niasa edt enint 6 15 tcpalloW xtate ntt nt GG SEN AG NGA NG 6 15 tcpdenys asu ese eU eI RED Pe IR EN 6 15 deraultenctypt c eee eie 6 15 Torceenetypt eoe qiie oi neret ees 6 16 localenable formerly UNIXenable 6 16 localauth formerly UNIX auth 6 16 disconnectidle s sd e QR Rud ire 6 16 detachidle irine Ga ag ettet e E RET 6 16 Chapter 7 Administering Managed Devices Using Command Line Interface for Managed Devices 7 1 Setting the PATH Variable 7 1 Setting the CONSOLE SERVERS Variable 7 2 About CLI Viewer Client 7 3 CLI Viewer Client Operation 7 3 Specifying a Managed Device to 7 3 Specifying the Access Mode 7 4 Command Examples eese 7 4 Escape S quences egeo ro udis 7 7 vi Table of Contents Contents continued Contents Chapter 8 Warranty amp Maintenance Information Warranty on Hardware amp Software 8 1 Standard Hardware Warranty Policy 8 1 Standard Software Warranty 8 1 Appendix A Command Reference2. mostly Dell apparently have a serial console that uses some VT100 control parameters to figure out if the console is connected and if so what betrayer to use The problem with those consoles is that if no client is connected to the line when the host is booted the serial console does not B 10 ControlTower Console Management for Linux User s Guide Default Configuration File get any answer to its vt100 requests and the console is not becoming active By setting the following parameter Control Tower cans respond to the vt100 query string and the serial console on those PC s will be activated The 3 possible values are vt100 DCI respond to DCI vt100 DC2 respond to DC2 vt100 DS respond to DS attires vt100 lt OLD Versions FOI ControlTower Console Manager DEFAULT configuration gp ree DO NOT EDIT THIS FILE This file is read before the LOCAL file lt group gt lt group gt grp files and lt system gt cfg files Any changes to these defaults should be made by adding lines to the LOCAL or per group configuration files THHEHBHHHHHHBHHHHHBHHHHHHHHHHHHHHHHHHHHHHHHBHHHHHBHHHHHHHHHBHBHHHHHHHHBHHE COPYRIGHT c 1998 2005 BY CARLO GAVAZZI COMPUTING SOLUTIONS BROCKTON MA THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED ONLY IN ACCORDANCE WITH THE TERMS OF SUCH LICENSE AN
3. CARLO GAVAZZI Controllower Console Management for Linux User s Guide Release 3L Part Number 15 10126 00 Version A Revision Date June 2005 Copyright 2005 Carlo Gavazzi Computing Solutions Rights Reserved Printed in the United States of America This publication is protected by Federal Copyright Law with all rights reserved No part of this publication may be copied photocopied reproduced stored in a retrieval system translated transmitted or transcribed in any form or by any means manual electric electronic electromagnetic mechanical optical or oth erwise in whole or in part without prior written consent from Carlo Gavazzi Com puting Solutions Limitation of Liability Information contained in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or im plied warranty Carlo Gavazzi Computing Solutions makes no warranty expressed or implied with respect to this manual and any related items their quality performance mer chantability or fitness for any particular use It is solely the purchaser s responsi bility to determine its suitability for any particular use In the interest of improving internal design operational function and or reliabili ty Carlo Gavazzi Computing Solutions reserves the right to make changes to the pr
4. ControlTower Console Management for Linux User s Guide A 15 following connect may connect to server attach may attach in r w mode fattach may force others Off stty may change tty params break may send break all all of the above seperated by plus 4 signs to add capabilities or minus signs to sub tract them Idle time limit parameter detachidle Syntax integer If non zero the maxi mum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is enforced disconnectidle Syntax integer If non zero the maximum time in minutes before disconnecting an idle viewer regard less of whether viewer is attached or view only If zero no idle limit is enforced Misc parameters attires Syntax string Can be set to one of three values vt100 DC1 vt100 DC2 or vt100 DS If set the server will send adequate response to the vt100 queries even when no client is connected This can be used to insure that some PC console are active since they rely on the vt100 sequence during boot to determine if they are connected and if so the baud rate to use FILES etc AURAcmgt DEFAULT default values etc AURAcmgt LOCAL site local default values letc AURAcmgr group group grp group default values letc AURAcmgr group device cfg per device configuration SEE ALSO is not specified all users must authenticate as the user specified by the authuser parameter T
5. Error Logging authuser name of the only user with access to the ControlTower server Ignored if authfile is set authfile name of a list of authorized users and their permissions e To use network client access using authuser the user specified in the authuser parameter must be a valid account e To use network client access using auth file set the parameter to the name of a file containing users and their permissions This file name can contain an absolute path or if a path is not given the file is expected to be in the directory containing the cfg file specifying this file name Each entry in the authfile file should have a valid account name Valid account names are specified by your system administrator The account need not have a usable shell 1 e use usr bin false If you enable network access tcpenable true authuser user with pass word authfile file with list of users you should consider setting up network access control lists using tcpallow and tcpdeny See the con fig 4 man page User Permissions to Access Managed Devices Using the authfile parameter is the recommended method for control ling access to managed devices Using auth file security can be config ured so that each user has different permissions for each managed device and different sets of users can have access to different devices or sets of devices groups Error Logging All messages output by the Contr
6. Configuration Parameters and Defaults E g letc init d cmgrd stop port14 18 will start services with configuration files port14 cfg port15 cfg port16 cfg port17 cfg port18 cfg More than one service group and or range can be stopped at the same time E g letc init d cmgrd stop port14 18 port 20 Group 1 port33 Group2 Configuration Parameters and Defaults The following are the configuration parameters for Control Tower exclusive exclusive gives ControlTower sole access to a given port The default is true If this parameter is set to false other programs can open this port This is NOT recommended uulock uulock sets up a uucp compatible lock file so that other programs do not use the port to send data to another system The default is true stty stty controls serial port parameters The default valueis 9600 cs8 crtscts cstopb parenb parext parodd ixoff ixon istrip Permissions for stty are set in the configuration file with ttychanges See the stty man page for stty options and other information ttychanges ttychanges allows Viewer Client programs to change tty line parameters The default is true ControlTower Console Management for Linux User s Guide 6 7 Configuring ControlTower breakstring breakstring allows you to configure what is sent instead of a break signal If the breakstring parameter is not set the break action will send break signal to the managed device If the br
7. X tab octal value XXX hex value Log file parameters logdir Syntax string Specify the absolute directory for per device log file Log files are always the device name of the manage device logfilter Syntax string The path to an optional log file filter file If the path name is not absolute does not begin with a slash it will be interpreted as relative to the directory in which the device cfg file was found Lines starting with a character are discarded as comments Each line in the logfilter file starts with a filter type drop or keep followed by a delimited POSIX 1003 2 ex tended regular expression see regex 7 The delim iter character used to bracket the regular expression ControlTower Console Management for Linux User s Guide A 13 must not appear within the regular expression loginput Syntax boolean log user input from attached us er s No echo input including passwords will be logged loglinestampSyntax string Format string passed to strftime 3 to format timestamp on each line written to log file If empty lines are not timestamped logmessages Syntax boolean log connect disconnect force messages normally sent to connected users to man aged device log file including parameter set mes sages logmode Syntax mode Protection for per device log file May be empty Ignored if mode 0 Logfile mode is set on each re open for append logowner Syntax uid Owner for p
8. disconnectidle Syntax integer If non zero the maximum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is en forced Syntax integer If non zero the maximum time in minutes before disconnecting an idle viewer regard less of whether viewer is attached or view only If zero no idle limit is enforced A 10 ControlTower Console Management for Linux User s Guide File Formats FILES etc AURAcmgr DEFAULT default values etc AURAcmgr LOCAL site local default values etc AURAcmgr group group grp group default values etc AURAcmgr system cfg per system configuration SEE ALSO conserv 8 logcheck 8 config 5 config 5 NAME config Aurora ControlTower Console Manager server configuration file SYNOPSIS etc AURAcmgt DEFAULT etc AURAcmgt LOCAL etc AURAcmgt group group grp letc AURAcmgr group device cfg DESCRIPTION The Aurora ControlTower Console Manager conserv and logcheck programs read DEFAULT site LOCAL group and per device configuration files of the format described here The DEFAULT file contains all global default values and should not be edited The LOCAL file is then read to allow avoid losing local changes to the DEFAULT file that might be lost in an upgrade If the device config file is located in a subdirectory that directory must contain a group configuration file with the same name as the directory and the suffix cfg Finally the
9. acl tcpallow If set a host must NOT match an entry in tcpdeny in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpdeny THHHEHHBHHHBHHHHHHHHHHHHHBHHHBHHHHHHBHHHBHHBHHBHHHHHBHHHBHHBHHBHHBBHBE AUTOBAUD function Some PC mostly Dell apparently have a serial console that uses some VT100 control parameters to figure out if the console is connected and if so what betrayer to use The problem with those consoles is that if no client is connected to the line when the host is booted the serial console does not get any answer to its vt100 requests and the console is not ControlTower Console Management for Linux User s Guide B 9 becoming active if no mask is supplied all bits in the host address are examined so host 32 is the same as host If set a host must match an entry in tcpallow in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpallow If set a host must NOT match an entry in tcpdeny in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpdeny THHHUHHHHHBHHHHHHHHHHBHHHHHBHHHHHBHHHBHHBHHBHHHHHBHHHBHHBHHBHHBBHBE AUTOBAUD function Some
10. colon delimited and creates ControlTower Console Manager config files The first column of the input is the managed system name and the second is the serial device to which the managed system console is attached Any remaining information is ControlTower Console Management for Linux User s Guide A 21 discarded If configuration file already exists the entry will be skipped unless the f option is used in which case the existing file will be saved as a bak file The o option specifies the configuration file output directory FILES opt AURAcmgr config system cfg system configuration files SEE ALSO config 4 conserv 8 Filtertest 8 NAME filtertest ControlTower Console Manager log filter test program SYNOPSIS filtertest n q filterfile inputfile DESCRIPTION filtertest reads a ControlTower Console Manager log filter file checks the file for syntax and reads an input file and applies the filters to each line of the input file If no input file is specified lines are read from the standard input stream Each match is reported on the standard output and a summary of each type of match keep drop alert is reported on standard errors when end of file is reached on standard input When the n no filter option is specified filtertest will exit with zero true status after successfully parsing the filter file When the q filter is specified matches are not reported on standard output A sum mary
11. conserv 8 logcheck 8 26 May 2001 config 5 ControlTower Console Management for Linux User s Guide A 17 cmgrd 8 cmgrd 8 NAME cmgrd Aurora Control Tower Console Manager server start stop script SYNOPSIS etc init d emgrd command system group range DESCRIPTION The script is used by the system to start and stop the Control Tower system See the documentation of your distribution on how to enable services during boot The cmgrd script must have at least a command argument Following the com mand there can be other arguments to specify which services are to be affected by the command COMMAND start If no other argument is given start first checks if locbrok 8 is run king If it is not it will start it It then starts a conserv 8 process for each file ending in cfg in the etc AURAcmgr directory If other arguments are given start launches a locbrok 8 process if needed and a conserv 8 for each service named in the argument list If the argument specifies a group directory a conserv 8 will be launched for service defined in the group directory if the argument specifies arange a conserv 8 will be launched for service in the range COMMAND stop If no other argument is given stop send the TERM signal to all the conserv pro cesses running on the system It then sends a TERM signal to the locbrok 8 pro cess If other arguments are given stop sends a TERM signal to the conserv
12. 8 process corresponding to each service named in the argument list If the argument specifies a group directory a conserv 8 for each service in that group is terminated If other arguments are given stop sends a TERM signal to the conserv 8 process corresponding to each service named in the argument list If the argument specifies a group directory a conserv 8 for each service in that group is terminated if the argument specifies range the conserv 8 process is terminated for all the services in the range A 18 ControlTower Console Management for Linux User s Guide File Formats COMMAND status Reports whether the locbrok 8 process was started or not Other arguments are ignored SERVICE NAME ARGUMENT The start and stop commands can be given a list of service name arguments Here is how those parameters can be specified The argument can be service name The definition of that service is contained in the file lt service gt cfg under etc AURAcmgr Note that the service may include a group name E g Groupsl ServiceO The argument can be a group name In that case all the services defined in that group are affected The third type of service name argument is the range This type can only be used when one uses the following naming convention for the services the service names should consist in a prefix followed by a number of digits not starting with 0 e g port1 port21 The range can then be de
13. Also if encryption is not enabled for a managed system the Viewer client can enable it on connect with V 3 0 Hosts only using the command cmgr f 128 server name Other ControlTower Security Features ControlTower 3L uses PAM to control access to the server In it s default configuration all of the users that can log onto the server system can access the server By default they are granted read only access Access rights are controlled by the auth users in etc AURAcmgr Log File Management You can configure a number of aspects of log file management including e Where Content e Timestamps e Protection Storage Directory for Log Files Note that under Linux log file rotation is done using the logrotate application If you change the location of the log files you will have to adapt letc logrotate d cmgrd The name of the log file is AURAcmgr lt service name gt log or AURAcmgr group name gt lt service name log You must take care when defining your groups and services that there is no name clash For example having Group 1 port20 cfg and Group 1 ControlTower Console Management for Linux User s Guide 5 3 Security and Configuration Concepts port20 cfe would create a clash for the log files AURAcmgr Group 1 port20 log Log File Rotation Log file rotation uses logrotate letc logrotate d cmgrd defines the rotation parameters See the logrotate manual for more details Log Fil
14. Check to see if a previous version of Control Tower is installed Mount the CD ROM e Add packages e Install the License Key e Install ControlTower Software on remote systems These tasks are described in this chapter Checking to See if a Previous Version of ControlTower is Installed To check for existing ControlTower software ControlTower Console Management for Linux User s Guide 4 1 Installing ControlTower Software 1 Login as root login root Password root password 2 Check for existing ControlTower software by typing I system rpm cmgrd This command will output CMGRD 3 03 x if the package is installed Installing New ControlTower Software To install ControlTower software you will need a host that is equipped with a CD ROM drive If the host does not have a CD ROM drive you will need to install the software through another machine on the network that does or download it from the website Contact Carlo Gavazzi Computing Solutions Customer Service and Support for instructions on installing ControlTower software over a network Files and Directories ControlTower software is installed in the following directories usr sbin The server binaries usr bin The client binaries etc AURAcmgr Configuration directory etc logrotate d Log rotation etc pam d Authentification etc init d Sart Stop script usr share man Manual pages varllog AURAcmgr Log files directory Adding a Package On SuS
15. The product serial number and license information will be posted on the inside of the CD case Contact information is as follows The Web www gavazzi computing com for product literature phone num bers and address e Phone service From US exchanges 508 588 6110 Mon Fri 8 30AM 5 00PM Eastern Time To expedite service have your product serial number and your system information available e FAX 508 588 0498 Attn Customer Service and Support e Email support gavazzi computing com Telephone numbers occasionally change Please see web site for current contact information When you contact Customer Service and Support you ll need to provide your ControlTower serial number Need to clarify for Linux e the hostid of the system on which you have installed ControlTower 3 6 ControlTower Console Management for Linux User s Guide Set Up Managed Devices Set Up Managed Devices Connect Managed Devices to Host Whether or not you are installing new Aurora brand hardware you will need to connect managed devices to the ControlTower Host via asynchronous null modem cables You can also use a straight through cable and asynchronous null modem cable adapters Use one of the cable connections shown in Figure 2 and Figure 3 or a straight cable with an asynchronous null modem adapter to connect managed devices to the Aurora brand hardware For additional pinouts contact Customer Support at Carlo Gavazzi Computing
16. be the in the description of 1ogmode The default value is sys Defined groups are listed in etc group ControlTower Console Management for Linux User s Guide 6 9 Configuring ControlTower logfilter logfilter specifies the name of a file that contains commands that drop or keep lines in the log file based on Regular Expressions The name of the file may include an absolute or relative path If relative the path is relative to the directory in which the logfilter parameter is set There is no default value To unset logfilter in a configuration file at a lower level set it to novalue See the regex 3 man page for information on Regular Expressions The available commands that filter log file lines using Regular Expressions are keep and drop The rules of log filtering are as follows e Each line of data from the managed device is tested in turn against each regular expression starting from the top of the list When a match is found processing stops Therefore only the action of the first match is performed e no match is found the default action of keep occurs The following examples shown in Table 5 work collaboratively TABLE 5 Filtering Examples Regular Expression Application Alllines containing the text Mary keep Mary had a little lamb had a little lamb will be logged other lines containing the term lamb will be excluded from the drop lamb log file text that
17. begins with a is a Comment comment and is ignored Regular Expressions Review section thoroughly Certain characters have special meaning in Regular Expressions The most com mon are listed below along with their usage e the end of a string 6 10 ControlTower Console Management for Linux User s Guide Configuration Parameters and Defaults the beginning of a string or NOT if it occurs at the beginning of a charac ter s in square brackets e any single character other than a newline or more occurrences of the preceding character e g e zero or more occurrences of the preceding character e g e delimits individual characters that form a string e delimits a set of characters which must contain every character in the string for a match denotes a range of characters e g a z e if before any of the special characters above makes that character represent itself Here are some examples Mary a z lamb matches any string with Mary at the beginning any number including 0 of lower case letters and spaces and lamb at the end 0 9 matches any string that doesn t have at least one digit has matches any string with at least one occurrence of with at least one character after it It is important that logfilter files keep and drop the data they are expected to To verify that they do a syntax checker has been
18. can be used as long as it begins and ends the Regular Expression authuser authuser specifies a user who is authorized to use a particular port If authuser is used instead of authfi le there will only be one authorized user per port so everyone who needs access to this port will use the same user name and password The default is auracmgr Sg Either authuser or authfile can be used for each device Both can not be used simultaneously 6 12 ControlTower Console Management for Linux User s Guide Configuration Parameters and Defaults authfile authfile is set to the name of a file that contains a comma separated list of users and their permissions The file name specified by authfile can include an abso lute or relative path If relative the path is relative to the directory in which the authfile parameter is set This parameter is unset by default Once set to unset authfile ina configuration file at a lower level set it to novalue The permissions that can be assigned to users are listed below Text in the parenthe ses are the parameters as seen in the auth ile file e Attach attach The user can acquire read write permission for the managed device if there is currently no other user in read write mode for that managed device If another user is attached and the user with at tach permission tries to attach the user will be attached in read only mode Force Attach fattach A user who has this perm
19. e option in the command line or the escape setting of the AURACMGR OPTIONS environment variable The available escape sequences are as follows 7 6 ControlTower Console Management for Linux User s Guide Escape Sequences tilde period CTRL C CTRL Z CTRL L a d q VWTA s ST Terminate the session Terminate the session Suspend the cmgr program The session is resumed with fg Toggle local logging of the connection Attach While in read only mode attach read write mode to the managed device Requires attach per mission Force Attach Force an attach read write mode to the managed device If someone else is attached read write downgrade their connection to read only Requires attach and fattach permission Detach from the managed device i e make the con nection read only Query a server variable as follows V Version W who s connected to managed device T tail of the log file A all show options Set a server variable as follows S set terminal stty parameters Requires stty per mission T set tail length show options Send a BREAK if currently attached The user is prompted to confirm this action which is aborted if not confirmed Requires break permission Display help text on escape sequences ControlTower Console Management for Linux User s Guide 7 7 Administering Managed Devices ControlTower Console Management for Lin
20. hard ware components ControlTower Software consisting of Server and Viewer Client packages resides on a Linux based x86 system The ControlTower Host System provides a common console and maintains system logs for all managed devices No additional software is required on the managed devices ControlTower Viewer Client software in addition to residing on the Host may reside on multiple systems that have network or modem capabilities to the Control Tower Host System Any function that can be performed from a managed devices s ControlTower Console Management for Linux User s Guide 2 1 About ControlTower Console Management System for Linux keyboard and display can be performed remotely from a ControlTower Viewer Cli ent including monitoring log files running diagnostics and rebooting managed devices Sample Application You can use the ControlTower Viewer to access one or more ControlTower Hosts via the network enabling you to monitor and administer any number of systems in any number of locations from a single central location or from any number of locations you choose as is shown in Figure 1 Tower Multiport Control Tower Host Managed D evices FIGURE 1 Console Management with ControlTower 2 2 ControlTower Console Management for Linux User s Guide COMPUTING SOLUTIONS CHAPTER 3 Getting Started Introduction This chapter describes steps you must take before installing C
21. input file is specie fed lines are read from the standard input stream Each ControlTower Console Management for Linux User s Guide A 23 match is reported the standard output and summary of each type of match keep drop alert is reported on standard errors when end of file is reached on stan dard input When the n no filter option is specified filtertest will exit with zero true status after successfully parsing the filter file When the q filter is specified matches are not reported on standard output summary is still reported on standard error SEE ALSO conserv 8 29 Oct 2000 filtertest 8 24 ControlTower Console Management for Linux User s Guide Maintenance Procedures locbrok 8 locbrok 8 NAME locbrok Aurora Control Tower Console Manager server Location Broker SYNOPSIS locbrok d debuglevel DESCRIPTION The Aurora ControlTower Console Manager Location Broker reads and enforces the terms of the product licence file and keeps a database of managed system names and the TCP IP port the conserv 8 process for that managed system is avail able at When a cmgr 1 is run remotely it first contacts one or more Location Bro kers on one or more servers in order to find out what managed systems are available what server they are attached to and on which TCP port the conserv 8 process can be reached The locbrok process is normally launched by the etc init d cmgrd start co
22. managed devices TABLE 2 Managed Devices Worksheet Console Port Connector Type modems printers Workstations or servers 3 4 ControlTower Console Management for Linux User s Guide Verify Materials Verify Materials Before installing Control Tower verify that you have all necessary materials They are listed in the following hardware and software charts TABLE 3 Hardware Parts List Serial Controller Card User s Manual with Device Driver CD ROM TABLE 4 Software Parts List Qty Description ControlTower CD ROM enter serial ControlTower User s Guide ControlTower Extended Support Agreement IRs 2 yar Variable Quantity depends on situation ControlTower Console Management for Linux User s Guide 3 5 Getting Started Install New Hardware and Drivers Install new Aurora brand hardware on your chosen ControlTower Host system before you begin the ControlTower software installation For information on installing the hardware see the Carlo Gavazzi Computing Solutions user s guide for the hardware you are installing CECS does not provide support for third party hardware Any serial hard ware that supports standard Term I O works with this version of Control Tower Obtain License Key File ControlTower requires a license key file for correct operation To obtain a license key please contact Carlo Gavazzi Computing Solutions Cus tomer Service and Support
23. parext parodd ixon ixoff istrip Syntax string device is the only parameter which must appear in the system cfg file This is the path of a tty device for the managed system Call out devic es dev cua are typically used to ignore changes in the state of the Data Carrier Detect DCD control line Syntax stty Sets the initial terminal modes for the managed system serial connection Any parameters missing from both the system and DEFAULT con figuration will be left unmodified from system de faults admintool terminal settings have no effect Syntax boolean Allow attached clients to change serial line parameters Syntax boolean Honor and create uucp compatible lock files for the serial port Syntax boolean Set operating system exclusive access flag on the serial port using the TIOCEXCL ioctl Prevents non superuser processes from open ing the serial port ControlTower Console Management for Linux User s Guide A 7 breakstring Log file parameters logdir logfile logfilter loginput loglinestamp logmessages logmode Syntax string String to send to managed system in stead of BREAK signaling The following escape sequences are allowed n newline W return X tab OOO octal value XXX hex value Syntax string Specify the absolute path to the di rectory for per system log files Log file names are by default the system name of the managed system but can be explicitly sp
24. remotely use the authfile parameter and create a separate login for each user listed in the authfile file See Username for Remote Access on page 5 6 If you want to associate only one user account with any or all managed devices set the authuser parameter to a user name and create a user account with the name specified The default authuser name defined in the DEFAULT configuration file is auracmgr You can redefine this for all managed devices in the LOCAL file or for an individual managed device in its lt managed_device_name gt cfg file To create the auracmgr user system useradd s usr bin true u lt user_id gt auracmgr system passwd auracmgr system New Password lt auracmgr_password gt system Re enter New Password lt auracmgr_password gt Starting the ControlTower Server Software To start the Control Tower server type etc init d cmgrd start You can start individual services with the command etc init d cmgrd start lt service name gt this does not work on Gentoo Use usr sbin conserv lt service name gt instead You can start all of the services in a group except for Gentoo with this command letc init d cmgrd start group name gt If your service names end in number not starting with 0 zero you can start ranges of services For example port12 cfg is good but portO1 cfg is not letc init d cmgrd start service prefix gt lt start gt lt end gt E g etc init d emgrd st
25. requires both the attach and fattach capabilities in the managed sys tem authfile View See Read Only mode Viewer Client Carlo Gavazzi Computing Solutions supplied software that provides ability to issue commands to a managed device s console serial port view log files and interact with the ControlTower Server Software ControlTower Console Management for Linux User s Guide G 5 6 ControlTower Console Management for Linux User s Guide Index Symbols novalue C 6 A Acrobat Reader 4 7 Attach 6 14 C 1 AURAcmgr 4 3 4 6 4 8 C 1 AURAcmgrd 4 3 4 6 4 7 AURAcmgrs 4 6 4 8 C 1 AURAjcmgr 4 8 Aurora Multiport Serial Driver 3 3 authfile 6 14 AuthUser 6 13 B Break 6 14 Break Signal 3 3 C 1 Breakout Box C 2 breakstring 6 8 C Character Oriented Viewer Client C 2 CLI Viewer Client C 2 cmgr 3 3 A 1 C 2 Command Line Interface CLI 6 1 Command Line Viewer Client C 2 compress 5 6 Compression 5 6 config 5 8 Configuration Groups 6 4 Managed Device 6 2 6 4 Parameters and Defaults 6 7 6 16 Connect C 2 Connection Box C 2 conserv 5 11 Console Management 2 1 C 2 Services C 2 Console Management Services C 2 Console Serial Port C 3 CONSOLE_SERVERS 7 2 Control C 3 ControlTower Host computer 3 3 ControlTower Console Management for Linux User s Guide IX 1 Index continued Index IX 2 Host Server System C 3 Host System 2 1 C 3 Host system 3 7 Security 5 3 Serv
26. without the CONSOLE SERVER environment variable defined Log See Log File Log File Output from a managed device that is stored locally on the Control Tower Host Managed Device A computer or other system that accepts basic management commands over an RS 232 serial interface see Console Serial Port Monitor See Read Only mode Network Client GUI or CLI connection to Control Tower Host using TCP IP G 4 ControlTower Console Management for Linux User s Guide Package A Solaris software package that is installed on computer system using the Solaris system command pkgadd Package removal is done with the Solaris system command pkgrm Read Only mode The ability of the Viewer Client to monitor output from the managed device Viewer Client connection that allows the user to view all managed device output as it happens but not to send any keystrokes to the managed device Requires the connect capability in the managed system authfile Read Write mode The ability of the Viewer Client to interact with the managed device Viewer Client connection that allows the user to see all managed device out put as it happens and to send keystrokes to the managed device The act of entering read write mode is called attaching and requires the attach capability in the managed system authfile If another user is currently attached in read write mode you can forcibly take control away from them this
27. 1 CImet T iere enc e hotter 1 File Formato ore eoe t ete due nets A 5 2 M 5 Maintenance 11 eua 11 COTVETUCS E E ree RE CC er nier A 12 Filt rt st S s rires A 13 locbroK 8 eet uci Ste e Hr tete Bee etis A 13 logch ck 8 err E RU ere A 14 SLOD G L a A 16 Appendix B Default Configuration File Introduction gaga B 1 Default Configuration File Example esse B 1 Appendix C An Example Configuration Glossary Table of Contents vii Contents continued Contents viii Table of Contents COMPUTING SOLUTIONS CHAPTER 1 About this Book Introduction The ControlTower Console Management for Linux User s Guide describes how to install configure and use ControlTower software It also provides reference infor mation Document Organization This manual is organized as follows Chapter 1 About this Book Describes target audience conven tions related manuals for this doc ument and registration information for ControlTower Chapter 2 About Control Describes Control Tower product Tower Console Manage system components and sample ment System for Linux application ControlTower Console Management for Linux User s Guide 1 1 About this Book Chapter 3 Getting Started Chapter 4 Installing Con tro
28. 5 ue E e i eee 6 1 Configuration Tasks 6 1 Set Up Managed Device Configuration Files 6 2 Creating a Configuration File for a Managed Device 6 3 Configuration File Hierarchies and Precedence 6 4 Configuring Groups 6 4 Creating Logins For Remote Users 6 5 Starting the Control Tower Server Software 6 5 Stopping the ControlTower Server Software 6 6 Configuration Parameters and Defaults 6 7 exclusive ee ERU ER QR etn 6 7 iulock eee tette dts t E NR I aana it 6 7 M RN 6 7 ty CHAN GE S D 6 7 breakstring sante dite sens E p 6 8 logdir E E arte HR e eig ede 6 8 VO SES teo D A ties 6 8 lognameprepend ect eene 6 8 loginput 5 5 et E REO ER ES 6 8 Table of Contents Contents continued Contents logm ssages zc eate Ar DL te muets 6 8 logst mp eret tete eee traten 6 9 logstampforimat idee tete ettet 6 9 loglinestamp 6 9 l gmaxsize 6o eerie tote de its 6 9 logmaxfiles cete eie 6 9 109mode esaet ree ed o reete 6 10 ee eaque cpi 6 10 loggroupu cie ei eoi egeo mon epis 6 10 lOgcombpr ss even a Oe RR 6 10 logcompressopt nenne 6 10 log ompressext ae pem pere reete 6 11 E te nes
29. C BROCKTON MA THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY USED AND COPIED ONLY IN ACCORDANCE WITH THE TERMS OF SUCH LICENSE AND WITH THE INCLUSION OF THE ABOVE COPYRIGHT NOTICE THIS SOFT WARE OR ANY OTHER COPIES THEREOF MAY NOT BE PROVIDED OR OTHER WISE MADE AVAILABLE TO ANY OTHER PERSON NO TITLE TO AND OWNERSHIP OF THE PROGRAM IS HEREBY TRANSFERRED THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT NOTICE AND SHOULD NOT BE CONSIDERED AS A COMMITMENT BY CARLO GAVAZZI COMPUTING SOLUTIONS INC THHHHHHHHHHHHHHHHHHHHHBHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHBHHBHHHHHHHHHE NOTE WELL THHHHHHHHHHHHHHHHHHHHHBHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHBHHHHHHHHHE 2 ControlTower Console Management for Linux User s Guide Default Configuration File With very few exceptions a value for each parameter MUST be specified NO default values are present in the code so values must be specified here or in a per system config file parameters for which a default can be reasonably picked appear here THHHUHHBHHHBHHHHHHHHHHBHHHHHHHHHHHBHHHBHHBHHBHHHHHBHHHBHHBHHBHHBBHBE serial line parameters serial line parameters devicename for serial port attached to system console syntax string device set O_EXCL exclusive open bit on serial port open syntax boolean exclusive true create and
30. CLUDES PASSWORDS all output including echo is always saved in the logfile syntax boolean loginput false log messages sent to users user connect disconnects in logfile serial line change and break messages are always logged syntax boolean logmessages true owner for log files syntax user name or uid logowner root group for log files syntax group name or gid loggroup root mode for log files syntax octal mode e g 0600 or comma separated sequence of symbolic absolute modes strings uoga rwxs logmode u rw Optional strftime 3 format used to timestamp lines in logfile if empty lines are not time stamped ControlTower Console Management for Linux User s Guide B 5 syntax string syntax string loglinestamp c Optional how often to timestamp logfile in minutes one of 10 20 30 60 or zero to disable syntax integer logstamp 60 strftime 3 format used to output periodic logfile timestamps if empty no periodic timestamps will be output syntax string logstampformat ak k THHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHBHBHHE Authorization parameters The name of the user remote users must supply the password for If authfile below is specified authuser only applies to version 1 viewers syntax string user name authuser auracmgr Th
31. Console Management for Linux User s Guide B 13 logmessages true owner for log files syntax user name or uid logowner root group for log files syntax group name or gid loggroup sys mode for log files syntax octal mode e g 0600 or comma separated sequence of symbolic absolute modes strings uoga rwxs logmode u rw Optional strftime 3 format used to timestamp lines in logfile if empty lines are not time stamped syntax string loglinestamp c THHHHHHHHHHHHHHBHE Logfile parameters read by logcheck program run every 10 minutes from root crontab Maximum logfile size in bytes before closing and rotating syntax integer logmaxsize 50000 Number of old log files to compress and keep in rotation syntax integer logmaxfiles 7 Optional how often to timestamp logfile in minutes one of 10 20 30 60 or zero to disable syntax integer logstamp 60 strftime 3 format used to output periodic logfile timestamps B 14 ControlTower Console Management for Linux User s Guide Default Configuration File if empty no periodic timestamps will be output syntax string logstampformat rmm eee Logfile compression program path syntax string logcompress Logfile compression program options compression program is expected to ALWAYS compress the log file even if this does no
32. D WITH THE INCLUSION OF THE ABOVE COPYRIGHT NOTICE THIS SOFTWARE OR ANY OTHER COPIES THEREOF MAY NOT BE PROVIDED OR OTHERWISE MADE ControlTower Console Management for Linux User s Guide B 11 AVAILABLE TO ANY OTHER PERSON NO TITLE TO AND OWNERSHIP OF THE PROGRAM IS HEREBY TRANSFERRED THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT NOTICE AND SHOULD NOT BE CONSIDERED AS COMMITMENT BY CARLO GAVAZZI COMPUTING SOLUTIONS THHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHBHHHHHBHHHHHHBHHHE NOTE WELL THHHHHHHHBHBHHHHHHBHHHHHHHHHHBHBHHHHHHHHHHHHBHHHHHHHHHHBHHHHHBHHHHHBHBBE With very few exceptions a value for each parameter MUST be specified NO default values are present in the code so values must be specified here or in a per system config file All parameters for which a default can be reasonably picked appear here THHHHHHHHHHHHHHHBHHHHHHHHHHHBHHHHHHHHHHBHHBHHHHHHHHHHHBHHHHHBHHHBHBHBUE serial line parameters devicename for serial port attached to system console syntax string device set O_EXCL exclusive open bit on serial port open syntax boolean exclusive true create and honor UUCP compatible lock files for the serial port syntax boolean uulock true tty mode syntax one or more tokens separated by commas or spaces tokens integer speed baud 55 cs6 7 cs8 B 12 ControlT
33. E Mandriva and Red Hat the package is installed by rpm Uhv RPM file 4 2 ControlTower Console Management for Linux User s Guide Installing New ControlTower Software In some cases you may have to do a rpm Uhv no deps RPM file On Gentoo you have two files cmgrd version tgz cmgrd version portage tgz You need to 1 Setup a portage overlay directory in make conf If you don t have one defined you can do echo PORTDIR OVERLAY usr local portage gt gt etc make conf 2 Go to the portage overlay directory create it if needed and unpack the por tage file cd usr local portage tar xfz cmgrd lt version gt portage tgz 3 Copy the source file to your portage distfiles directory cp cmgrd lt version gt tgz usr portage distfiles 4 Emerge the software emerge cmgrd ControlTower Console Management for LinuxUser s Guide 4 3 Installing ControlTower Software ControlTower Console Management for Linux User s Guide Installing New ControlTower Software ControlTower Console Management for LinuxUser Guide Installing ControlTower Software ControlTower Console Management for Linux User s Guide Installing New ControlTower Software ControlTower Console Management for LinuxUser Guide Installing ControlTower Software ControlTower Console Management for Linux User s Guide CHAPTER 5 COMPUTING SOLUTIONS Sec
34. Linux User s Guide B 7 was called unixenable in Version 1 00 old name still accepted syntax boolean localenable true Require password on local Unix domain connections was called unixenable in Version 1 00 old name still accepted syntax boolean localauth false THHHEHHHHHHHHHHHHHHHBHHHHHBHHHBHBHHHBHHBHHBHHHHHHHHHBHHBHHBHHBBHBE TCP socket parameters allow TCP IP connections syntax boolean tcpenable true The following have default value be left blank syntax separated list of host mask pairs syntax comma separated list of host mask pairs The host may be name from etc hosts or DNS or dotted decimal octets nnn nnn nnn nnn The mask is optional and can be used to specify which bits of the host address are to be examined 1 a single decimal number 24 signifying the number of high order bits set in the mask 2 four dotted decimal octets 255 255 255 0 B 8 ControlTower Console Management for Linux User s Guide Default Configuration File 3 a single hexadecimal value 0xffffff00 if no mask is supplied all bits in the host address are examined so host 32 is the same as host If set a host must match an entry in tcpallow in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string
35. Solutions Contact information is found in the section Obtain License Key File on page 3 6 Multiport Serial Peripheral Controller Connector to Connector Managed DB 25 Device DB 25 TXD 2 2 TXD RXD 3 RXD RTS 4 4 RTS CTS 5 D 5 CTS GND 7 7 GND DSR 6 6 DSR CD 8 zi 8 CD bo 7X 0 DTR FIGURE 2 Asynchronous DB 25 to DB 25 Null Modem Cable XON XOFF Handshaking ControlTower Console Management for Linux User s Guide 3 7 Getting Started Multiport Serial Con troller Connector RJ 45 RTS DTR TXD CD DSR RXD GND CTS FIGURE 3 Asynchronous RJ 45 DB 25 Null Modem Adapter Out of Band Flow Control 1 TENG Connector to Managed Device DB 25 5 CTS 6 DSR 8 CD 3 RXD 20 2 TXD 7 GND 4 RTS 3 8 ControlTower Console Management for Linux User s Guide Set Up Managed Devices ControlTower Console Management for Linux User s Guide Getting Started 3 10 ControlTower Console Management for Linux User s Guide CHAPTER 4 COMPUTING SOLUTIONS Installing ControlTower Software Introduction This chapter tells how to install Control Tower software Prior to installation you must complete the steps in Chapter 3 Getting Started Installation includes several tasks e
36. Systems 3 2 ping 3 3 Protection Mode 5 7 Protections 5 7 R Read Only mode C 4 Read Write mode C 5 Registration 1 4 Regular Expressions 6 12 Remote Access 5 9 encryption of 5 2 Remote Systems 4 8 Remote Viewer Client 3 4 S SBus Systems 3 2 Security 5 2 Security ControlTower 5 3 Serial Communication 3 9 Serial Driver 3 3 Serial Port Console C 3 Server 5 9 Server Software C 3 Software 3 10 Software Installation 4 3 4 8 Software Installation remote 4 8 Storage Directory 5 5 stty 6 7 6 14 Support 1 4 syslog 5 11 T TCP IP 5 9 TCPEnable 6 15 Timestamping 5 6 ttychanges 6 7 U unixauth 5 9 UNIX domain Access 5 9 User Commands cmgr 1 Username 5 10 uulock 6 7 V View C 5 Viewer Client 2 2 C 5 Character Oriented C 2 CLI C2 Command Line C 2 Local C 4 Remote 3 4 vold 4 4 4 5 Volume Manager 4 1 4 4 Warranty information 8 1 X xcmgr C 5 ControlTower Console Management for Linux User s Guide IX 3 Index ControlTower Console Management for Linux User s Guide
37. an specify in the command line the managed device you want to view and the access mode Specifying a Managed Device to View To connect to a managed device the Viewer Client needs to know the name of the managed device and ControlTower Console Management for Linux User s Guide Command Examples e the name of the ControlTower Host machine that manages that device if it is on a remote server These are specified in the command line when you run the Viewer Client as fol lows systems cmgr managed device_name gt lt host_name gt If you do not specify amp host name the Viewer Client looks in the CONSOLE SERVERS environment variable for a comma separated list of systems running ControlTower servers If CONSOLE SERVERS is not set Viewer Client defaults to the local ControlTower server If you do not specify managed device name the Viewer Client displays a list of devices accessible from the local server Specifying the Access Mode By default the Viewer Client connects to the managed device in read only mode In read only mode you must enter an escape sequence to send input to the managed device console port You can however specify that the Viewer Client should attach to the managed device console port i e read write mode with the a or A escape sequences For more information see Escape Sequences on page 7 6 In read write mode the Viewer Client window functions as a console termi
38. art port14 18 will start services with configuration files port14 cfg port15 cfg port16 cfg port17 cfg port18 cfg More than one service group and or range can be started at the same time ControlTower Console Management for Linux User s Guide 6 5 Configuring ControlTower E g etc init d emgrd start port14 18 port 20 Group 1 port33 Group2 Before starting the server you must complete the installation tasks described in Chapter 4 Installing Control Tower Software During installation the Control Tower server start stop scripts are placed in etc init d to allow it to be started when the system is booted You must use your system s admin tools to include cmgrd in your boot process Stopping the ControlTower Server Software To stop all ControlTower Server Software processes To stop the ControlTower server type etc init d cmgrd stop You can stop individual services with the command etc init d cmgrd stop service name this does not work on Gentoo Use usr sbin conserv service name instead You can stop all of the services in a group except for Gentoo with this command letc init d cmgrd stop group name gt If your service names end in a number not starting with O zero you can stop ranges of services For example port12 cfg is good but portO1 cfg is not letc init d cmgrd start service prefix gt lt stop gt lt end gt 6 6 ControlTower Console Management for Linux User s Guide
39. ault Configuration File for a complete listing of the DEFAULT file Also see the config 4 man page Security Information Since ControlTower sessions may involve the use of the root password or may involve root access on a managed device or remote communications between the Viewer the ControlTower Host you will want to keep security issues in mind when setting up and maintaining ControlTower Remote Access Security This version of Control Tower supports encryption of communications between a Viewer client running on a remote system and the ControlTower Host This feature mitigates the security risks of transmitting sensitive data over TCP IP networks Carlo Gavazzi Computing Solutions recommends that you always enable encryption when using the Viewer remotely unless your TCP IP connection to the server is over a secure LAN environment You can also use SSH to encrypt a remote connection to a Viewer running on the ControlTower Host To enable encryption for a managed system include the line DefaultEncrypt 128 in its configuration file As an alternative you can add this line to the LOCAL file to enable encryption for all managed systems by default 5 2 ControlTower Console Management for Linux User s Guide Security Information The line ForceEncrypt true will cause any requests for remote connections that do not support encryp tion at the default level to be refused by the ControlTower Host
40. connect to the server using TCP IP over a network The syntax is the same as for tcpallow There is no default value If set to unset tcpdeny in a configuration file at a lower level setitto novalue defaultencrypt defaultencrypt enables Twofish encryption over TCP IP connections The default is 0 Acceptable values are 0 128 and 256 This only takes effect if the cli ent on a local machine connects to this server over TCP IP using the CONSOLE SERVERS environment variable forceencrypt forceencrypt causes all incoming TCP IP connections to be dropped unless they accept the defaultencrypt or greater encryption level This will also cause all v2 0 and v1 0 TCP client connections to be dropped localenable formerly UNIXenable localenable determines whether the command line viewer cmgr has access to the local ControlTower Server Host The default is true localauth formerly UNIXauth localauth controls whether a password is required when using the command line viewer from the ControlTower Server Host The default is false 6 14 ControlTower Console Management for Linux User s Guide Configuration Parameters and Defaults disconnectidle disconnectidle sets the maximum amount of time in minutes that the Viewer Client session is allowed to remain idle regardless of whether it is in read only or read write mode After this point the Viewer Client is disconnected If the parame ter is set to 0 there will be
41. device cfg file is read to supply values unique to a single device The name of the configuration file determines the name of the managed device as known to the ControTower console management server and need not be the official name of the server ControlTower Console Management for Linux User s Guide A 11 FILE FORMAT Lines which start with character are treated as comments and ignored Config uration lines are of the form parameter value where parameter is a case insensitive parameter name and value is the parameter value PARAMETER SYNTAX Each parameter takes a value with one of the following syntaxes int Any integer value A prefix of means value will be interpreted as base 16 hex A prefix of 0 means value will be interpreted as base 8 octal Otherwise the value is interpreted as base 10 decimal boolean A boolean value one of 1 t true y yes to enable a parameter or on of O f false n no to disable a param eter string An arbitrary string The magic string novella resets the parameter so that it appears no value has ever been set This is useful for riding overriding defaults set in a highest level configura tion for optional parameters mode File protection mode ether an octal constant no leading digit required or a symbolic value ogua rwxs see chmod 1 man page uid User id decimal value or a user name from the pass wd 5 file gid Group id decimal value or group name fr
42. dle disconnect disconnectidle 0 Turn off idle detach detachidle 0 Don t require authorization for local connects localauth false Turn off tcpdeny so that everyone can look at managed devices tcpdeny novalue Turn on errlog so that error messages will be written to somewhere other than syslog errlog deviceOerrlog Turn on debugging for as much info as possible debug 1 The settings in this file have been chosen to maximize the information written to log files including the additional log file device0errlog which is written to the directory in which the ControlTower server was started in this case opt AURAc mgr config Notice that the value of logdir has been changed to opt AURAc mgr config This is why there are deviceo log files Gdevice0 and device0 1 Z inthe opt AURAcmgr config directory listing above These files are listed with a star ControlTower Console Management User s Guide after the name indicating that these are executable files because logmode was set to 764 u rwx g rw o r Notice also that authuser is set to auracmgr for this device The default log directory of var log cmgrlog contains files and directories device2 device2 1 gz device2 2 gz device3 device3 1 gz group Under the group directory is device device1 1 gz device1 2 gz devicel is the device under the group directory that has no parameter changes of its own Contr
43. e and hardware upgrades Purchase Order No Sales Order No Serial No Name Title Company Street Address City State Postal Code Country Phone Fax Email Address Supplier Name Date Purchased Supplier Address City State Postal Code Country Supplier Phone Protocol Software License Application Product 25 Q HDLC Q Control Tower Version Workstation Type O S Version Host ID Maximum Number of Ports Your Application Q Printer Plotter Connectivity Q Internet Connectivity C Terminal Instrumentation I O Telecom Service Provider Modem Pool Data Feed Q WAN Connectivity Q Other Carlo Gavazzi Computing Solutions 10 Mupac Drive Brockton MA 02301 USA Phone 508 588 6110 Fax 508 588 0498 E mail support gavazzi computing com URL www gavazzi computing com ControlTower Console Management for Linux User s Guide COMPUTING SOLUTIONS Appendix Command Reference User Commands cmgr 1 cmgr 1 NAME emgr Aurora ControlTower Console Manager viewer program SYNOPSIS 78aAILPNv d debuglevel e c f keylength t taillen o options system server port DESCRIPTION establishes an interactive session with the console port of the named system If no system name is specified a list of possible systems will be printed If server
44. e Timestamping Time stamps are periodically placed into the log files The timestamp fre quency is determined by the 1ogstamp parameter The default setting is 60 minutes Periodic timestamp format is determined by the 1ogstamp format parameter For more information about 1ogstampformat see logstampformat on page 6 9 In addition each log entry begins with a timestamp This can be turned off by setting loglinestamp to null loglinestamp You can control the appearance of the time stamp by changing the format characters See also logstamp logstampformat and loglinestamp on page 6 9 Log File Protections The default protection mode owner and group for a managed device s log files are as follows logmode u rw logowner root loggroup svs Values you can specify for these are as follows Protection Mode The value specified for 1ogmode can be expressed either as an octal num ber e g 600 or as a comma separated sequence of absolute modes strings e g u r ozrw See the chmod 1 man page for a detailed description of these possible values 5 4 ControlTower Console Management for Linux User s Guide Authorization Parameters Owner The value specified for Logowner can be expressed as a decimal user id or as a username from the password database Group The value of 1oggroup can be expressed as a decimal group id or as a group name from the groups database Log files may contain sensitive syst
45. e host matches a mem ber of this list of comma seperated TCP hosts or net works to allow connections from Hosts may be host names or IP addresses Each may be followed with a forward slash and an optional mask in dotted oc tet format hex or decimal network mask length of the following have the same effect 255 255 255 0 0xffffff00 24 The mask deter mines which bits in the IP addresses will be exam ined Any bit position with a zero mask bit will be ignored tcpreject Syntax string If non null TCP connections will be rejected if the remote host matches a member of this list see tcpallow for syntax authuser Syntax string If authfile is not set this is the name of a local user remote users must supply the pass word for when connecting If not set empty or the user does not exist no one can connect over the net work or locally if unixauth see above is set If au thfile is set authuser only applies to version 1 viewers authfile Syntax string The path to an optional per user au thorization file which contains a list of authorized users and their capabilities If the path name is not absolute does not begin with a slash it will be in terpreted as relative to the directory inwhich the de vice cfg file was found If the authfile parameters not specified all users must authenticate as the user specified by the authuser parameter The authfile format is user name followed by one or more of the
46. e path to an optional per user authorization file which contains a list of authorized users and their capabilities The path may be relative to group or config directory If not specified all users must authenticate as authuser if set users will be prompted for a user name B 6 ControlTower Console Management for Linux User s Guide Default Configuration File To override a value set in a higher level configuration file use the magic string novalue syntax string path authfile etc AURAcmegr authusers Idle time parameters Idle time parameters If non zero the maximum time in minutes before disconnecting an idle viewer regardless of whether view is attached view only If zero no idle limit is enforced syntax integer minutes disconnectidle 0 If non zero the maximum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is enforced syntax integer minutes detachidle 0 local Unix domain socket parameters Allow local Unix domain connections ControlTower Console Management for
47. e section Setting the CONSOLE SERVERS Vari able on page 7 1 for information on setting up this account If security is being administered using authfile the next lines entered will be username remote server authfile user password remote server authfile user password The lt remote_server_authfile_user gt specified will have the permissions assigned to them in the auth file file The following commands have the described effects when CONSOLE SERVERS is set to both the local and remote servers When this is the case cmgr treats devices on a remote server in the same way it treats local devices List devices managed by the local server only system cmgr 1 cmgr must have system name hercules apollo ulysses agamemnon cmgr viewer exiting List devices managed by both local and remote servers system cmgr cmgr must have system name agamemnon serverl apollo serverl dagwood server2 dilbert server2 hercules serverl lucy server2 ulysses serverl1 cmgr viewer exiting View a device managed by a remote server in read only mode system cmgr lt managed_device_name gt If security is being administered using authuser the next line entered will be password lt remote_server_authuser_password gt ControlTower Console Management for Linux User s Guide 7 5 Administering Managed Devices where lt remote_server_authuser_password gt is the password for the user assigned to the authuser pa
48. eakstring parameter has been configured the specified text will be sent The default is null oreakstring If set to unset this parameter in a configuration file at a lower level set it to novalue breakstring may contain backslash escaped characters r X Vooo one or more octal digits XXX two hex digits logdir logdir allows you to specify a directory to which log files will be written The default is var log cmgrlog The value must be expressed as an absolute path If the managed device is a member of a group the device log file will be cre ated in a subdirectory with the same name as the group logfile logfile allows you to explicitly specify the file to which log output will be writ ten logfile defaults to logdir lt servername gt but can be customized to pathname for each server individually or all servers combined If multiple server outputs are combined it is recommended that you disable logstamp lognameprepend If enabled lognameprepend prepends the server name to all logs made Useful for combining several server log outputs to one file loginput If loginput is set to true all text that is entered into the Viewer Client will be written to the log file including passwords The default is false logmessages logmessages controls whether messages generated by ControlTower are written to the log file The default is true 6 8 ControlTower Console Management for Linux User s Guide Configuratio
49. ecified using the logfile pa rameter If the managed device is a member of a group the device log file will be created in a subdi rectory having the same name as the group Syntax string Specify the absolute path to the file to which log output will be written Defaults to logdir servername but can be customized to a pathname for each server individually or all serv ers combined Syntax string The path to an optional log file filter file The path may be relative Each line in the log filter file starts with a filter type one of keep drop or alert followed by a delimited POSIX 1003 2 ex tended regular expression see regex 7 which may be followed by optional tag text The delim iter character used to bracket the regular expression must not appear within the regular expression Syntax boolean log user input from attached us er s Will cause double echo of user input No echo input passwords will be logged Syntax string Format string passed to strftime 3 to format timestamp on each line written to log file If empty lines are not timestamped Syntax boolean Log connect disconnect force messages normally sent to connected users to man aged system log file including parameter set mes sages Syntax mode Protection for per system log file 8 ControlTower Console Management for Linux User s Guide File Formats May be empty Ignored if mode 0 Logfile mode is set on each re op
50. ed Avoid disconnecting and reconnecting the network connection on running sys tems Avoid power cycling the ControlTower Host at times when managed device operation is critical If it is necessary to stop ControlTower processes use etc init d cmgrd stop After connecting or reconnecting a managed device console port to the Con trolTower Host verify that the managed device is operational by connecting using a Viewer Client See the cmgr 1 man page for further information Verify operation of all systems after power cycling the ControlTower Host or reloading the Aurora brand Multiport Serial Driver See the kbd 1 man page for information on how to enable disable break on the console serial port Attach your host machine to a UPS uninterruptible power supply of sufficient capacity to ensure that it will be up as long or longer than all managed devices The break signal mostly affects Sun servers in their default configurations ControlTower Console Management for Linux User s Guide 3 3 Getting Started Identify Managed Devices ControlTower allows you to manage devices which have an RS 232 console port Systems other than those running Sun Solaris must be tested for compatibility with ControlTower Managed Devices Worksheet Complete the Managed Device Worksheet page 3 4 to help plan the types of devices you will be managing with ControlTower Some examples are provided Photocopy the worksheet for additional
51. em information including passwords You should carefully consider to whom you make them accessible Through the use of Regular Expressions in the log filter sensitive infor mation may be removed Refer to log filtering on page 5 5 Log Filtering Log filtering selects which lines of information are written to the log file based on sequences of characters found within the line using Regular Expression matching Log filtering is configured using the logfilter parameter to specify a file name and populating a file of that name with Regular Expression commands that will drop or keep lines that would otherwise be written or not to the log file This can conserve disk space Authorization Parameters You can configure a number of aspects of user access to the Control Tower Host including e Whether and how local domain access to a Control Tower Host is permitted e Whether and from what hosts remote TCP IP access to the Control Tower Host is permitted e The usernames to use for remote access to a ControlTower Host e Setting permissions for access to managed devices ControlTower Console Management for Linux User s Guide 5 5 Security and Configuration Concepts Local Access Control UNIX domain access is used for local Command Line Viewer Client access This is the case when the CONSOLE sERVERS environment variable is not set and the Command Line Viewer is started without specifying remote server
52. en for append logowner Syntax uid Owner for per system log file May be empty The Log file owner is set on each re open for append loggroup Syntax gid Group for per system log file May be empty Log file group is set on each re open for ap pend logstamp Syntax integer Determines how often to timestamp the log file in minutes one of 10 20 30 60 or zero to disable periodic timestamps logstampformat Syntax string Format string passed to strftime 3 to format periodic logfile timestamps If empty pe riodic timestamps are not output logcompress Syntax string Pathname of a program for logcheck 8 to use to compress old log files Local connection control parameters localenable Syntax boolean True to allow local unix domain socket connections This parameter was called unix enable in version 1 00 which is still accepted as an alias localauth Syntax boolean True to force local unix domain Socket connection users to be prompted for pass word see authuser below This parameter was called unixauth in version 1 00 which is still ac cepted as an alias Network access control parameters tcpenable Syntax boolean True to allow TCP IP connections tcpallow Syntax string If non null TCP connections will only be accepted if the remote host matches a mem ber of this list of comma seperated TCP hosts or net works to allow connections from Hosts may be host names or IP addresses Each may be fo
53. er 5 9 Server Software C 3 Software 2 1 Viewer Client 2 2 Viewer Client software 2 1 ControlTower server 5 11 ControlTower Software 4 1 Conventions 1 3 D daemon 5 11 detachidle 6 16 Device driver 3 7 disconnectidle 6 16 Disk Space 5 8 Document conventions 1 3 Driver 3 7 E Encryption 5 2 Error Logging 5 11 exclusive 6 7 F File Rotation 5 5 Filtering 5 8 Force Attach 6 14 Force Control C 3 Force Read Write C 3 G Group 5 7 gzp 5 6 H Host 2 1 3 1 C 3 Host Machine 3 2 Host System 2 1 C 3 C 4 Host system 3 7 1 Installation Software 4 3 4 8 Software remote 4 8 K kbd 3 4 L License key 3 1 3 7 4 8 Local Access 5 9 Local Viewer Client C 4 localauth 5 9 6 16 localenable 5 9 6 16 Log C 4 Log File C 4 Compression 5 6 Contents 5 5 Disk Space 5 8 Filtering 5 8 Protections 5 7 Rotation 5 5 Storage Directory 5 5 Timestamping 5 6 Log Filtering 5 8 logcompress 5 6 6 10 logcompressext 5 6 6 11 LogCompressOpt 6 10 logcompressopt 5 6 6 10 logdir 6 8 logfilter 6 11 loggroup 6 10 loginput 6 8 loglinestamp 5 7 6 9 logmaxfiles 6 9 logmaxsize 6 9 logmessages 6 8 logmode 6 10 logowner 6 10 logstamp 5 7 6 9 logstampformat 5 7 6 9 M Managed Device 3 4 6 3 C 4 Connecting 3 8 3 10 ControlTower Console Manager User s Guide Index Managed device 2 1 2 2 5 9 Managed devices 3 1 Monitor C 4 N Network Client C 4 O Owner 5 7 P Package C 4 Parts List 3 6 PCI
54. er device log file May be empty The Log file owner is set on each re open for append loggroup Syntax gid Group for per device log file May be empty Log file group is set on each re open for ap pend logstamp Syntax integer Determines how often to timestamp the log file in minutes one of 10 20 30 60 or zero to disable periodic timestamps logstampformat Syntax string Format string passed to strf time 3 to format periodic logfile timestamps If empty periodic timestamps are not output Local connection control parameters localenable Syntax boolean True to allow local unix domain socket connections NOTE This parameter was called unixenable in version 1 00 which is still ac cepted as an alias localauth Syntax boolean True to force local unix domain socket connection users authenticate see authuser and authfile below If false local unix domain socket connections will not be prompted for a user A 14 ControlTower Console Management for Linux User s Guide File Formats name or password This is safe so long as the var Hb AURAcmgr sockets sock is protected to only al low access to authorized users NOTE This param eter was called unixauth in version 1 00 which is still accepted as an alias Network access control parameters tcpenable Syntax boolean True to allow TCP IP connections tcpallow Syntax string If non null TCP connections will only be accepted if the remot
55. evice Configuration Files The default configuration for all devices managed by a ControlTower server is specified in the DEFAULT configuration file in etc AURAcmgr In addition each device is represented by a configuration file in the format managed device name c g This configuration file can override the configuration specified in the DEFAULT file The name you give this configuration file is the name by which the managed device will be known to ControlTower It is recommended that the configuration file for the managed device have the same name as the managed device Configuration file names e may be from 1 to 64 characters long may be the same as the network name but are not required to be e must have the extension cfg or grp for group configuration files e must reside in ett AURAcmgr or a group directory directly under this directory may not begin with a period The configuration file for a managed device must contain at a minimum the con sole server device pathname specifying the server port to which the managed device console port has been connected For example device dev ttyAxx for Linux kernel 2 6 x device dev cuaxx for kernel 2 4 x For a managed device to belong to a group its configuration file must be located in the group subdirectory under etc AURAcmgr The subdirectory must contain a grp file with the same name as the subdirectory The grp file
56. file user password The lt authfile_user gt specified will have the permissions assigned to them in the authfile file The viewer is now attached to hercules in read only mode When you view a device in read only mode you cannot send input to that system To send input you must attach in read write mode using an escape sequence See Escape Sequences on page 7 6 e Attach in read write mode to a managed device on the local server system cmgr a hercules Security will be as described above however if authfile is used for authoriza tion if the user who logs in doesn t have attach permission the device will be attached in read only mode Similarly if A is used to force attach if the user doesn t have attach and fattach permissions any users already connected will not be disconnected and the device will be attached in read only mode 7 A ControlTower Console Management for Linux User s Guide Command Examples View device managed by remote server system cmgr lt managed_device_name gt lt remote_server_name gt If security is being administered using authuser the next line entered will be password c remote server authuser password where remote server authuser password is the password for the user assigned to the authuser parameter on the remote server The default is auracmgr but if authuser has been set to a different user that user s pass word will be required See th
57. fined by using an optional group name followed by the prefix followed by the start of the range followed by a dash followed by the end of the range For example Groupl port5 12 FILES std AURAcmgr cfg config files SEE ALSO cmgrd config 5 conserv 8 locbrok 8 12 September 2005 cmgrd 8 ControlTower Console Management for Linux User s Guide A 19 filtertest 8 filtertest 8 NAME filtertest Aurora ControlTower Console Manager log filter test program SYNOPSIS filtertest n q filterfile inputfile DESCRIPTION filtertest reads an Aurora Control Tower Console Manager log filter file checks the file for syntax and reads an input file and applies the filters to each line of the input file If no input file is specified lines are read from the standard input stream Each match is reported on the standard output and a summary of each type of match keep drop alert is reported on standard errors when end of file is reached on stan dard input When the n no filter option is specified filtertest will exit with zero true status after successfully parsing the filter file When the q filter is specified matches are not reported on standard output A summary is still reported on standard error SEE ALSO conserv 8 29 Oct 2000 filtertest 8 Maintenance Procedures conserv 8 conserv 8 NAME conserv Aurora ControlTower Console Manager server process SYNOPSIS conserv d debugle
58. follows the system name a TCP IP connection will be made to the named server and the system name is used literally no abbreviations accepted The server name can be followed by a colon and a port number or name from the services 4 file to contact on the remote server If the CONSOLE SERVERS envi ronment variable contains a comma seperated list of servers and the l option is not ControlTower Console Management for Linux User s Guide A 1 given servers will be contacted in turn to retrieve the list of all possible system names Each server name can optionally be followed by a colon and a port number or name from the services 4 file to use to contact the remote server If no system name is present on the command line all the system names and the server to which they are attached will be sorted and printed If a system name is present it may be an unambiguous prefix If the prefix is ambiguous all matching system names will be printed If the CONSOLE SERVERS environment variable is not set or the l option is given the connection will be made locally using Unix domain sockets This requires file access permission to the directory in which the sockets are located and will not require a password to establish a connection If no system name is present on the command line all the system names will be sorted and printed If a system name is present it may be an unambiguous prefix If the prefix is ambiguous all matching s
59. g configuration files The log files will be sent here for easy access logdirz op AURAcmgr config This will write everything typed into cmgr session including PASSWORDS loginput true logmessages true in the DEFAULT file C 4 ControlTower Console Management User s Guide mode for log files Results in rwxrw r logmode 764 To make debugging easier line by line time stamping is being turned back on with the default value loglinestamp c This will keep larger log files and more of them logmaxsize 500000 logmaxfiles 20 Since line time stamping is back we don t need as many periodic time stamps logstamp 60 Return the format of the periodic time stamp to the default ehe Logfile compression program path Use compress so that log files can be copied to and uncompressed on machines that don t have gzip logcompress usr bin compress This still hasn t changed but is left for clarity logcompressopt f Logfile compression program output extension including DOT character The compress extension is Z logcompressext Z ControlTower Console Management User s Guide C 5 Turn off log filtering logfilter novalue Set authuser to the user whose password everyone has authuser auracmgr Turn off per user authorization authfile novalue Turn off i
60. he authfile format is username followed by one or more of the follow ing connect may connect to server attach may attach in r w mode fattach may A 16 ControlTower Console Management for Linux User s Guide File Formats force others off stty may change tty params break may sendbreak all all of the above seperated by plus signs to add capabilities or minus signs to sub tract them Idle time limit parameters detachidle Syntax integer If non zero the maximum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is en forced disconnectidle Syntax integer If non zero the maximum time in Misc parameters attires FILES minute before disconnecting an idle viewer regard less of whether viewer is attached or view only If zero no idle limit is enforced Syntax string Can be set to one of three values vt100 vt100 DC2 or vt100 DS If set the server will send adequate response to the vt100 queries even when no client is connected This can be used to insure that some PC console are active since they rely on the vt100 sequence during boot to determine if they are connected and if so the obdu rate to use letc AURAcmgr DEFAULT default values letc AURAcmgr LOCAL site local default values letc AURAcmgr group group grp group default values letc AURAcmgr group device cfg per device configuration SEE ALSO
61. honor UUCP compatible lock files for the serial port syntax boolean uulock true tty mode syntax one or more tokens separated by commas or spaces tokens integer speed baud cs5 cs6 cs7 cs8 ControlTower Console Management for Linux User s Guide B 3 flag flag flags crtscts cstopb parenb parodd ixoff ixon istrip ALL flags parameters should appear here in DEFAULT file subsequent stty configuration in system cfg or with o on command line or via console program set command change ONLY the bits which are specified all other remain the same stty 9600 8 crtscts cstopb parenb parodd ixoff ixon istrip allow client programs to change serial line parameters syntax boolean ttychanges true string to send instead of BREAK signal optional syntax string the following escape sequences are allowed WW X ooo 1 or more octal digits xXX two hex digits WX Wn X ooo 1 or more octal digits XXX two hex digits breakstring THHHEHHHHHHHHHHHHHHHBHHBHHHHHHHBHBHHHBHHBHHBHHHHHBHHHBHHBHHBHHBBHBE Logfile parameters system console output is saved in a logfile directory for all log files must be absolute syntax string path B 4 ControlTower Console Management for Linux User s Guide Default Configuration File logdir var log AURAcmgr log client user input in logfile THIS IN
62. is still reported on standard error SEE ALSO conserv 8 locbrok 8 NAME locbrok ControlTower Console Manager server Location Broker A 22 ControlTower Console Management for Linux User s Guide Maintenance Procedures SYNOPSIS locbrok debuglevel DESCRIPTION The Control Tower Console Manager Location Broker reads and enforces the terms of the product licence file and keeps a database of managed system names and the TCP IP port the conserv 8 process for that managed system is available at When a cmgr 1 is run remotely it first contacts one or more Location Brokers on one or more servers in order to find out what managed systems are available what server they are attached to and on which TCP port the conserv 8 process can be reached The locbrok process is normally launched by the start 8 script and killed by the stop 8 script FILES etc AURAcmgr license dat license file etc AURAcmgr pids locbrok process id file etc AURAcmgr sock system locbrok2 unix domain socket endpoint SEE ALSO cmgr 1 conserv 8 start 8 stop 8 filtertest 8 filtertest 8 NAME filtertest Aurora Control Tower Console Manager log filter test program SYNOPSIS filtertest n q filterfile inputfile DESCRIPTION filtertest reads an Aurora ControlTower Console Manager log filter file checks the file for syntax and reads an input file and applied the filters to each line of the input file If no
63. ission can acquire read write permission to a device even if there is another user attached Another user who is attached is forced into read only mode e st ty The user has permission to set stty parameters for devices Break break the user has permission to send a break string to the managed device e None none The user has no authority to do anything e a11 the user has all of the above permissions Permissions can be combined with a plus sign or subtracted with a minus sign The following is a sample authfile file with multiple users This file contains users who have access to the devices in group auracmgr attach fattach break developerl all stty The following user will be allowed view only sessions developer2 none tcpenable tcpenable determines whether remote machines are allowed to connect to the server using TCP IP over a network The default value is true ControlTower Console Management for Linux User s Guide 6 13 Configuring ControlTower tcpallow tcpallow contains a list of machines that are allowed to connect to the server using TCP IP over a network If set tcpallow will contain a comma delimited list of IP addresses or host names either of which can be followed by a mask There is no default value If set to unset tcpallow in a configuration file at a lower level set it to novalue tcpdeny tcpdeny contains a list of machines that are not allowed to
64. lTower Software Chapter 5 Security and Configuration Concepts Chapter 6 Configuring Con trolTower Chapter 7 Administering Managed Devices Chapter 8 Warranty amp Maintenance Information Appendix Command Reference Appendix B Default Con figuration File Appendix C An Example Configuration Glossary Terms amp Definitions Describes information for site preparation hardware drivers license keys and managed devices for ControlTower Describes how to install Control Tower Provides security and advanced configuration concepts Provides configuration instruc tions using the Command Line Interface Describes how to administrate managed devices using Control Tower Describes product Warranty infor mation Lists man pages of ControlTower related User Commands Lists the default configuration file Shows examples of LOCAL file a group file and device files Presents frequently used terms and definitions Who Should Use This Book This book is a user s guide and reference for System Administrators who are using ControlTower to manage servers ControlTower Console Management for Linux User s Guide Document Conventions Document Conventions Table 1 describes the symbolic conventions used in this guide TABLE 1 Conventions Symbol Description screen Graphic text that appears on screens menus and display dialog boxes appea
65. le Setthe CONSOLE SERVERS environment variable If you will be running ControlTower on multiple servers connected in a network and would like to use the Viewer Client to monitor devices managed by a different server you may want to set CONSOLE SERVERS to specify these servers If CONSOLE SERVERS contains a comma separated list of ControlTower servers the Viewer Client will have access to all of the listed servers ControlTower Console Management for Linux User s Guide 7 1 Administering Managed Devices Set CONSOLE SERVERS as follows ksh or sh CONSOLE SERVERS server systeml server system27 export CONSOLE SERVERS csh or tcsh setenv CONSOLE SERVERS server systeml server system2 The CONSOLE SERVERS environment variable only exists for the server on which it was set Each ControlTower server from which you wish to connect to devices on other servers should have the CONSOLE SERVERS environment vari able set About CLI Viewer Client ControlTower CLI Viewer Client is a user interface to the ControlTower server software After contacting the ControlTower server the Viewer Client establishes an active session with the console port of a single device managed by that server You must run one instance of Viewer Client software for each device you want to view There is only one client command cmgr CLI Viewer Client Operation When you run the Viewer Client you c
66. le for a managed device overrides all of these for that device ControlTower Console Management for Linux User s Guide 6 3 Configuring ControlTower DEFAULT LOCAL Group Config Config FIGURE 4 Configuration File Hierarchies Configuring Groups You can associate groups of managed devices using a subdirectory Each subdirec tory must have a file with the same name as the subdirectory and the extension grp This file contains the group configuration parameters All devices that have configuration files within this directory will have the group configuration file parameters applied to them unless these parameters are set in the devices individ ual configuration files To avoid confusion it is recommended that configuration file names be unique across groups The configuration file name cannot be the same as the group file name Creating Logins For Remote Users You may want to perform one or more of the following tasks to set up the environ ment on the ControlTower server system 6 4 ControlTower Console Management for Linux User s Guide Starting the ControlTower Server Software If you intend to allow remote access to this ControlTower Host system you must create user accounts for all users who are authorized to use Control Tower remotely If you want separate logins for each user having access to the ControlTower Host system
67. llowed with a forward slash and an optional mask in dotted oc ControlTower Console Management for Linux User s Guide A 9 tcpreject authuser authfile tet format hex or decimal network mask length of the following have the same effect 255 255 255 0 0xffffff00 24 The mask deter mines which bits in the IP addresses will be exam ined Any bit position with a zero mask bit will be ignored Syntax string If non null TCP connections will be rejected if the remote host matches a member of this list see tepallow for syntax Syntax string The name of a local user remote us ers must supply the password for when connecting If not set empty or the user does not exist no one can connect over the network or locally if unixauth see above is set Syntax string The path to an optional per user au thorization file which contains a list of authorized users and their capabilities The path may be rela tive If the authfile parameter is not specified all us ers must authenticate as the user specified by the authuser parameter The authfile format is user name followed by one or more of the following connect may connect to server attach may attach in r w mode fattach may force others off stty may change tty params break may send break all all of the above seperated by plus signs to add capabilities or minus signs to subtract them Idle time limit parameters detachidle
68. lt device_name gt lt server_name gt Use 1ocalenable parameter to permit or deny local domain access to Control Tower Hosts By default local domain access is permitted localenable true Use 1ocalauth parameter to specify whether users must enter a pass word for local access to ControlTower Hosts By default password entry is not required localauth false Remote TCP IP Access Control Use the tcpenable parameter to permit or deny access via TCP IP to ControlTower Hosts By default TCP IP access is permitted tcpen able true TCP IP access can be controlled on a system by system basis by entering the IP addresses of servers into tcpallow and tcpdeny in a comma delimited list Username for Remote Access e All remote connections over a network require entry of a password This pass word may be the same for all devices managed by a ControlTower Host using the authuser parameter Alternatively authorization can be managed through the authfile parameter This is the recommended method for authorization since it gives much better control over access e All network connections are checked using IP address access control lists to permit or deny connections from specific hosts or entire networks or net blocks e The configuration parameters for TCP IP network connections are the follow ing tcpenable enable use of TCP IP connections 5 6 ControlTower Console Management for Linux User s Guide
69. may be empty or contain parameters that will be applied to all devices in the group The group file may not contain the device parameter You must create a configuration file for each managed device ControlTower Console Management for Linux User s Guide Configuration File Hierarchies Precedence Creating a Configuration File for a Managed Device Perform the following procedure to create a minimal configuration file for a man aged device To create a configuration file Log in as root or use su login root Password root password 1 cd to etc AURAcmgr system cd etc AURAcmgr 2 Using the text editor of your choice vi is shown here create a file having the name by which you wish this managed device to be known systems vi managed device name cfg The file must have a c g extension 3 Insert into the file the line device dev ttyy AORS xxx port number where port number is the port to which this device has been attached For example device dev ttyy AORS 128 for a managed device connected to serial port 128 When you have created configuration files for all managed devices connected to the server you are ready to start ControlTower Configuration File Hierarchies and Precedence Configuration file hierarchies are illustrated in Figure 4 The leaf nodes override anything above For example Group overrides LOCAL and LOCAL overrides DEFAULT but a configuration fi
70. mber see d option escape string see e option tail number see t option port string see p option local see l option nolocal see L option passthru see P option nopassthru see N option SEE ALSO services 5 locbrok 8 13 May 2001 cmgr 1 File Formats config 4 NAME config ControlTower Console Manager server configuration file ControlTower Console Management for Linux User s Guide A 5 SYNOPSIS etc AURAcmgr DEFAULT etc AURAcmgr LOCAL etc AURAcmgr group group grp etc AURAcmgr group system cfg DESCRIPTION The ControlTower Console Manager conserv and logcheck programs read DEFAULT site LOCAL group and per system configuration files of the format described here The DEFAULT file contains all global default values and should not be edited The LOCAL file is then read to allow avoid losing local changes to the DEFAULT file that might be lost in an upgrade If the system config file is located in a subdirectory that directory must contain a group configuration file with the same name as the directory and the suffix cfg Finally the system cfg file is read to supply values unique to a single system The name of the configuration file determines the name of the managed system as known to the ControTower console management server and need not be the official name of the server File Format Lines which start with a character are treated as comments and igno
71. mmand and killed by the etc init d cmgrdstop 8 command FILES letc AURAcmgr license dat license file var run locbrok process id file var lib AURAcmgr sockets system locbrok2 unix domain socket endpoint SEE ALSO cmgr 1 conserv 8 16 Jan 2000 locbrok 8 ControlTower Console Management for Linux User s Guide A 25 26 ControlTower Console Management for Linux User s Guide COMPUTING SOLUTIONS Default Configuration File Introduction The DEFAULT configuration file opt AURAcmgr config DEFAULT shown here specifies the default configuration for devices managed by a Control Tower server These configuration specifications apply to every managed device unless overriden in the LOCAL configuration file the group name group name grp file or the configuration file for that device etc AURAc mgr device name cfg Default Configuration File Example Aurora ControlTower Console Manager DEFAULT configuration This file is read before the LOCAL file lt group gt lt group gt grp files and lt system gt cfg files Any changes to these defaults should be ControlTower Console Management for Linux User s Guide B 1 made by adding lines to LOCAL per group configuration files THHHEHHBHHHBHHBHHHBHHHHHHHHHHHHBHHBHHBHHHBHHHHHHHHHBHHBHHBHHBHHBHHHBHIE COPYRIGHT c 1998 2005 BY CARLO GAVAZZI COMPUTING SOLU TIONS IN
72. n Parameters and Defaults logstamp logstamp inserts a line containing a time stamp into the log file at regular inter vals which you determine Valid intervals are 10 20 30 or 60 minutes A value of 0 means no logstamp is written The default value is 60 logstampformat logstampformat contains the format of the time stamp that is inserted into the log file See the strftime 3C man page for valid format variables The default 1S Okckck ck ck ck kk KAGOK kk KKK KK KK loglinestamp loglinestamp specifies that a time and date stamp will be written on each log line received from a managed device If loglinestamp is null no line by line timestamping will be performed The default is c See the strftime 3C man page for valid format variables logmode logmode specifies the log file permissions mode The default is u rw which means that only the owner has read write access to the log files The available val ues are ugoa rwx Different permissions can be set for different users user group or other by listing the different users and their permissions separated by a comma for instance u rwx g rw o r See the chmod 1 man page for more information logowner logowner specifies the owner of the log files This would be the u in the description of Logmode The default value is root Users are listed in etc passwd loggroup loggroup specifies the group to which the owner of the log files belongs This would
73. nagement User s Guide C 1 e group grp e groupauthfile Modifications to global parameters have been made in the LOCAL file instead of the DEFAULT file The LOCAL file is Don t allow client programs to change serial line parameters ttychanges false So no can send a break to a device set the breakstring to the text breakstring 116 117 041 Everyone can read the log files logmode u rw g r 0 r Set loglinestamp to NULL so that lines are not time stamped loglinestamp Since there are no timestamps per line there will be timestamps every 10 min logstamp 10 Add the week to the default periodic time stamp logstampformat Week QU rem Logfile compression program path syntax string Change compression utility to gzip for better compression logcompress usr bin gzip This is the same as in the DEFAULT file but is left here for clarity logcompressopt f ControlTower Console Management User s Guide This is the extension that is appended by gzip logcompressext gz Put logfilter file with logfiles it affects This file will filter input to all log files including ones under a group logfilterz var log cmgrlog LOCALlogfilterfile Unset the authuser parameter authuser This file currently contains auracmgr all so that only people with the auracmgr password have access to devices authfile _OCALa
74. nal attached to the managed device The users and permissions listed in the authfile file determine which escape sequences are available to which user For more information on auth file see authfile on page 6 13 Command Examples These command examples show how to use the ControlTower Viewer Client to view managed devices The CONSOLE SERVERS environment variable deter mines how devices on local and remote servers are specified for viewing The fol lowing commands have the described effects when CONSOLE SERVERS 15 not set ControlTower Console Management for Linux User s Guide 7 3 Administering Managed Devices List devices managed by the local server system cmgr cmgr must have system name hercules apollo ulysses agamemnon cmgr viewer exiting e View a device managed by the local server in read only mode system cmgr hercules If security is being administered using authuser the next line entered will be password lt password where authuser password is the password for the user assigned to the authuser parameter The default is auracmgr but if authuser has been set to a different user that user s password will be required See the section Setting the CONSOLE SERVERS Variable on page 7 1 for information on setting up this account If security is being administered using auth ile the next lines entered will be username authfile user password auth
75. nection will be downgraded to view only Detach from the remote console make the connec tion view only Query server a single character specifies the infor mation return A show All W show Who is con nected to server show Tail of log file V show Versions of server and console programs show available options Set a server variable only if currently attached a single character specifies the information to change 5 set stty parameters a subset of the stty 1 com mand options include ertscts crtscts cstopb cs topb parenb parenb parext parex parodd parodd iyon ixon ixoff ixoff istrip istrip cs5 cs6 cs7 cs8 or a baud rate T set distance back tail query will display in log file show available op tions Send a BREAK only if currently attached The user is prompted to confirm this action which will be aborted if not confirmed Display help on escape sequences All other characters typed are sent to the remote system when attached If not attached the bell is rung for each character typed ENVIRONMENT CONSOLE_SERVERS see above ControlTower Console Management for Linux User s Guide File Formats AURACMGR_OPTIONS AURACMGR_OPTIONS Establish per user defaults before checking command line options AURACMGR_OPTIONS consists of a sequence of strings and val ues seperated by commas one or more of attach see a option Attach see A option Ibit see 7 option debug nu
76. no automatic disconnect The default value is 0 detachidle detachidle sets the maximum amount of time in minutes that the Viewer Cli ent is allowed to remain idle while in read write mode After this point the Viewer Client is set to read only mode If the parameter is set to 0 there will be no forced shift into read only mode The default value is 0 autoresp autoresp can be set to one of three values vt100 vt100 DC2 or vt100 DS If set the server will send adequate response to the vt100 queries even when no client is connected This can be used to insure that some PC console are active since they rely on the vt100 sequence during boot to determine if they are connected and if so the baudrate to use ControlTower Console Management for Linux User s Guide 6 15 Configuring ControlTower 6 16 ControlTower Console Management for Linux User s Guide CHAPTER 7 COMPUTING SOLUTIONS Administering Managed Devices Using Command Line Interface for Managed Devices This chapter tells how to administer and monitor managed devices using the Com mand Line Interface CLI You can administer and monitor managed devices through the Control Tower Host and from remote Viewer Clients This chapter assumes knowledge of UNIX commands If any listed commands are unknown or their usage is unclear please see the man page for the command man lt command gt Setting the CONSOLE SERVERS Variab
77. oduct Registration To receive standard warranty coverage on your product including 90 days of free technical support you must print fill out and fax or mail back the Warranty Regis tration Card that is located in Chapter 8 Warranty amp Maintenance Information Phone support can only be provided after product registration is complete Extended Hardware and Software Support Agreements can be purchased to provide additional coverage Sending in this card also lets us keep you up to date on the complete line of Carlo Gavazzi Computing Solutions products If you have any questions or comments on your product contact our Customer Ser vice and Support Department at support gavazzi comput ing com or our Sales Department at sales gavazzi computing com ControlTower Console Management for Linux User s Guide COMPUTING SOLUTIONS CHAPTER 2 About ControlIower M Console Management System for Linux What is ControlTower ControlTower Console Management System provides a reliable time and cost saving solution for monitoring and controlling multiple devices through an RJ 45 DB 25 interface from a central location or by remote access It enables a single Linux based system to function as a common console monitor and keyboard for managed devices The ControlTower System is available for a PCI bus multiport serial controller System Components ControlTower Console Management System consists of both software and
78. oducts described in this document without notice No guarantee express or im plied is made that products of Carlo Gavazzi Computing Solutions will be com patible with future versions of the hardware systems and operating systems specified in this manual YOU MUST READ THE SOFTWARE LICENSE AGREEMENT IN THE BACK OF THIS MANUAL AND RETURN THE PRODUCT UNOPENED IF YOU DO NOT AGREE TO BE BOUND BY ITS CONDITIONS Trademarks Carlo Gavazzi Computing Solutions Carlo Gavazzi the Carlo Gavazzi Computing Solutions logotype the Carlo Gavazzi logotype Apollo Multiport Nova Multiport Aries Multiport ControlTower Explorer Multiport LANMul tiServer Saturn Multiport SBox Vanguard Multiport WANMultiServer XP7 Expansion Chassis XP 7R Rack Mounted Expansion Chassis XP SB Expansion Chassis are trademarks of Carlo Gavazzi Computing Solutions SPARC is a registered trademark of SPARC International Inc in the United States and other countries SSH is a registered trademark of SSH Communications Security Inc rights reserved Sun Sun Microsystems Solaris and Ultra are trademarks or registered trademarks of Sun Microsystems Inc COMPUTING SOLUTIONS Contents Chapter 1 About this Book Introduction a open eed 1 1 Document Organization 1 1 Who Should Use This Book 1 2 Document Conventions 4 1 3 Related Manuals saa ana aa a an nti aab ag ek san gage paben 1 3 Getting Help eoo RAS nn a 1 4 Product Regis
79. ol Tower Host program that runs for each device conserv are sent to syslog tagged with the daemon facility code except for security related messages which are tagged with the auth facility code See the sys1ogd 1M man page for information on config uring the syslog daemon ControlTower Console Management for Linux User s Guide 5 7 Security and Configuration Concepts If you are having difficulty using syslog to debug problems contact Cus tomer Service and Support See Getting Help on page 1 4 5 8 ControlTower Console Management for Linux User s Guide CHAPTER 6 COMPUTING SOLUTIONS Configuring Controllower Introduction This chapter tells how to configure Control Tower software using the Command Line Interface CLI This includes how to set up configuration files for each man aged device This chapter assumes strong knowledge of UNIXTM commands If any listed com mands are unknown or their usage is unclear please see the man page for the com mand man lt command gt Use of ControlTower software involves important security issues Be sure to read Chapter CHAPTER 5 Security and Configuration Concepts Configuration Tasks Configuration of the Control Tower software consists of the following tasks e Setup managed device configuration files ControlTower Console Management for Linux User s Guide 6 1 Configuring ControlTower e Set up the environment Set Up Managed D
80. olTower Console Management User s Guide C 7 C 8 ControlTower Console Management User s Guide COMPUTING SOLUTIONS Glossary Terms amp Definitions Attach See Read Write mode AURAcmgr The ControlTower command line Viewer Client software package Required for installation of AURAcmgrs package AURAcmgrs The Control Tower Server Software package Requires that the AURAcmgr package be installed AURAcmgrs is required for installation of the AURA jemgr package Break Signal An RS 232 signal that for some managed devices is interpreted as a device reset command ControlTower Console Management for Linux User s Guide G 1 Breakout Hardware used to connect RS 232 serial devices to multiport serial cards Also referred to as a Connection Box Character Oriented Viewer Client Software supplied by Carlo Gavazzi Computing Solutions that provides access to the managed devices console serial port through a character ori ented window Also known as CLI Viewer Client and Command Line Viewer Client CLI Viewer Client See Character Oriented Viewer Client cmgr Carlo Gavazzi Computing Solutions supplied software program running the Character Oriented Viewer Client functionality in the existing terminal win dow Command Line Viewer Client See Character Oriented Viewer Client Connect The act of connecting to a managed device Connection Box See Breakout Box Console Management See C
81. om the group 5 file stty sequence of tokens values see stty 1 man page Character size cs5 cs6 cs7 cs8 Line speed sup ported speeds depend on underlying hardware and operating system custom speeds are not supported 50 75 110 150 200 300 600 1200 2400 4800 9600 19200 38400 57600 76800 115200 153600 230400 307200 460800 Flags may be prefixed with 4 2 to disable crtscts cstopb parenb A 12 ControlTower Console Management for Linux User s Guide File Formats parext parodd ixon ixoff istrip Serial line parameters device Syntax string device is the only parameter which must appear in the device cfg file This is the path of atty device for the managed device Call out devices dev cua are typically used to ignore changes in the state of the Data Carrier Detect DCD control line stty Syntax stty Sets the initial terminal modes for the managed device serial connection ttychanges Syntax boolean Allow attached clients to change serial line parameters uulock Syntax boolean Honor and create uucp compatible lockfiles for the serial port exclusiv Syntax boolean Set operating system exclusive access flag on the serial port using the TIOCEXCL ioctl Prevents non superuser processes from open ing the serial port breakstring Syntax string String to send to managed device in stead of BREAK signaling The following escape sequences are allowed n newline r return
82. onsole Management Services ControlTower Console Management for Linux User s Guide Console Management Services Logging and real time viewing of output from managed devices and control of managed devices Console Serial Port The serial port on the managed device whereby commands can be sent and data received Also known as Serial Console Port and Console Port Control See Read Write mode ControlTower Host See ControlTower Host Server System ControlTower Host Server System The computer on which the ControlTower Server Software has been installed regardless of whether any Aurora brand hardware is installed ControlTower Host System The computer system including Breakout Boxes Multiport Serial Cards Expansion Chassis and Control Tower Software Also known as Host Host System ControlTower Server Software Software supplied by Carlo Gavazzi Computing Solutions that provides con sole management services see the entries for AURAcmgrs AURAjcmgr Force Control See Force Read Write mode ControlTower Console Management for Linux User s Guide G 3 Force Read Write Mode The ability of the Viewer Client to take Read Write mode if there is already another user that has Read Write mode Host See ControlTower Host Server System Host System See ControlTower Host Server System Local Viewer Client Character Oriented Viewer Client that is run directly on the ControlTower Host
83. ontrol Tower soft ware It tells how to select an appropriate ControlTower Host and how to properly identify managed devices It also lists materials you need for installation Before Installing Before installing the ControlTower software you must complete the following tasks e Get the ControlTower package for your distribution Install update the server package Install the license key Install the client application Under Linux most package management systems will allow you to simply upgrade the package No need to uninstall In all cases this allows you to maintain your configuration ControlTower Console Management for Linux User s Guide 3 1 Getting Started Instructions on these tasks are found in this chapter When these tasks are complete you can proceed with installation Select the Host Machine You can use either PCI Bus Linux x86 machine as the Control Tower Host The machine you choose must meet the following minimum requirements PCI Systems Host Linux x86 system Memory 128 MB RAM minimum Operating System Mandriva RedHat SuSe and generic Linux distribu tions Serial Controller Aries Multiport 8000P or 16000P Hardware XP 7R or PCI Expansion Chassis Disk Space 5 MB free in usr 50 free in var The indicated memory requirements are based on the assumption that ControlTower software is run on a dedicated server Important Host Selection and Set up Consideration
84. ore disconnecting an idle viewer regardless of whether view is attached view only If zero no idle limit is enforced syntax integer minutes disconnectidle 0 If non zero the maximum time in minutes before detaching demoting to view only an idle attached viewer If zero no idle limit is enforced syntax integer minutes detachidle 0 THHHBHHHHHHHHHHHBHHHHHHHHHHHBHHHHHHHHHHHHHBHHHHHHBHHHBHHHHHBHHHHHHHHBE local Unix domain socket parameters Allow local Unix domain connections was called unixenable in Version 1 00 old name still accepted syntax boolean localenable true Require password on local Unix domain connections B 16 ControlTower Console Management for Linux User s Guide Default Configuration File was called unixenable in Version 1 00 old name still accepted syntax boolean localauth false THHHHHHHHHHHHHHHHHHHHHHBHBHBHBHBHHHHHHHHHHHHHHHHHHHHHHHBHHHHHHHHHHBHBHHBE TCP socket parameters allow TCP IP connections syntax boolean tcpenable true The following have no default value and may be left blank syntax comma separated list of host mask pairs The host be name from etc hosts or DNS or dotted decimal octets nnn nnn nnn nnn The mask is optional and can be used to specify which bits of the host address are to be examined 1 a single decimal number 24 signifying
85. ower Console Management for Linux User s Guide Default Configuration File flag flag flags crtscts cstopb parenb pareki parodd ixoff ixon istrip ALL flags parameters should appear here in DEFAULT file subsequent stty configuration in lt system gt cfg or with o on command line or via console program set command change ONLY the bits which are specified all other remain the same stty 9600 cs8 crtscts cstopb parenb parext parodd ixoff ixon istrip allow client programs to change serial line parameters syntax boolean ttychanges true string to send instead of BREAK signal optional syntax string the following escape sequences are allowed r n X ooo 1 or more octal digits xXX two hex digits breakstring Logfile parameters system console output is saved in a logfile directory for all log files must be absolute syntax string path logdirz var log cmgrlog log client user input in logfile THIS INCLUDES PASSWORDS all output including echo is always saved in the logfile syntax boolean loginput false log messages sent to users user connect disconnects in logfile serial line change and break messages are always logged syntax boolean ControlTower
86. rameter on the remote server The default is auracmgr but if authuser has been set to a different user that user s pass word will be required See the section Setting the CONSOLE_SERVERS Vari able on page 7 1 for information on setting up this account If security is being administered using authfile the next lines entered will be username remote server authfile user password remote server authfile user password E The remote server authfile user specified will have the permissions assigned to them in the auth file file e View either a local or remote device specifying that output from the managed device to the terminal be 7 bits system cmgr 7 managed device name Use of this option may be necessary if all 8 bits are processed by the server but are not tolerated by the terminal e View either a local or remote device and specify a different escape character systems cmgr e managed device name This causes all escape sequences to start with e View a remote device using encrypted communications to the server system cmgr f 128 managed device name Escape Sequences If the authfile parameter is set instead of authuser the users and permis sions listed in the authfile file determine which escape sequences can be used by which user See on page 6 13 for further information All escape sequences begin with the tilde character unless it was changed using the
87. red Configu ration lines are of the form parameter value where parameter is a case insensitive parameter name and value is the parameter value Parameter Syntax Each parameter takes a value with one of the following syntaxes int Any integer value A prefix of 0x means value will be interpreted as base 16 hex A prefix of 0 means value will be interpreted as base 8 octal Otherwise the value is interpreted as base 10 decimal boolean A boolean value one of 1 t true y yes to enable a parameter or on of 0 f false n no to disable a pa rameter string An arbitrary string mode File protection mode ether an octal constant no A 6 ControlTower Console Management for Linux User s Guide File Formats uid gid stty Serial line parameters device stty ttychanges uulock exclusive leading digit required or a symbolic value fogua rwxs see chmod 1 man page User id decimal value or a user name from the pass wd 4 file Group id decimal value or group name from the group 4 file sequence of tokens values see stty 1 man page Character size 5 cs6 cs7 cs8 Line speed sup ported speeds depend on underlying hardware and operating system Custom speeds are not support ed 50 75 110 150 200 300 600 1200 2400 4800 9600 19200 38400 57600 76800 115200 153600 230400 307200 460800 Flags may be prefixed with to disable ertscts cstopb parenb
88. rs in sans serif font User input User input values appear in boldface These are characters or commands you type literally emphasis Italics are used in the text for emphasis titles and variables This caution symbol marks notes about possible damage to computer equipment or data if a proce dure or process isn t followed according to instruc tions This warning symbol marks notes about possible electrical shock to yourself or electro static dam age to your equipment unless you follow special instructions This symbol marks special text passages that con 57 tain additional information such as notes you should know about or tips you should consider when installing operating or maintaining this product Related Manuals For more information refer to the following manuals Your Carlo Gavazzi Computing Solutions Aurora brand Multiport Serial Con troller User s Manual Your Linux distribution documentation On line man pages ControlTower Console Management for Linux User s Guide 1 3 About this Book Getting Help If you need to reach us you can contact us by The Web www gavazzi computing com for product literature phone num bers and address e Phone service 508 588 6110 Mon Fri 8 30AM 5 00 PM Eastern Time To expedite service have your product serial number and your system information available e FAX 508 588 0498 Attn Customer Service and Support e Email support gavazzi computing com Pr
89. s Your ControlTower Host is a critical component of your console management solu tion Carlo Gavazzi Computing Solutions recommends the following steps to increase the security availability and performance of your ControlTower Host e The ControlTower Host system should be a dedicated system It should not be used by applications or users that might interfere with its console management role e The host machine should be attached to a UPS uninterruptible power supply of sufficient capacity to ensure that it will be up as long or longer than all managed devices e The host should not depend on NFS mounted disks for its operation ControlTower Console Management for Linux User s Guide Select the Host The host should not depend on NIS Yellow Pages or NIS for its operation Minimize the number of user accounts Minimize host access both physically and through the network via filters fire walls The command host id must return a non nul hexadecimal string The server needs a network interface Break Signal Considerations The supported Aurora brand multiport serial hardware from Carlo Gavazzi Com puting Solutions has been thoroughly tested to verify that it does not transmit spuri ous break signals Nevertheless Carlo Gavazzi Computing Solutions recommends that you take the following precautions Attach all DB25 connectors with screws and ensure that all RJ45 connectors are firmly latch
90. supplied that can run a logfil ter file against sample input The syntax checkeris filtertest in opt AURAcmgr sbin The syntax is opt AURAcmgr sbin filtertest lt fil terfile gt lt inputfile gt If the lt filterfile gt contains a drop command and the first example of a Regular Expression drop Mary a z lamb and the lt inputfile gt contains Mary had a little lamb Mary had a little lamb Mary had 9 lambs a Mary has little lamb ControlTower Console Management for Linux User s Guide 6 11 Configuring ControlTower The output from filtertest will be KEEP Mary had a little lamb DROP Mary had a little lamb KEEP Mary had 9 lambs DROP Mary has a little lamb SUMMARY keep 2 drop 2 If the lt filterfile gt contains a drop command and the second example of a Regular Expression drop 0 9 the output from filtertest will be DROP Mary had a little lamb DROP Mary had a little lamb KEEP Mary had 9 lambs DROP Mary has a little lamb SUMMARY keep 1 drop 3 If the lt filterfile gt contains a drop command and the third example of a Regular Expression drop has the output from filtertest will be KEEP Mary had a little lamb KEEP Mary had a little lamb KEEP Mary had 9 lambs a 3 DROP Mary has little lamb SUMMARY keep 3 drop 1 E If you would prefer to use a delimiter other than any character
91. t result in a space savings syntax string logcompressopt f Logfile compression program output extension including DOT character syntax string logcompressext Z Optional log filter file path If the path is relative no leading slash the pathname will be taken as relative to the directory in which the device cfg file was found To override a value set in a higher level configuration file use the magic string novalue syntax string path logfilter HEHEHE HH HH HH HEHEHE HE EEE EE EE a a Authorization parameters The name of the user remote users must supply the password for If authfile below is specified authuser only applies to version 1 viewers syntax string user name authuser auracmgr ControlTower Console Management for Linux User Guide B 15 The path to an optional per user authorization file which contains list of authorized users and their capabilities The path may be relative to group or config directory If not specified all users must authenticate as authuser if set users will be prompted for a user name To override a value set in a higher level configuration file use the magic string novalue syntax string path authfile THHHHHHHHHHHHHHHHEHHHHHHBHHBHBHBHHHHHHBHHHHHHHHHHHHHHHHHBHHHHHHHHHBHBHBHHBE Idle time parameters If non zero the maximum time in minutes bef
92. the number of high order bits set in the mask 2 four dotted decimal octets 255 255 255 0 3 a single hexadecimal value OxffffffOO if no mask is supplied all bits in the host address are examined so host 32 is the same as host If set a host must match an entry in tcpallow in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpallow If set a host must NOT match an entry in tcpdeny in order to be accepted To override a value set in a higher level configuration file use the magic string novalue syntax string acl tcpdeny ControlTower Console Management for Linux User s Guide B 17 18 ControlTower Console Management for Linux User s Guide COMPUTING SOLUTIONS Appendix An Example Configuration This is an example configuration with devices at various levels and in groups and with parameters changed from their defaults at various levels This configuration has been set up and run in a lab Devices have been configured at the top level in the opt AURAcmgr config directory and under a group directory The files and directories under opt AURAcmgr config are DEFAULT LOCAL LOCALauthfile device2 cfg device3 cfg group license dat Under the group directory are the files device0 device0 1 test deviceO cfg devicel cfg ControlTower Console Ma
93. tion direc tive l Force a connection to be made locally even 1f the CONSOLE_SERVERS environment variable is set L Neutralizes the effect of the l option p port changes the default TCP IP port or service name used to contact remote location brokers P On TCP IP connections use location broker pass thru feature This only works with version 2 00 or later remote systems When using this option the only TCP connections made will be on the aurac mgr tcp port 364 which facilitates use across fire walls Network Address Translation NAT and ssh stunnel or other port of warding The network con nection is actually passed from the locbrok 8 pro cess to the conserv 8 process so there is no performance penalty N Neutralizes the effect of the P option V Connect in view only mode neutralizes a and A 0 options Set AURACMGR_OPTIONS style options Escape Sequences Lines that you type which start with the tilde character Iqescap sequences rq the escape character can be changed using the e option see above Terminate the session ControlTower Console Management for Linux User s Guide A 3 CTRL C CTRL Z CTRL L a A d q TS Terminate the session Suspend the cmgr program Toggle local logging of the connection Attempt to attach read write to the console Force an attach read write to the console if any one is currently attached their con
94. tration NG ERR a a Ka aa EIE 1 4 Chapter 2 About ControlTower Console Management System What is Control Tower ss 2 1 System Components essent nemen 2 1 Sample Application sis 2 2 Chapter 3 Getting Started IntroductlOB ENE Ree Re ne ib 3 1 Table of Contents Contents continued Contents Before Installing ss nd een times matins 3 1 Select the Host Machine 3 2 PEL Sy SI eee Es 3 2 S BUS Systems retento eem bm 3 2 Important Host Selection and Set up Considerations 3 3 Break Signal Considerations esses 3 3 Select Appropriate Systems as Remote Viewer Clients 3 4 Identify Managed Devices 3 4 Managed Devices Worksheet esee 3 4 Verity Material Ss ico a Renner ester A ERE Eee 3 6 Install New Hardware and Drivers esses 3 7 Obtain License Key File 3 7 Set Up Managed 3 8 Connect Managed Devices to Host 3 8 Preparing Managed Devices for Serial Communication 3 9 Chapter 4 Installing ControlTower Software IntrodUCtOD HRS ARCH ER PP ee taints 4 1 Handling Previous Versions of ControlTower 4 2 Installing New ControlTower Software sss 4 3 Files and Directories 0 34 03 eee rettet nn 4 3 Determine if Volume Manager is r
95. unning 4 4 Mounting the CD ROM Manually 4 4 Mounting the CD ROM Using vold 4 5 Adding a Packages epe etii 4 6 Installing the Acrobat Reader 4 7 Installing License Key File 4 8 Installing Control Tower Software on Remote Systems 4 8 Chapter 5 Security and Configuration Concepts Configuration Information 5 1 Security Informations 5 2 Remote Access Securityn niina iieis 5 2 Other ControlTower Security 5 3 Log File Management 5 4 iv Table of Contents Contents continued Contents Storage Directory for Log Files 5 5 Contents of the Log File 5 5 Los FIle ROtat OM EE drng aapa re Recent ete dena 5 5 Log File Compression eene 5 6 Log File Timestamping eene 5 6 Log File Protections ssi idet n eno 5 7 Disk Space for Log Files eee 5 8 Los Filtern d 1 ede teet meer mS 5 8 Authorization Parameters sees 5 9 Local Access Control 5 9 Remote TCP IP Access Control 5 9 Username for Remote Access 5 10 User Permissions to Access Managed Devices 5 11 Error Loggilig ederet 5 11 Compatibility With Previous Versions of Control Tower 5 11 Chapter 6 Configuring ControlTower Introduction
96. urity and Configuration Concepts This chapter presents important Control Tower security issues It also pro vides information on how to configure Encryption Logfile management e User access to ControlTower servers Error logging Compatibility with previous versions Configuration Information All Control Tower parameters are applied in a hierarchy depending on where the parameters are set Parameters set in the LOCAL or DEFAULT files at the top level etc AURAcmgr apply to all managed devices unless overridden by settings at a lower level Parameters set in a group configura tion file etc AURAcmgr group group grp override settings at the top level and device configuration files etc AURAcmgr device c g or etc AURAcmgr group device c g override ControlTower Console Management for Linux User s Guide 5 1 Security and Configuration Concepts group and top level settings For more information refer to Configuring Groups on page 6 4 Parameter settings only override parameters of the same name except for the device and stty settings which are transparent For instance logdir set in a device file will override the logdir setting of the LOCAL file How ever there are parameters that interact with parameters of different name and these each have their own hierarchy Examples of this will be described as they are encountered See Appendix B Def
97. uthfile Set so that a viewer will disconnect if it s been idle for 5 minutes disconnectidle 5 Set so that a viewer will detach if it s been idle for 10 minutes detachidle 10 Require authorization for even local connections to devices localauth true Keep out the people in Marketing tcpdeny 100 100 100 100 8 Notice that authfile is set to LOCALauthfile with no specified path This is why a LOCALauthfile file has been created in the opt AURAcmgr config directory The contents of this file are auracmgr all ControlTower Console Management User s Guide C 3 The contents of the two device configuration files in the opt AURAcmgr config directory are e device2 cfg e device dev cua 2 e device3 cfg e device dev cua 3 The group grp group configuration file under the group directory contains The devices in this group belong to development so we will be giving more people access to these devices authfile groupauthfile This is why a groupauthfile file has been created under the group directory Its contents are As developers are hired add them to this file auracmgr all developer1 all break developer2 attach fattach stty The configuration file for deviceO under the group directory contains allow client programs to change serial line parameters ttychanges true In case of problems we want to be able to send a real break breakstring This is the directory containin
98. ux User s Guide CHAPTER 8 COMPUTING SOLUTIONS Warranty amp Maintenance Information Warranty on Hardware amp Software Aurora brand products Carlo Gavazzi Computing Solutions carry the following standard warranties Standard Hardware Warranty Policy Aurora brand hardware products are warranted against defects for two 2 years from the date of delivery The Standard Warranty includes 90 days of free Technical Support two 2 years product repair and driver upgrades Standard Software Warranty Policy Carlo Gavazzi Computing Solutions warrants that the physical media on which software is furnished will be free from defects in materials and workmanship under normal use for a period of 90 days from the date of shipment The Standard Warranty includes 90 days of Free Technical Support Make sure you complete the Warranty Registration form on page 8 2 and retur it to Carlo Gavazzi Computing Solutions Refer to Warranty information at www gavazzi computing com for details on extended warranty plans ControlTower Console Management for Linux User s Guide 8 1 Warranty amp Information Product Registration Form Important Please print complete and return this Product Registration Form to Carlo Gavazzi Computing Solutions Customer Service and Support CSS Department at 508 588 0498 The information you provide here allows CSS to validate your warranty and inform you of softwar
99. vel o parameter value system A 20 ControlTower Console Management for Linux User s Guide Maintenance Procedures DESCRIPTION Aurora Control Tower Console Manager server launches a conserv for each man aged system conserv reads the system cfg file see config 5 and opens the serial port specified by the device parameter conserv logs all managed system output in a file named system in the directory specified by the logdir configuration parameter Users can connect to the conserv process using the emgr 1 program conserv 8 is normally launched during the normal boot process by the etc init d cmgrd script but can be started by hand for debugging Any number of options may be given each with a parameter value pair to override values in the system cfg file The d option can be used to specify a debug level which if non zero keeps conserv from detaching from the terminal so that debug messages can be seen Increasing debug levels increase the amount of debug output FILES letc AURAcmgr system cfg configuration file var run system process id file var lib AURAcmgr sockets system unix domain socket endpoint SEE ALSO cmgr config 5 conserv 8 locbrok 8 16 Jan 2000 conserv 8 convert 8 NAME convert ControlTower Console Manager config file conversion tool SYNOPSIS convert f o outputdir inputfile DESCRIPTION convert reads input files or the standard input if none are specified that are tab or
100. ystem names will be printed OPTIONS 7 Output only 7 bits of data to the terminal This may be necessary if all 8 bits are being processed by the server but are not tolerated by the user as terminal 8 Neutralizes the effect of the 7 option a Attach to the system console as soon as the connec tion is established By default sessions are view only and an escape sequence attach command see below must be typed to send input to the remote console port If someone is already attached a view only connection will be established A Force an attach to the system console as soon as the connection is established If someoneis already at tached their connection will be reduced to view only V Neutralizes the effect of the a and A options d debuglevel Set program debug level e escapechar Set escape character If escapechar is a single char ControlTower Console Management for Linux User s Guide User Commands acter it is used directly as the escape character If escapechar is a multi character sequence starting with a digit it is interpreted according to strtol 3 If escapecharis none there is noescape character De fault escape character is tilde f keylength Client Encryption select parameter where keylength is 0 or 128 f 128 selects 128 bit encryption f 0 disables encryption Servers can be set to restrict TCP IP con sections to minimum key lengths through the ForceEncrypt true configura
Download Pdf Manuals
Related Search