command , netapp

NetApp® Lifetime Key Management™ Appliance 4.0Command Line Interface Reference Guide

NetApp, Inc.495 East Java DriveSunnyvale, CA 94089 U.S.A.Telephone: +1 (408) 822-6000Fax: +1 (408) 822-4501Support telephone: +1 (888) 4-NETAPPDocumentation comments: [email protected] Web: http://www.netapp.com

Part number 215-03955_A0September 2008

Copyright, trademark information, notices and warnings

Copyright information

Copyright © 1994-2008 NetApp, Inc. All rights reserved. Printed in the U.S.A.

Part number: 215-03955_A0 (09208_KM40)

Model Number: KM500

No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner.

Portions of this product copyright © 2005 Sun Microsystems, Inc. All rights reserved.

This software is provided “AS IS,” without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. (“SUN”) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING, OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

JRE and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.

Portions of this product are derived from FreeBSD, which is copyrighted by FreeBSD. Copyright © 1994-2003 FreeBSD, Inc. All rights reserved.

Software derived from copyrighted material of FreeBSD is subject to the following license and disclaimer:

Redistribution and use of the software in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER

ii Copyright, trademark information, notices and warnings

IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young.

This product includes software developed by the OpenSSL project for use in the OpenSSL Toolkit.

This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/. Copyright © 2001 Carnegie Mellon University. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. The name “Carnegie Mellon University” must not be used to endorse or promote products derived from this software without prior written permission. For permission or any other legal details, please contact:

Office of Technology TransferCarnegie Mellon University5000 Forbes AvenuePittsburgh, PA 15213-3890(412) 268-4387, fax: (412) [email protected]

4. Redistributions of any form whatsoever must retain the following acknowledgment:

“This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/).”

Software derived from copyrighted NetApp material is subject to the following license and disclaimer:

THIS SOFTWARE IS PROVIDED BY NETAPP “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL NETAPP BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

NetApp reserves the right to change any products described herein at any time, and without notice. NetApp assumes no responsibility or liability arising from the use of products described herein, except as expressly agreed to in writing by NetApp. The use or purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of NetApp.

The product described in this manual may be protected by one or more U.S.A. patents, foreign patents, or pending applications.

Copyright, trademark information, notices and warnings iii

RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.277-7103 (October 1988) and FAR 52-227-19 (June 1987).

Trademark information

NetApp, the Network Appliance logo, the bolt design, NetApp—the Network Appliance Company, Cryptainer, Cryptoshred, DataFabric, DataFort, Data ONTAP, Decru, FAServer, FilerView, FlexClone, FlexVol, Manage ONTAP, MultiStore, NearStore, NetCache, NOW NetApp on the Web, SANscreen, SecureShare, SnapDrive, SnapLock, SnapManager, SnapMirror, SnapMover, SnapRestore, SnapValidator, SnapVault, Spinnaker Networks, SpinCluster, SpinFS, SpinHA, SpinMove, SpinServer, StoreVault, SyncMirror, Topio, VFM, VFM (Virtual File Manager), and WAFL are registered trademarks of NetApp, Inc. in the U.S.A. and/or other countries. gFiler, Network Appliance, SnapCopy, Snapshot, and The evolution of storage are trademarks of NetApp, Inc. in the U.S.A. and/or other countries and registered trademarks in some other countries. The NetApp arch logo; the StoreVault logo; ApplianceWatch; BareMetal; Camera-to-Viewer; ComplianceClock; ComplianceJournal; ContentDirector; ContentFabric; EdgeFiler; FlexShare; FPolicy; Go Further, Faster; HyperSAN; InfoFabric; Lifetime Key Management, LockVault; NOW; ONTAPI; OpenKey, RAID-DP; ReplicatorX; RoboCache; RoboFiler; SecureAdmin; Serving Data by Design; SharedStorage; Simplicore; Simulate ONTAP; Smart SAN; SnapCache; SnapDirector; SnapFilter; SnapMigrator; SnapSuite; SohoFiler; SpinMirror; SpinRestore; SpinShot; SpinStor; vFiler; Virtual File Manager; VPolicy; and Web Filer are trademarks of NetApp, Inc. in the U.S.A. and other countries. NetApp Availability Assurance and NetApp ProTech Expert are service marks of NetApp, Inc. in the U.S.A.

IBM, the IBM logo, AIX, and System Storage are trademarks and/or registered trademarks of International Business Machines Corporation.

Apple is a registered trademark and QuickTime is a trademark of Apple, Inc. in the U.S.A. and/or other countries. Microsoft is a registered trademark and Windows Media is a trademark of Microsoft Corporation in the U.S.A. and/or other countries. RealAudio, RealNetworks, RealPlayer, RealSystem, RealText, and RealVideo are registered trademarks and RealMedia, RealProxy, and SureStream are trademarks of RealNetworks, Inc. in the U.S.A. and/or other countries.

All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.

NetApp, Inc. is a licensee of the CompactFlash and CF Logo trademarks. NetApp, Inc. NetCache is certified RealSystem compatible.

Power supply notice

The appliance is suitable for IT power systems. Connect each power supply to a separate power source for failover support.

WARNING: The power supply cord is used as the main disconnect device. Ensure that the socket-outlet is located/installed near the equipment and is easily accessible.

ATTENTION: LE CORDON D'ALIMENTATION EST UTILISÉ COMME INTERRUPTEUR GÉNÉRAL. LA PRISE DE COURANT DOIT ÊTRE SITUÉE OU INSTALLÉE À PROXIMITÉ DU MATÉRIEL ET ÊTRE FACILE D'ACCÉS.

WARNUNG: Das Netzkabel dient als Netzschalter. Stellen Sie sicher, das die Steckdose einfach zugänglich ist.

WARNING: This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors).

iv Copyright, trademark information, notices and warnings

ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dépend de l’installation électrique du local. Vérifier qu'un fusible ou qu’un disjoncteur de 120 V alt., 15 A U.S. maximum (240 V alt., 10 A international) est utilisé sur les conducteurs de phase (conducteurs de charge).

WARNUNG: Dieses Produkt ist darauf angewiesen, daß im Gebäude ein Kurzschluß- bzw. Überstromschutz installiert ist. Stellen Sie sicher, daß eine Sicherung oder ein Unterbrecher von nicht mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den Phasenleitern (allen stromführenden Leitern) verwendet wird.

VARNING: Apparaten skall anslutas till jordat uttag när den ansluts till ett nätverk.

OPPMERKSAMHET: Apparatet må kun tilkoples jordet stikkontakt.

Dual power supply notice

WARNING: This unit has more than one power supply connection; all connections must be removed to remove all power from the unit.

WARNUNG: Diese Einheit verfügt über mehr als einen Stromanschluß; um Strom gänzlich von der Einheit fernzuhalten, müssen alle Stromzufuhren abgetrennt sein.

ATTENTION: Cette unité est équipée de plusieurs raccordements d'alimentation. Pour supprimer tout courant électrique de l'unité, tous les cordons d'alimentation doivent être débranchés.

Lithium battery notice

This product contains a lithium battery. Although the battery is not field-serviceable, observe the following warning:

CAUTION: Danger of explosion if battery is replaced with incorrect type. Replace only with the same type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.

ATTENTION: II y a danger d'explosion s'il a remplacement incorrect de la batterie. Remplacer uniquement avec une batterie du meme type ou d'un type equivalent recommande par le constructeur. Mettre au rebut les batteries usagees conformement aux instructions du fabricant.

WARNUNG: Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp. Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers.

WARNING: TO PREVENT BODILY INJURY WHEN MOUNTING OR SERVICING THE APPLIANCE, DO NOT LIFT OR CARRY THE UNIT BY THE FRONT PANEL. THE FRONT PANEL IS INTENDED TO BE AN EASILY DETACHABLE COMPONENT AND IS NOT DESIGNED TO CARRY PRODUCT WEIGHT.

Perchlorate present

Important: Special handling may apply. See: http://www.dtsc.ca.gov/hazardouswaste/perchlorate/

Rack mounting notice

Appropriate hardware is provided with the appliance to mount it in an EIA standard 19” rack. Follow instructions provided in the package to mount the slide rails to the sides of the LKM appliance and attach the rail mounts to the rack. Then slide the appliance into the rack on the rails and secure the appliance in place using the provided screws.

WARNING: To prevent bodily injury when mounting or servicing this unit in a rack, take special precautions to ensure that the system remains stable. These guidelines are provided to ensure your safety:

Copyright, trademark information, notices and warnings v

This unit should be mounted at the bottom of the rack if it is the only unit in the rack.

When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.

If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.

ATTENTION: Pour éviter toute blessure corporelle pendant les opérations de montage ou de réparation de cette unité en casier, il convient de prendre des précautions spéciales afin de maintenir la stabilité du système. Les directives ci-dessous sont destinées à assurer la protection du personnel.

Si cette unité constitue la seule unité montée en casier, elle doit être placée dans le bas.

Si cette unité est montée dans un casier partiellement rempli, charger le casier de bas en haut en plaçant l'élément le plus lourd dans le bas.

Si le casier est équipé de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de réparer l'unité en casier.

WARNUNG: Zur Vermeidung von Körperverletzung beim Anbringen oder Warten dieser Einheit in einem Gestell müssen Sie besondere Vorkehrungen treffen, um sicherzustellen, daß das System stabil bleibt. Die folgenden Richtlinien sollen zur Gewährleistung Ihrer Sicherheit dienen:

Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden.

Bei Anbringung dieser Einheit in einem zum Teil gefüllten Gestell ist das Gestell von unten nach oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist.

Wird das Gestell mit Stabilisierungszubehör geliefert, sind zuerst die Stabilisatoren zu installieren, bevor Sie die Einheit im Gestell anbringen oder sie warten.

vi Copyright, trademark information, notices and warnings

NetApp KM-Series Command Line Reference Guide 4.0

Table of Contents

1 Top-level commands...................................................................................................... 4

2 db3 commands.............................................................................................................. 7

3 trustee commands......................................................................................................... 83.1 trustee keys commands...........................................................................................................................................................83.2 trustee linkkey commands....................................................................................................................................................103.3 trustee linkkeysharing commands......................................................................................................................................113.4 trustee peer commands.........................................................................................................................................................113.5 trustee unapproved commands...........................................................................................................................................12

4 lkm commands............................................................................................................ 164.1 lkm db commands..................................................................................................................................................................184.2 lkm key commands................................................................................................................................................................20

4.2.1 lkm key attribute commands....................................................................................................................................234.2.2 lkm key journal commands.......................................................................................................................................24

4.3 lkm openkey commands.......................................................................................................................................................254.3.1 lkm openkey enroll commands.................................................................................................................................26

4.3.1.1 lkm openkey enroll pending commands.......................................................................................................274.4 lkm server commands...........................................................................................................................................................29

4.4.1 lkm server certificate commands.............................................................................................................................31

5 net commands............................................................................................................. 325.1 net util commands..................................................................................................................................................................33

5.1.1 net util tcpdump commands......................................................................................................................................36

6 keyman commands..................................................................................................... 386.1 keyman cryptainerkeys commands.....................................................................................................................................396.2 keyman lkmkeys commands................................................................................................................................................416.3 keyman purgekeys commands............................................................................................................................................42

7 cli commands............................................................................................................... 447.1 cli cshelp commands..............................................................................................................................................................45

8 active-role commands................................................................................................. 46

9 domain commands..................................................................................................... 47

10 group commands...................................................................................................... 5310.1 group group commands......................................................................................................................................................5510.2 group role commands..........................................................................................................................................................56

11 role commands.......................................................................................................... 58

12 user commands......................................................................................................... 6012.1 user cifs commands.............................................................................................................................................................62

NetApp Proprietary Information Page 2 of 144


12.1.1 user cifs password commands...............................................................................................................................6312.2 user comers commands......................................................................................................................................................6412.3 user group commands.........................................................................................................................................................6612.4 user home commands.........................................................................................................................................................6812.5 user role commands............................................................................................................................................................70

13 cluster commands..................................................................................................... 7213.1 cluster config commands....................................................................................................................................................73

13.1.1 cluster config ipsec commands..............................................................................................................................7513.1.2 cluster config member commands........................................................................................................................7613.1.3 cluster config potentialmember commands........................................................................................................7813.1.4 cluster config route commands..............................................................................................................................81

13.1.4.1 cluster config route heartbeat commands.................................................................................................82

14 db commands............................................................................................................ 8414.1 db index commands.............................................................................................................................................................8814.2 db trx commands..................................................................................................................................................................8814.3 db xlog commands...............................................................................................................................................................89

15 system commands.................................................................................................... 9015.1 system agreement commands..........................................................................................................................................9515.2 system banner commands.................................................................................................................................................95

15.2.1 system banner postlogin commands....................................................................................................................9515.2.2 system banner prelogin commands......................................................................................................................96

15.3 system certificate commands............................................................................................................................................9715.3.1 system certificate request commands.................................................................................................................99

15.4 system crypto commands................................................................................................................................................10015.4.1 system crypto approve commands.....................................................................................................................10315.4.2 system crypto channel commands......................................................................................................................10415.4.3 system crypto ignitionkey commands................................................................................................................10515.4.4 system crypto masterkey commands.................................................................................................................10515.4.5 system crypto protected commands...................................................................................................................10615.4.6 system crypto rc commands.................................................................................................................................10715.4.7 system crypto rip commands...............................................................................................................................10915.4.8 system crypto secretshare commands..............................................................................................................11115.4.9 system crypto whitelist commands.....................................................................................................................113

15.5 system date commands...................................................................................................................................................11515.6 system httpd commands..................................................................................................................................................11515.7 system license commands...............................................................................................................................................11615.8 system log commands......................................................................................................................................................11715.9 system property commands............................................................................................................................................11915.10 system raid commands..................................................................................................................................................121

15.10.1 system raid errors commands...........................................................................................................................12115.11 system tamper commands............................................................................................................................................12215.12 system timezone commands........................................................................................................................................12315.13 system util commands...................................................................................................................................................124

15.13.1 system util mbeventlog commands..................................................................................................................12915.13.2 system util techdump commands.....................................................................................................................12915.13.3 system util trend commands.............................................................................................................................130

15.14 system wizard commands.............................................................................................................................................13215.14.1 system wizard cluster commands....................................................................................................................13415.14.2 system wizard crypto commands......................................................................................................................13515.14.3 system wizard network commands..................................................................................................................136



1 TOP-LEVEL COMMANDS

active-role... Active role commandsauthorize + Authorize admin loginchallenge + Generate challenge for PKI authenticationcli... Command line administration commandscluster... Cluster commandsdb... Database administration commandsdb3... DB3 administration commandsdomain... User/group domain commandsgroup... Group commandshelp Command line usage helpkeyman... Key management commandslkm... LKM management commandsnet... Network commandspassword Change user passwordquit Quit the current client sessionrole... Role commandssystem... System commandstrustee... Trustees management commandsuser... User commandswho Display who is logged inwhoami Display effective user ID

authorize

Purpose: Authorize admin login

Usage: authorize <user>

Parameters:

<user> username[@domain]



challenge

Purpose: Generate challenge for PKI authentication

Usage: challenge <user>

Parameters:


help

Purpose: Command line usage help

Usage: help

password

Purpose: Change user password

Usage: password [-f, --force] [--new <new>] [--old <old>] [--user <user>]

Options:

-f, --force Force password change of an admin--new <new> New password--old <old> Old password--user <user> username[@domain]



quit

Purpose: Quit the current client session

Usage: quit

who

Purpose: Display who is logged in

Usage: who

whoami

Purpose: Display effective user ID

Usage: whoami



2 DB3 COMMANDS

db3 restart Restart DB3 serverdb3 techdump Series of diagnostic queriesdb3 zeroize Zeroizes DB3 data

db3 restart

Purpose: Restart DB3 server

Usage: db3 restart

db3 techdump

Purpose: Series of diagnostic queries

Usage: db3 techdump

db3 zeroize

Purpose: Zeroizes DB3 data

Usage: db3 zeroize



3 TRUSTEE COMMANDS

trustee delete Remove a trustee from the systemtrustee keys... Trustee key export and import commandstrustee linkkey... Link key commandstrustee linkkeysharing... Commands to control the sharing of link keys over trustee

linkstrustee list List all approved trustees in the systemtrustee peer... Trustee peer commandstrustee unapproved... Trust establishment commands for unapproved trustees

trustee delete

Purpose: Remove a trustee from the system

Usage: trustee delete [-i, --id <id>] [-l, --label <label>]

Options:

-i, --id <id> Trustee ID-l, --label <label> Trustee identification label

trustee list

Purpose: List all approved trustees in the system

Usage: trustee list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward

3.1 trustee keys commands

trustee keys export + Export a Cryptainer Key to the trustee



trustee keys import Import a Cryptainer Key from a trustee

trustee keys export

Purpose: Export a Cryptainer Key to the trustee

Usage: trustee keys export [-c, --cryptainer-path <cryptainer-path>] [-f, --ftp <ftp>] [-k, --key-id <key-id>] [-l, --lun <lun>] [--media-label <media-label>] [--owner-name <owner-name>] [-p, --password <password>] [--pool-label <pool-label>] [-d, --port-wwn <port-wwn>] [--tgt-name <tgt-name>] [-u, --username <username>] <label>

Parameters:

<label> Name of the trustee to whom the key is to be exported

Options:

-c, --cryptainer-path <cryptainer-path> Path to a NAS cryptainer-f, --ftp <ftp> Upload keys export package to a FTP server-k, --key-id <key-id> Key ID-l, --lun <lun> Fibre Channel or iSCSI disk LUN--media-label <media-label> Media label (SAN)--owner-name <owner-name> iSCSI owner name-p, --password <password> Password of FTP user--pool-label <pool-label> Pool label (SAN)-d, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>--tgt-name <tgt-name> iSCSI target name-u, --username <username> User to connect to FTP server as

trustee keys impo rt

Purpose: Import a Cryptainer Key from a trustee

Usage: trustee keys import [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]

Options:

-f, --ftp <ftp> Download trusted package from a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Key file uploaded to web server



3.2 trustee linkkey commands

trustee linkkey delete Remove a link key from the systemtrustee linkkey list List all approved link keys in the systemtrustee linkkey map + Change the link key which is used for a particular trustee

link

trustee linkkey delete

Purpose: Remove a link key from the system

Usage: trustee linkkey delete [-i, --id <id>] [-l, --label <label>]

Options:


trustee linkkey list

Purpose: List all approved link keys in the system

Usage: trustee linkkey list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:


trustee linkkey map

Purpose: Change the link key which is used for a particular trustee link

Usage: trustee linkkey map <label> <id>

Parameters:

<label> Name of the trustee<id> Link Key ID



3.3 trustee linkkeysharing commands

trustee linkkeysharing disable Disable link key sharing over a trustee linktrustee linkkeysharing enable Enable link key sharing over a trustee link

trustee linkkeysharing disable

Purpose: Disable link key sharing over a trustee link

Usage: trustee linkkeysharing disable [-i, --id <id>] [-l, --label <label>]

Options:

-i, --id <id> Link Key ID-l, --label <label> Trustee identification label

trustee linkkeysharing enable

Purpose: Enable link key sharing over a trustee link

Usage: trustee linkkeysharing enable [-i, --id <id>] [-l, --label <label>]

Options:

-i, --id <id> Link Key ID-l, --label <label> Trustee identification label

3.4 trustee peer commands

trustee peer delete Remove a trustee from the systemtrustee peer list List all approved trustees in the system

trustee peer delete

Purpose: Remove a trustee from the system

Usage: trustee peer delete [-i, --id <id>] [-l, --label <label>]

Options:




trustee peer list

Purpose: List all approved trustees in the system

Usage: trustee peer list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:


3.5 trustee unapproved commands

trustee unapproved approve Get a secret shared trustee authorization token. The secretsharing is done using the specified recovery cards

trustee unapproved create + Create a trust establishment package for a new trusteetrustee unapproved delete Delete a pending trusteetrustee unapproved list List the pending unapproved trustees in the systemtrustee unapproved receive Receive a trust package created by a remote trusteetrustee unapproved review Check whether trustee approval is neededtrustee unapproved rmall Remove all unapproved trustees from the systemtrustee unapproved send + Send a previously created trust package to a remote

trustee

trustee unapproved approve

Purpose: Get a secret shared trustee authorization token. The secretsharing is done using the specified recovery cards

Usage: trustee unapproved approve [-i, --id <id>] [-l, --label <label>] [-t, --type <type>]

Options:

-i, --id <id> Trustee ID-l, --label <label> Trustee identifying label-t, --type <type> Link type: one of

LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)



trustee unapproved create

Purpose: Create a trust establishment package for a new trustee

Usage: trustee unapproved create <label> <mylabel>

Parameters:

<label> Label used as identifier for this trustee<mylabel> Label with which to introduce this Appliance to the trustee

trustee unapproved delete

Purpose: Delete a pending trustee

Usage: trustee unapproved delete [-i, --id <id>] [-l, --label <label>]

Options:


trustee unapproved list

Purpose: List the pending unapproved trustees in the system

Usage: trustee unapproved list [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:




trustee unapproved receive

Purpose: Receive a trust package created by a remote trustee

Usage: trustee unapproved receive [-f, --ftp <ftp>] [-c, --mylabel <mylabel>] [-n, --name <name>] [-p, --password <password>] [-t, --type <type>] [-u, --username <username>] [-v, --verifier <verifier>] [-w, --webfile <webfile>]

Options:

-f, --ftp <ftp> Download trusted package from a FTP server-c, --mylabel <mylabel> Self credentials to use to talk to the trustee-n, --name <name> Name to associate with the trustee-p, --password <password> Password of FTP user-t, --type <type> Link type: one of

LKMLKM/LKMDF/LKMOPENKEY/LEGACY(default)-u, --username <username> User to connect to FTP server as-v, --verifier <verifier> Verification hash for this package-w, --webfile <webfile> File uploaded to web server

trustee unapproved review

Purpose: Check whether trustee approval is needed

Usage: trustee unapproved review [-q, --quiet] [-v, --verbose]

Options:

-q, --quiet Print nothing if no problems are detected-v, --verbose Show more detail



trustee unapproved rmall

Purpose: Remove all unapproved trustees from the system

Usage: trustee unapproved rmall

trustee unapproved send

Purpose: Send a previously created trust package to a remote trustee

Usage: trustee unapproved send [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] <label>

Parameters:

<label> Label of the trustee to whom the trust package is to be sent

Options:

-f, --ftp <ftp> Upload trust package to a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as



4 LKM COMMANDS

lkm db... ConfigDB commandslkm disk usage List free/used spacelkm doc Generate Documentation for LKM interfaceslkm key... Key commandslkm openkey LKM OpenKey commandslkm restart Restart LKM daemonlkm server... Server commandslkm state info Show LKM subsystem state informationlkm status Check the status of all configured LKM Serverslkm test LKM self test on specified function areaslkm zeroize Zeroize LKM information



lkm disk usage

Purpose: List free/used space

Usage: lkm disk usage

lkm doc

Purpose: Generate Documentation for LKM interfaces

Usage: lkm doc

lkm restart

Purpose: Restart LKM daemon

Usage: lkm restart

lkm state info

Purpose: Show LKM subsystem state information

Usage: lkm state info

lkm status

Purpose: Check the status of all configured LKM Servers

Usage: lkm status [-v, --verbose]

Options:

-v, --verbose Display data specific to each SNS



lkm test

Purpose: LKM self test on specified function areas

Usage: lkm test [--all] [--key-parse] [--key-share] [--key-translation] [--key-vault-encrypt] [--key-vault-sign] [--time-key-generate <time-key-generate>] [--time-key-translation <time-key-translation>] [--verbose]

Options:

--all Tests full suite except timing ones (tests none by default)--key-parse Tests key parsing functions--key-share Tests key sharing policy functions--key-translation Exercises SEP--key-vault-encrypt Tests key vault encryption functions--key-vault-sign Tests key vault signing functions--time-key-generate <time-key-generate> Benchmark Key Generation--time-key-translation <time-key-translation>

Benchmark Translation

--verbose Output all status (output failures only by default)

lkm zeroize

Purpose: Zeroize LKM information

Usage: lkm zeroize [--keep_journal] [--keep_key_db] [--keep_remote_cdbs]

Options:

--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs

4.1 lkm db commands

lkm db copy + Copy configuration databaselkm db export + Export a configuration database as compressed XMLlkm db list List configuration databaseslkm db remove + Remove configuration database



lkm db copy

Purpose: Copy configuration database

Usage: lkm db copy <from> <to>

Parameters:

<from> Database Name<to> Destination Database Name

lkm db export

Purpose: Export a configuration database as compressed XML

Usage: lkm db export [-f, --ftp-dir <ftp-dir>] [-p, --password <password>] [-u, --username <username>] <db>

Parameters:

<db> Config Database to export

Options:

-f, --ftp-dir <ftp-dir> Export to FTP server as compressed XML file <ftp://[user:pass@]host[:port]/path>

-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as

lkm db list

Purpose: List configuration databases

Usage: lkm db list

lkm db remove

Purpose: Remove configuration database

Usage: lkm db remove <dbfile>

Parameters:

<dbfile> Database to remove



4.2 lkm key commands

lkm key add Add lkm key objectslkm key attribute... Key attribute commandslkm key delete Remove single lkm key objectlkm key export Export lkm key objectslkm key import Import lkm key objectslkm key journal... Key journal commandslkm key list List lkm key objectslkm key resync + Resync LKM keyslkm key sharing group list List all key sharing groups this LKM appliance knows

aboutlkm key statistics List key countslkm key update Update single lkm key objectlkm key verify List corrupt lkm key objectslkm key whitelist list List the key whitelist



lkm key add

Purpose: Add lkm key objects

Usage: lkm key add

lkm key delete

Purpose: Remove single lkm key object

Usage: lkm key delete

lkm key export

Purpose: Export lkm key objects

Usage: lkm key export [-f, --ftp <ftp>] [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [-p, --password <password>] [-s, --seqnum <seqnum>] [-u, --username <username>]

Options:

-f, --ftp <ftp> Upload keys export package to a FTP server-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by-p, --password <password> Password of FTP user-s, --seqnum <seqnum> Sequence number to start from-u, --username <username> User to connect to FTP server as

lkm key import

Purpose: Import lkm key objects

Usage: lkm key import [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]

Options:

-f, --ftp <ftp> Download keys export package from a FTP server-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Key file uploaded to web server



lkm key list

Purpose: List lkm key objects

Usage: lkm key list [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [--verify-show <verify-show>] [--verify-skip]

Options:

-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by--verify-show <verify-show> Verify and show good and/or no good keys [all (default) |

ok | ng ]--verify-skip Skip verification and show all keys (not recommended)

lkm key resync

Purpose: Resync LKM keys

Usage: lkm key resync <peer>

Parameters:

<peer> IP address

lkm key sharing group list

Purpose: List all key sharing groups this LKM appliance knows about

Usage: lkm key sharing group list [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward



lkm key statistics

Purpose: List key counts

Usage: lkm key statistics [--reset]

Options:

--reset Reset statistics table (advanced)

lkm key update

Purpose: Update single lkm key object

Usage: lkm key update

lkm key verify

Purpose: List corrupt lkm key objects

Usage: lkm key verify [-a, --all] [-n, --limit <limit>] [-o, --offset <offset>] [--order <order>] [--order-by <order-by>] [--skip-verification]

Options:

-a, --all Display all matching keys, not just corrupt ones-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--order <order> asc | desc--order-by <order-by> the attr_name to order by--skip-verification Skip verification of key signatures

lkm key whitelist list

Purpose: List the key whitelist

Usage: lkm key whitelist list

4.2.1 lkm key attribute commands

lkm key attribute add + Add a new key attributelkm key attribute list List allowed key attributes



lkm key attribute add

Purpose: Add a new key attribute

Usage: lkm key attribute add <attr_type> <is_primary_key> <attr_name> <attr_display_name>

Parameters:

<attr_type> Key attribute type<is_primary_key> Whether attribute is a handler<attr_name> Key attribute name<attr_display_name> Key attribute display name

lkm key attribute list

Purpose: List allowed key attributes

Usage: lkm key attribute list [-n, --limit <limit>] [-o, --offset <offset>]

Options:


4.2.2 lkm key journal commands

lkm key journal list List keys from the LKM key journallkm key journal state Output LKM key journal statelkm key journal status Output LKM key journal statuslkm key journal zeroize Zeroize LKM key journal

lkm key journal list

Purpose: List keys from the LKM key journal

Usage: lkm key journal list [-n, --limit <limit>] [-o, --offset <offset>]

Options:




lkm key journal state

Purpose: Output LKM key journal state

Usage: lkm key journal state [-i, --init-time] [-r, --recompute]

Options:

-i, --init-time Display init-time statistics-r, --recompute Recompute statistics

lkm key journal status

Purpose: Output LKM key journal status

Usage: lkm key journal status

lkm key journal zeroize

Purpose: Zeroize LKM key journal

Usage: lkm key journal zeroize [-o, --overwrite]

Options:

-o, --overwrite Overwrite entries

4.3 lkm openkey commands

lkm openkey client list List OpenKey clientslkm openkey enroll... LKM OpenKey enrollment commandslkm openkey license list List OpenKey licenses



lkm openkey client list

Purpose: List OpenKey clients

Usage: lkm openkey client list

lkm openkey license list

Purpose: List OpenKey licenses

Usage: lkm openkey license list

4.3.1 lkm openkey enroll commands

lkm openkey enroll list Displays current OpenKey enrollment settingslkm openkey enroll pending... Interact with the list of enrollments pending manual

approvallkm openkey enroll set + Modify OpenKey enrollment settings



lkm openkey enroll list

Purpose: Displays current OpenKey enrollment settings

Usage: lkm openkey enroll list

lkm openkey enroll set

Purpose: Modify OpenKey enrollment settings

Usage: lkm openkey enroll set [-t, --endtime <endtime>] [-k, --ksg <ksg>] [-m, --netmask <netmask>] [-o, --only-added] [-p, --port <port>] [-b, --range-begin <range-begin>] [-e, --range-end <range-end>] [-s, --subnet <subnet>] <mode>

Parameters:

<mode> off|auto|manual

Options:

-t, --endtime <endtime> Cut-off time for accepting enrollment requests. 'YYYY-MM-DD HH:MM:SS' Default is forever.

-k, --ksg <ksg> Default key sharing group. Name must begin and end with forward slash delimiter.

-m, --netmask <netmask> Only accept peers from this subnet. Used with -s, not -b or -e. Default 0.0.0.0.

-o, --only-added Only allow enrollment by peers in the lkm server list (but with no certificate).

-p, --port <port> Port on which to accept enrollment requests. Default 32580.

-b, --range-begin <range-begin> Only accept peers from this ip range. Used with -e, not -s or -m. Default 0.0.0.0.

-e, --range-end <range-end> Only accept peers from this ip range. Used with -b, not -s or -m. Default 255.255.255.255.

-s, --subnet <subnet> Only accept peers from this subnet. Used with -m, not -b or -e. Default 0.0.0.0.

4.3.1.1 lkm openkey enroll pending commands

lkm openkey enroll pending accept Accept pending OpenKey clients (making them peers)lkm openkey enroll pending certificateget +

Get certificate of enrolled OpenKey client awaiting manual approval

lkm openkey enroll pending list List enrolled OpenKey clients awaiting manual approvallkm openkey enroll pending reject Reject pending OpenKey clients (removing them from the

list)



lkm openkey enroll pending accept

Purpose: Accept pending OpenKey clients (making them peers)

Usage: lkm openkey enroll pending accept [-a, --all] [-k, --ksg <ksg>] [-m, --netmask <netmask>] [-s, --subnet <subnet>]

Options:

-a, --all Accept all. Must specify this or -s.-k, --ksg <ksg> Key sharing group. Name must begin and end with

forward slash delimiter.-m, --netmask <netmask> Only accept peers from this subnet. If given, must specify

-s.-s, --subnet <subnet> Only accept peers from this subnet. If netmask is

unspecified, this is a single IP address.

lkm openkey enroll pending certificate get

Purpose: Get certificate of enrolled OpenKey client awaiting manual approval

Usage: lkm openkey enroll pending certificate get [-t, --text] <ip>

Parameters:

<ip> IP address

Options:

-t, --text Display certificate as text fields, not PEM.

lkm openkey enroll pending list

Purpose: List enrolled OpenKey clients awaiting manual approval

Usage: lkm openkey enroll pending list [-c, --count] [-i, --ip <ip>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-c, --count Show only total number of pending OpenKey clients-i, --ip <ip> IP address of pending OpenKey client-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward



lkm openkey enroll pending reject

Purpose: Reject pending OpenKey clients (removing them from the list)

Usage: lkm openkey enroll pending reject [-a, --all] [-m, --netmask <netmask>] [-s, --subnet <subnet>]

Options:

-a, --all Reject all. Must specify this or -s (but not both).-m, --netmask <netmask> Only reject peers from this subnet. If given, must specify

-s. Default is 255.255.255.255.-s, --subnet <subnet> Only reject peers from this subnet. If netmask is

unspecified, this is a single IP address.

4.4 lkm server commands

lkm server add + Add LKM serverlkm server certificate... Certificate commandslkm server list List LKM serverslkm server remove + Remove LKM serverlkm server set + Modify a property of LKM server

lkm server add

Purpose: Add LKM server

Usage: lkm server add [--key-sharing-group <key-sharing-group>] [-p, --port <port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee <trustee>] [--type <type>] <peer>

Parameters:

<peer> IP address

Options:

--key-sharing-group <key-sharing-group> Name must begin and end with forward slash delimiter-p, --port <port> Port on which LKM server is listening--protocol <protocol> xml-s, --secret <secret> Shared secret--trustee <trustee> Label of established Trustee Link--type <type> software | appliance | datafort | third-party



lkm server list

Purpose: List LKM servers

Usage: lkm server list [-c, --count] [-i, --ip <ip>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-c, --count Show only total number of LKM servers-i, --ip <ip> IP address of LKM server-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward

lkm server remove

Purpose: Remove LKM server

Usage: lkm server remove <peer>

Parameters:

<peer> IP address

lkm server set

Purpose: Modify a property of LKM server

Usage: lkm server set [--key-sharing-group <key-sharing-group>] [-p, --port <port>] [--protocol <protocol>] [-s, --secret <secret>] [--trustee <trustee>] <peer>

Parameters:

<peer> IP address

Options:

--key-sharing-group <key-sharing-group> Name must begin and end with forward slash delimiter-p, --port <port> Port on which LKM server is listening--protocol <protocol> binary | xml-s, --secret <secret> Shared secret (software)--trustee <trustee> Label of established Trustee Link



4.4.1 lkm server certificate commands

lkm server certificate get + Get certificate of peerlkm server certificate set + Set certificate of peer

lkm server certificate get

Purpose: Get certificate of peer

Usage: lkm server certificate get <peer>

Parameters:

<peer> IP address

lkm server certificate set

Purpose: Set certificate of peer

Usage: lkm server certificate set <peer> <certificate>

Parameters:

<peer> IP address<certificate> Certificate



5 NET COMMANDS

net apply Apply network changesnet connection list List network connectionsnet interface get + Get network interface informationnet status Display network statusnet util... Network utilities

net apply

Purpose: Apply network changes

Usage: net apply [--httpd] [--sshd]

Options:

--httpd Restart httpd--sshd Restart sshd

net connection list

Purpose: List network connections

Usage: net connection list

net interface get

Purpose: Get network interface information

Usage: net interface get <ifname>

Parameters:

<ifname> Network interface name (for example: bge0, bge1, em0)



net status

Purpose: Display network status

Usage: net status [-q, --quiet] [-v, --verbose]

Options:


5.1 net util commands

net util arp Display or delete ARP tablenet util host + Look up hostnames using DNSnet util ifconfig Display network interface settingsnet util ipsecstats Display IPsec statisticsnet util netstat Display network statusnet util ping + Ping a hostnet util tcpdump... Network packet capture facility

net util arp

Purpose: Display or delete ARP table

Usage: net util arp [-a] [-d] [-n]

Options:

-a Apply action to all entries-d Delete all entries-n Show network addresses as numbers

net util host

Purpose: Look up hostnames using DNS

Usage: net util host <hostname>

Parameters:

<hostname> Hostname or IP address



net util ifconfig

Purpose: Display network interface settings

Usage: net util ifconfig [-C] [-L] [-a] [-d] [-l] [-m] [-u]

Options:

-C List all of the interface cloners available on the system-L Display address lifetime for IPv6 addresses-a Display information about all interfaces in the system-d Display information only about interfaces that are down-l List all available interfaces on the system-m Display all of the supported media for the specified

interface-u Display information only about interfaces that are up



net util ipsecstats

Purpose: Display IPsec statistics

Usage: net util ipsecstats

net util netstat

Purpose: Display network status

Usage: net util netstat [-I <>] [-L] [-W] [-a] [-b] [-d] [-e] [-f <>] [-i] [-m] [-n] [-p <>] [-r] [-s]

Options:

-I <> Show information about the specified interface-L Show the size of various listen queues-W Avoid truncating addresses-a With the default display, show the state of all sockets;

With the routing table display, (option -r, as described below), show protocol-cloned routes

-b With the interface display (option -i, as described below), show the number of bytes in and out

-d With the interface display (option -i, as described below), show the number of dropped packets

-e Show detailed information on each TCP connection-f <> Limit statistics or address control block reports to those of

the specified address family-i Show state of interfaces which have been auto-configured-m Show statistics recorded by the memory management

routines-n Show network addresses as numbers-p <> Show statistics about protocol-r Show the routing tables-s Show per-protocol stats



net util ping

Purpose: Ping a host

Usage: net util ping [-I <>] [-S <>] [-c <>] [-s <>] <hostname>

Parameters:

<hostname> Hostname or IP address

Options:

-I <> Interface to send packets from-S <> Source address to be used when sending packets-c <> Number of packets to send (default is 4).-s <> Number of data bytes to send (default is 56).

5.1.1 net util tcpdump commands

net util tcpdump delete + Delete packet capture filenet util tcpdump start + Start packet capturenet util tcpdump status + Show status of packet capturenet util tcpdump stop + Stop packet capture

net util tcpdump delete

Purpose: Delete packet capture file

Usage: net util tcpdump delete <interface>

Parameters:

<interface> Interface whose packet capture file is to be deleted; use 'all' to specify all interfaces



net util tcpdump start

Purpose: Start packet capture

Usage: net util tcpdump start [-x, --file <file>] [-f, --ftpserver <ftpserver>] [-p, --password <password>] [-s, --snaplen <snaplen>] [-u, --user <user>] <interface> <filter>

Parameters:

<interface> Interface on which to start packet capture; use 'all' to specify all interfaces

<filter> Packet-matching filter

Options:

-x, --file <file> Specify the file that should be written on the ftp server-f, --ftpserver <ftpserver> Specify the ftp server that the file should be outputted to-p, --password <password> Specify the password that should be used to connect to

the ftp server-s, --snaplen <snaplen> Maximum length of packet to capture-u, --user <user> Specify the user that should be used to connect to the ftp

server

net util tcpdump status

Purpose: Show status of packet capture

Usage: net util tcpdump status <interface>

Parameters:

<interface> Interface on which to check status; use 'all' to specify all interfaces

net util tcpdump stop

Purpose: Stop packet capture

Usage: net util tcpdump stop <interface>

Parameters:

<interface> Interface on which to stop packet capture; use 'all' to specify all interfaces



6 KEYMAN COMMANDS

keyman cryptainerkeys... Cryptainer key management commandskeyman domainkeys list List Domain Keyskeyman expirekeys Check keys for expirationkeyman lkmkeys... LKM key management commandskeyman masterkeys Query Master Keyskeyman purgekeys... Key purge management commandskeyman set Set attributes of keys

keyman domainkeys list

Purpose: List Domain Keys

Usage: keyman domainkeys list [-d, --dk-id <dk-id>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-d, --dk-id <dk-id> Domain Key ID-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward

keyman expirekeys

Purpose: Check keys for expiration

Usage: keyman expirekeys [-c, --coordinator]

Options:

-c, --coordinator Run this command only if the local node is cluster coordinator



keyman masterkeys

Purpose: Query Master Keys

Usage: keyman masterkeys [-g, --generation <generation>] [-n, --limit <limit>] [-m, --mk-id <mk-id>] [-o, --offset <offset>]

Options:

-g, --generation <generation> Master Key generation-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-m, --mk-id <mk-id> Master Key ID-o, --offset <offset> Query offset: negative=>step backward

keyman set

Purpose: Set attributes of keys

Usage: keyman set [-k, --ck-id <ck-id>] [-e, --expiration date <expiration date>] [-n, --limit <limit>] [-o, --offset <offset>] [-r, --read-only date <read-only date>]

Options:

-k, --ck-id <ck-id> Cryptainer Key ID-e, --expiration date <expiration date> Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD

[hh:mm:ss]' or 'now'-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-r, --read-only date <read-only date> Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD

[hh:mm:ss]' or 'now'

6.1 keyman cryptainerkeys commands

keyman cryptainerkeys generate + Generate Cryptainer Keyskeyman cryptainerkeys list List Cryptainer Keyskeyman cryptainerkeys rename + Assign a new name to an existing Cryptainer Key



keyman cryptainerkeys generate

Purpose: Generate Cryptainer Keys

Usage: keyman cryptainerkeys generate [-x, --exportable <exportable>] [-i, --index <index>] [-n, --name <name>] <no-of-keys>

Parameters:

<no-of-keys> No of keys to generate

Options:

-x, --exportable <exportable> This option is no longer supported. All keys are exportable-i, --index <index> Index for keys to be used as suffix-n, --name <name> Prefix for keys name

keyman cryptainerkeys list

Purpose: List Cryptainer Keys

Usage: keyman cryptainerkeys list [-k, --ck-id <ck-id>] [--expired] [-n, --limit <limit>] [-o, --offset <offset>] [--readonly]

Options:

-k, --ck-id <ck-id> Cryptainer Key ID--expired List keys in expired state-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward--readonly List keys in read-only state

keyman cryptainerkeys rename

Purpose: Assign a new name to an existing Cryptainer Key

Usage: keyman cryptainerkeys rename <ck-id> <new-name>

Parameters:

<ck-id> ID of the Cryptainer Key to be renamed<new-name> New name to be associated with this Cryptainer Key



6.2 keyman lkmkeys commands

keyman lkmkeys backup Back up Cryptainer Keys to LKM serverkeyman lkmkeys import Import Cryptainer Keys from LKM serverkeyman lkmkeys list Display Cryptainer Keys from LKM server

keyman lkmkeys backup

Purpose: Back up Cryptainer Keys to LKM server

Usage: keyman lkmkeys backup

keyman lkmkeys import

Purpose: Import Cryptainer Keys from LKM server

Usage: keyman lkmkeys import [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>] [-n, --iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name <iscsi-tgt-name>] [-s, --lower-limit-timestamp <lower-limit-timestamp>] [-l, --lun <lun>] [--media-label <media-label>] [--pool-label <pool-label>] [-p, --port-wwn <port-wwn>] [-f, --upper-limit-timestamp <upper-limit-timestamp>]

Options:

-k, --ck-id <ck-id> Cryptainer Key ID-d, --dk-id <dk-id> Domain Key ID-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name-n, --iscsi-tgt-name <iscsi-tgt-name> iSCSI Target Name-s, --lower-limit-timestamp <lower-limit-timestamp>

Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'

-l, --lun <lun> Logical Unit Number--media-label <media-label> Media Label (SAN)--pool-label <pool-label> Pool Label (SAN)-p, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>-f, --upper-limit-timestamp <upper-limit-timestamp>

Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'



keyman lkmkeys list

Purpose: Display Cryptainer Keys from LKM server

Usage: keyman lkmkeys list [-k, --ck-id <ck-id>] [-d, --dk-id <dk-id>] [-n, --iscsi-owner-name <iscsi-owner-name>] [-n, --iscsi-tgt-name <iscsi-tgt-name>] [-s, --lower-limit-timestamp <lower-limit-timestamp>] [-l, --lun <lun>] [--media-label <media-label>] [--pool-label <pool-label>] [-p, --port-wwn <port-wwn>] [-v, --server <server>] [-f, --upper-limit-timestamp <upper-limit-timestamp>]

Options:

-k, --ck-id <ck-id> Cryptainer Key ID-d, --dk-id <dk-id> Domain Key ID-n, --iscsi-owner-name <iscsi-owner-name> iSCSI Owner Name-n, --iscsi-tgt-name <iscsi-tgt-name> iSCSI Target Name-s, --lower-limit-timestamp <lower-limit-timestamp>

Lower limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'

-l, --lun <lun> Logical Unit Number--media-label <media-label> Media Label (SAN)--pool-label <pool-label> Pool Label (SAN)-p, --port-wwn <port-wwn> Disk port WWN <xx:xx:xx:xx:xx:xx:xx:xx>-v, --server <server> Server IP (default first available)-f, --upper-limit-timestamp <upper-limit-timestamp>

Upper limit timestamp: local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'

6.3 keyman purgekeys commands

keyman purgekeys accelerate Speedup rate of purging unused Cryptainer and Master Keys

keyman purgekeys start Start purging unused Cryptainer and Master Keyskeyman purgekeys status Display the number of keys remaining to be purgedkeyman purgekeys stop Stop purging unused Cryptainer and Master Keys



keyman purgekeys accelerate

Purpose: Speedup rate of purging unused Cryptainer and Master Keys

Usage: keyman purgekeys accelerate

keyman purgekeys start

Purpose: Start purging unused Cryptainer and Master Keys

Usage: keyman purgekeys start [-a, --age <age>] [-k, --ck-id <ck-id>] [-r, --remove-tape-history]

Options:

-a, --age <age> Age in days-k, --ck-id <ck-id> Cryptainer Key ID-r, --remove-tape-history purge old tape key references too

keyman purgekeys status

Purpose: Display the number of keys remaining to be purged

Usage: keyman purgekeys status

keyman purgekeys stop

Purpose: Stop purging unused Cryptainer and Master Keys

Usage: keyman purgekeys stop



7 CLI COMMANDS

cli complete Command line completioncli cshelp... CLI context-sensitive help commandscli documentation Print CLI documentationcli format + Change CLI display formatcli pager + Turn on/off screenful CLI output display pager

cli complete

Purpose: Command line completion

Usage: cli complete

cli documentati on

Purpose: Print CLI documentation

Usage: cli documentation [-n, --name-only]

Options:

-n, --name-only Output command names only

cli format

Purpose: Change CLI display format

Usage: cli format <format>

Parameters:

<format> Set CLI display format <default|text/gui|text/xml>



cli pager

Purpose: Turn on/off screenful CLI output display pager

Usage: cli pager <on|off>

Parameters:

<on|off> Turn screenful pager on or off

7.1 cli cshelp commands

cli cshelp disable Disable CLI context-sensitive help '?' key bindingcli cshelp enable Enable CLI context-sensitive help '?' key bindingcli cshelp find Find CLI context-sensitive help

cli cshelp disable

Purpose: Disable CLI context-sensitive help '?' key binding

Usage: cli cshelp disable

cli cshelp enable

Purpose: Enable CLI context-sensitive help '?' key binding

Usage: cli cshelp enable

cli cshelp find

Purpose: Find CLI context-sensitive help

Usage: cli cshelp find



8 ACTIVE-ROLE COMMANDS

active-role add + Activate an authorized roleactive-role list List active rolesactive-role remove + Remove an active role

active- role add

Purpose: Activate an authorized role

Usage: active-role add <active-role>

Parameters:

<active-role> Authorized role to activate

active- role list

Purpose: List active roles

Usage: active-role list

active- role remove

Purpose: Remove an active role

Usage: active-role remove <active-role>

Parameters:

<active-role> Active role to remove



9 DOMAIN COMMANDS

domain add + Add a domaindomain controller discover + Discover the domain controllers of a given domaindomain group list + List groups in the domaindomain hash import + Start a background process to import the password

hashesdomain list List domainsdomain migrate + Move all users and groups in a domain to another domaindomain remove + Remove a domaindomain set + Set domain settingsdomain user list + List users in the domaindomain validate + Validate domain access



domain add

Purpose: Add a domain

Usage: domain add [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldap-schema>] [--netbios <netbios>] [-p, --password <password>] [--search-dn-list <search-dn-list>] [--server <server>] [-u, --username <username>] <name> <type> <subtype>

Parameters:

<name> Domain name<type> <cifs|nfs><subtype> <local|windows|nis|ldap|userless>

Options:

--auto-import <auto-import> Auto import user password hashes--kdc <kdc> Kerberos Key Distribution Center (multiple comma-

delimited KDC's can be specified)--krb-realm <krb-realm> Kerberos Realm--ldap-bind-dn <ldap-bind-dn> Location in LDAP directory of the domain access user--ldap-schema <ldap-schema> LDAP server schema--netbios <netbios> NetBIOS name of domain-p, --password <password> domain access user or Unix domain root user password--search-dn-list <search-dn-list> Custom list of search DNs to use when querying Windows

DCs for user and group listings (e.g. OU=dept1&OU=dept2)

--server <server> Server name-u, --username <username> domain access user or Unix domain root user name

domain controller discover

Purpose: Discover the domain controllers of a given domain

Usage: domain controller discover [--netbios <netbios>] <name>

Parameters:

<name> Domain name

Options:

--netbios <netbios> Domain's NetBIOS name



domain group list

Purpose: List groups in the domain

Usage: domain group list [-g, --group <group>] [-n, --num-of-groups <num-of-groups>] <domain>

Parameters:

<domain> Name of domain

Options:

-g, --group <group> Wildcard group name string-n, --num-of-groups <num-of-groups> Max number of results expected, default is 10; if you want

all results, set to 0.

domain hash import

Purpose: Start a background process to import the password hashes

Usage: domain hash import [-p, --password <password>] [-u, --user <user>] <domain>

Parameters:


Options:

-p, --password <password> password-u, --user <user> User name

domain list

Purpose: List domains

Usage: domain list [-n, --limit <limit>] [--name <name>] [--netbios <netbios>] [-o, --offset <offset>] [--server <server>] [--type <type>]

Options:

-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Domain name--netbios <netbios> NetBIOS name of domain-o, --offset <offset> Query offset: negative=>step backward--server <server> Server name--type <type> <cifs|nfs>



domain migrate

Purpose: Move all users and groups in a domain to another domain

Usage: domain migrate <source-domain> <dest-domain>

Parameters:

<source-domain> Name of source domain<dest-domain> Name of destination domain

domain remove

Purpose: Remove a domain

Usage: domain remove [-f, --forced] <domain name>

Parameters:

<domain name> Name of domain

Options:

-f, --forced Remove all users and groups in the domain along with the domain



domain set

Purpose: Set domain settings

Usage: domain set [--auto-import <auto-import>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--ldap-bind-dn <ldap-bind-dn>] [--ldap-schema <ldap-schema>] [--netbios <netbios>] [-p, --password <password>] [--search-dn-list <search-dn-list>] [--server <server>] [-u, --username <username>] <domain name>

Parameters:

<domain name> Name of domain

Options:

--auto-import <auto-import> Auto import user password hashes--kdc <kdc> Kerberos Key Distribution Center--krb-realm <krb-realm> Kerberos Realm--ldap-bind-dn <ldap-bind-dn> Location in LDAP directory of the domain access user--ldap-schema <ldap-schema> LDAP server schema--netbios <netbios> NetBIOS name of domain-p, --password <password> domain access user or Unix domain root user password--search-dn-list <search-dn-list> Custom list of search DNs to use when querying Windows

DCs for user and group listings--server <server> Server name-u, --username <username> domain access user or Unix domain root user name

domain user list

Purpose: List users in the domain

Usage: domain user list [-n, --num-of-users <num-of-users>] [-u, --user <user>] <domain>

Parameters:


Options:

-n, --num-of-users <num-of-users> Max number of results expected, default is 10; if you want all results, set to 0.

-u, --user <user> Wildcard user name string



domain validate

Purpose: Validate domain access

Usage: domain validate <name>

Parameters:

<name> Domain name



10 GROUP COMMANDS

group add + Add a groupgroup domain discover + Discover & display all groups & members in Windows

domaingroup group... Nested group membership commandsgroup list List groupsgroup remove + Remove a groupgroup review Check whether group review is neededgroup role... Group role commands

group add

Purpose: Add a group

Usage: group add <group>

Parameters:

<group> groupname@domain (Wrap with double quotes if it contains a space: e.g., "My Group")

group domain discover

Purpose: Discover & display all groups & members in Windows domain

Usage: group domain discover <domain>

Parameters:




group list

Purpose: List groups

Usage: group list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]

Options:

-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags: system,role,primary,comers,everyone,admin--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Group name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id

group remove

Purpose: Remove a group

Usage: group remove <group>

Parameters:

<group> groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")

group review

Purpose: Check whether group review is needed

Usage: group review [-q, --quiet] [-v, --verbose]

Options:




10.1 group group commands

group group list List nested group membershipsgroup group parentlist List parent groups of nested group memberships

group group list

Purpose: List nested group memberships

Usage: group group list [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:

--domain <domain> Child group/role domain--domain-type <domain-type> Child group/role domain type (<cifs|nfs>)--flags <flags> Parent group/role flags -

system,role,primary,comers,everyone,admin--group <group> Parent group/role name--group-domain <group-domain> Parent group/role domain--group-domain-type <group-domain-type> Parent group/role domain (<cifs|nfs>)--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Child group/role name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal



group group parentlist

Purpose: List parent groups of nested group memberships

Usage: group group parentlist [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:



10.2 group role commands

group role grant + Grant a role to a groupgroup role revoke + Revoke a role from a group

group role grant

Purpose: Grant a role to a group

Usage: group role grant <role> <group>

Parameters:

<role> Role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")

<group> Group: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")



group role revoke

Purpose: Revoke a role from a group

Usage: group role revoke <role> <group>

Parameters:

<role> Role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")

<group> Group: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")



11 ROLE COMMANDS

role list List rolesrole path list List role hierarchy

role list

Purpose: List roles

Usage: role list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]

Options:

-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags: system,role,primary,comers,everyone,admin--icase Use case-insensitive search for group name-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Group name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id



role path list

Purpose: List role hierarchy

Usage: role path list [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:





12 USER COMMANDS

user add + Add a user accountuser cifs... User CIFS commandsuser comers... User new comers commandsuser group... Group membership (non-nested) commandsuser home... User home directory commandsuser list List all users in databaseuser remove + Remove a user from the databaseuser role... User role commandsuser set + Set user settingsuser token dump + Dump token info

user add

Purpose: Add a user account

Usage: user add [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--domain <domain>] [--fullname <fullname>] [--icase] [--id <id>] [--local] [--localcert <localcert>] [--localid <localid>] [--password <password>] <group> <username>

Parameters:

<group> Group/role name<username> User login name

Options:

--dcrcert <dcrcert> Pre-assigned certificate--dcrid <dcrid> Pre-assigned ID--domain <domain> Domain--fullname <fullname> Full name--icase Username is case insensitive--id <id> [<Unix id>,<group id>]--local Dont replicate administrators in a cluster--localcert <localcert> Local certificate--localid <localid> Local ID--password <password> User password



user list

Purpose: List all users in database

Usage: user list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--fullname <fullname>] [--gid <gid>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--sid <sid>]

Options:

-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--fullname <fullname> Full name--gid <gid> Unix group id--icase Use case-insensitive search for user name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--sid <sid> Windows security id

user remove

Purpose: Remove a user from the database

Usage: user remove [--icase] [--id <id>] <user>

Parameters:


Options:

--icase Username is case insensitive--id <id> Unix id



user set

Purpose: Set user settings

Usage: user set [--dcrcert <dcrcert>] [--dcrid <dcrid>] [--fullname <fullname>] [--id <id>] [--localcert <localcert>] [--localid <localid>] [--newpass <newpass>] [-r, --resetpass] <user>

Parameters:


Options:

--dcrcert <dcrcert> Pre-assigned certificate--dcrid <dcrid> Pre-assigned ID--fullname <fullname> Full name--id <id> [<Unix id>,<group id>]--localcert <localcert> Local certificate--localid <localid> Local ID--newpass <newpass> New password for this user-r, --resetpass Prompt for new password for this user

user token dump

Purpose: Dump token info

Usage: user token dump <user>

Parameters:


12.1 user cifs commands

user cifs password... Commands for operating on or with CIFS passwordsuser cifs sid + Query a domain controller for a user's Windows SIDuser cifs validate + Check that a user can log into a Windows or LDAP domain



user cifs sid

Purpose: Query a domain controller for a user's Windows SID

Usage: user cifs sid <user>

Parameters:


user cifs validate

Purpose: Check that a user can log into a Windows or LDAP domain

Usage: user cifs validate [--domain-name <domain-name>] [--kdc <kdc>] [--krb-realm <krb-realm>] [--server <server>] <domain type> <user name> <password>

Parameters:

<domain type> Domain Type (<windows|ldap>)<user name> User's name<password> User's password

Options:

--domain-name <domain-name> Name of Windows domain--kdc <kdc> Kerberos Key Distribution Center (<ldap> domains only)--krb-realm <krb-realm> Kerberos Realm of user (<ldap> domains only)--server <server> Authentication server for domain

12.1.1 user cifs password commands

user cifs password nullify + Nullify password (also nullifies the DataFort password if applicable)

user cifs password verify + Verify the password hashes of a user in the configdb



user cifs password nullify

Purpose: Nullify password (also nullifies the DataFort password if applicable)

Usage: user cifs password nullify <user>

Parameters:


user cifs password verify

Purpose: Verify the password hashes of a user in the configdb

Usage: user cifs password verify [-p, --pword <pword>] [--type <type>] <user>

Parameters:


Options:

-p, --pword <pword> User password (zero'd hashes if unspecified)--type <type> Password type: datafort or file_server (default)

12.2 user comers commands

user comers cancel Cancel the addition of new users and groups to databaseuser comers confirm Confirm the addition of new users and groups to database



user comers cancel

Purpose: Cancel the addition of new users and groups to database

Usage: user comers cancel [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:

--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal



user comers confirm

Purpose: Confirm the addition of new users and groups to database

Usage: user comers confirm [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:

--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal

12.3 user group commands

user group grant + Grant a group to a useruser group list List (non-nested) group membershipsuser group parentlist List parent groups of (non-nested) group membershipsuser group revoke + Revoke a group from a user



user group grant

Purpose: Grant a group to a user

Usage: user group grant [--flags <flags>] <group> <user>

Parameters:

<group> Group/role: groupname[@domain] (Wrap with double quotes if it contains a space: e.g., "My Group")


Options:

--flags <flags> Group flags - system,role,primary,comers,everyone,admin

user group list

Purpose: List (non-nested) group memberships

Usage: user group list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:

-c, --count-only Display the total count only--domain <domain> Domain--domain-type <domain-type> <cifs|nfs>--flags <flags> Group flags - system,role,primary,comers,everyone,admin--group <group> Group/role name--group-domain <group-domain> Group/role domain--group-domain-type <group-domain-type> Group/role domain type (<cifs|nfs>)--icase Use case-insensitive search for user/group/role name--id <id> Unix id-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--name <name> Name-o, --offset <offset> Query offset: negative=>step backward--uflags <uflags> Group membership flags - comers,normal



user group parentlist

Purpose: List parent groups of (non-nested) group memberships

Usage: user group parentlist [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:


user group revoke

Purpose: Revoke a group from a user

Usage: user group revoke [--flags <flags>] <group> <user>

Parameters:



Options:


12.4 user home commands

user home list List the home directories that have been set



user home remove + Remove the home directory for a user or all users in a domain

user home set + Set the home directory for a user or all users in a domain

user home list

Purpose: List the home directories that have been set

Usage: user home list

user home remove

Purpose: Remove the home directory for a user or all users in a domain

Usage: user home remove [--vip <vip>] <user or domain>

Parameters:

<user or domain> [username]@domain (Wrap with double quotes if it contains a space: e.g., "My Group")

Options:

--vip <vip> Remove vip home directory rule

user home set

Purpose: Set the home directory for a user or all users in a domain

Usage: user home set [--vip] <user or domain> <path>

Parameters:

<user or domain> [username]@domain (Wrap with double quotes if it contains a space: e.g., "My Group")

<path> Full file path: (CIFS): \\<server>\<share>[\<path>] (NFS): <server>:<export>[/<path>]

Options:

--vip Set a vip based home directory rule (CIFS only). In the absence of a User specific rule, A vip bound share matching the user login name will be used as the user's home dir. If non exists, access to the vip is denied.



12.5 user role commands

user role grant + Grant a role to a useruser role list List user authorized rolesuser role revoke + Revoke a role from a user

user role grant

Purpose: Grant a role to a user

Usage: user role grant [--flags <flags>] <group> <user>

Parameters:



Options:




user role list

Purpose: List user authorized roles

Usage: user role list [-c, --count-only] [--domain <domain>] [--domain-type <domain-type>] [--flags <flags>] [--group <group>] [--group-domain <group-domain>] [--group-domain-type <group-domain-type>] [--icase] [--id <id>] [-n, --limit <limit>] [--name <name>] [-o, --offset <offset>] [--uflags <uflags>]

Options:


user role revoke

Purpose: Revoke a role from a user

Usage: user role revoke [--flags <flags>] <group> <user>

Parameters:



Options:




13 CLUSTER COMMANDS

cluster config... Cluster configuration commandscluster disable + Disable clusteringcluster enable + Enable clusteringcluster rexec Execute a CLI command on member DataFort(s)cluster rsh + Access the CLI of specified DataFortcluster state Get cluster statecluster status Check configuration database status

cluster disable

Purpose: Disable clustering

Usage: cluster disable <member-ip or name>

Parameters:

<member-ip or name> Name or IP of member DataFort being disabled in this cluster

cluster enable

Purpose: Enable clustering

Usage: cluster enable <member-ip or name>

Parameters:

<member-ip or name> Name or IP of member DataFort coming back to the cluster



cluster rexec

Purpose: Execute a CLI command on member DataFort(s)

Usage: cluster rexec [--ip <ip>] [--name <name>]

Options:

--ip <ip> Member DataFort's IP address. If this option is not provided and no name is specified

--name <name> Member DataFort's name. If this option is not provided and no IP is specified

cluster rsh

Purpose: Access the CLI of specified DataFort

Usage: cluster rsh <member-ip or name>

Parameters:

<member-ip or name> Member DataFort's name or IP address

cluster state

Purpose: Get cluster state

Usage: cluster state

cluster status

Purpose: Check configuration database status

Usage: cluster status

13.1 cluster config commands

cluster config ipsec... IPsec commandscluster config member... Member commandscluster config name + Set the cluster's namecluster config potentialmember... Potential cluster member commandscluster config pull + Copy a configuration database from a member DataFortcluster config remote list + List the remote member's table



cluster config route... Member route commandscluster config set-local Set cluster properties of this DataFort

cluster config name

Purpose: Set the cluster's name

Usage: cluster config name <name>

Parameters:

<name> Cluster's name

cluster config pull

Purpose: Copy a configuration database from a member DataFort

Usage: cluster config pull [-r, --rebuild] <member-ip>

Parameters:

<member-ip> Cluster member's name or IP address

Options:

-r, --rebuild Rebuild all tables from scratch

cluster config remote list

Purpose: List the remote member's table

Usage: cluster config remote list [-p, --potential] <remote-ip>

Parameters:

<remote-ip> Remote DataFort's IP address

Options:

-p, --potential List remote member's potential table. Without the option lists cluster table.



cluster config set-local

Purpose: Set cluster properties of this DataFort

Usage: cluster config set-local [--coord <coord>] [--ip <ip>] [--member-id <member-id>] [--name <name>]

Options:

--coord <coord> Can be coordinator?--ip <ip> This DataFort's IP address--member-id <member-id> This DataFort's member ID--name <name> This DataFort's name

13.1.1 cluster config ipsec commands

cluster config ipsec dumpsad Dump the Security Association Database (SAD) entriescluster config ipsec dumpspd Dump the Security Policy Database (SPD) entriescluster config ipsec flushsad Flush the Security Association Database (SAD) entriescluster config ipsec restart Restart IPsec daemoncluster config ipsec secret Set shared secret for IPsec traffic between DataFort

appliances



cluster config ipsec dumpsad

Purpose: Dump the Security Association Database (SAD) entries

Usage: cluster config ipsec dumpsad

cluster config ipsec dumpspd

Purpose: Dump the Security Policy Database (SPD) entries

Usage: cluster config ipsec dumpspd

cluster config ipsec flushsad

Purpose: Flush the Security Association Database (SAD) entries

Usage: cluster config ipsec flushsad

cluster config ipsec resta rt

Purpose: Restart IPsec daemon

Usage: cluster config ipsec restart

cluster config ipsec secret

Purpose: Set shared secret for IPsec traffic between DataFort appliances

Usage: cluster config ipsec secret [-s, --secret <secret>]

Options:

-s, --secret <secret> IPsec secret string

13.1.2 cluster config member commands

cluster config member count Show number of member DataFort appliancescluster config member list List cluster member DataFort appliancescluster config member remove + Remove a cluster member DataFortcluster config member rmall Remove all cluster memberscluster config member set + Change cluster member attributes



cluster config member count

Purpose: Show number of member DataFort appliances

Usage: cluster config member count

cluster config member list

Purpose: List cluster member DataFort appliances

Usage: cluster config member list [-c, --count] [-n, --limit <limit>] [--member-id <member-id>] [--member-ip <member-ip>] [-o, --offset <offset>]

Options:

-c, --count Show only current number of members-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--member-id <member-id> Member DataFort's member ID--member-ip <member-ip> Member DataFort's IP address-o, --offset <offset> Query offset: negative=>step backward

cluster config member remove

Purpose: Remove a cluster member DataFort

Usage: cluster config member remove <member-ip>

Parameters:

<member-ip> Cluster member's name or IP address



cluster config member rmall

Purpose: Remove all cluster members

Usage: cluster config member rmall

cluster config member set

Purpose: Change cluster member attributes

Usage: cluster config member set [--coord <coord>] [--ip <ip>] [--txid <txid>] <old-member-ip>

Parameters:

<old-member-ip> Member's IP address

Options:

--coord <coord> Can be coordinator?--ip <ip> Member DataFort's IP new address--txid <txid> Last txid known to local member on this member's line

13.1.3 cluster config potentialmember commands

cluster config potentialmember add + Add a new potential membercluster config potentialmemberauthenticate +

Authenticate a new potential member

cluster config potentialmember commit Ask the master for the global domain key and join the cluster

cluster config potentialmember getmaster Get the IP address of the potential master membercluster config potentialmember list List potential cluster memberscluster config potentialmember review Check whether potential cluster members are waitingcluster config potentialmember rmall Remove all unconfirmed potential members from cluster

groupcluster config potentialmember set + Change potential member attributescluster config potentialmember status Show potential cluster members status



cluster config potentialmembe r add

Purpose: Add a new potential member

Usage: cluster config potentialmember add [-m, --master] [-n, --name <name>] [-s, --slave] <member-ip>

Parameters:

<member-ip> Potential member's IP address

Options:

-m, --master Potential member is already in the cluster-n, --name <name> Potential member's name-s, --slave Member should not be a coordinator

cluster config potentialmembe r authenticate

Purpose: Authenticate a new potential member

Usage: cluster config potentialmember authenticate [-i, --initial] <member-ip>

Parameters:

<member-ip> Cluster member's IP address

Options:

-i, --initial Authenticate using the initial cluster token



cluster config potentialmembe r commit

Purpose: Ask the master for the global domain key and join the cluster

Usage: cluster config potentialmember commit

cluster config potentialmembe r getmaster

Purpose: Get the IP address of the potential master member

Usage: cluster config potentialmember getmaster

cluster config potentialmembe r list

Purpose: List potential cluster members

Usage: cluster config potentialmember list [-c, --count] [-n, --limit <limit>] [--member-id <member-id>] [--member-ip <member-ip>] [-o, --offset <offset>]

Options:

-c, --count Show only current number of members-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range--member-id <member-id> Member DataFort's member ID--member-ip <member-ip> Member DataFort's IP address-o, --offset <offset> Query offset: negative=>step backward

cluster config potentialmembe r review

Purpose: Check whether potential cluster members are waiting

Usage: cluster config potentialmember review [-q, --quiet] [-v, --verbose]

Options:




cluster config potentialmembe r rmall

Purpose: Remove all unconfirmed potential members from cluster group

Usage: cluster config potentialmember rmall

cluster config potentialmembe r set

Purpose: Change potential member attributes

Usage: cluster config potentialmember set [--coord <coord>] [--ip <ip>] [--name <name>] <old-member-ip>

Parameters:

<old-member-ip> Member's IP address

Options:

--coord <coord> Can be coordinator?--ip <ip> Potential member DataFort's new IP address--name <name> Potential member's new name

cluster config potentialmembe r status

Purpose: Show potential cluster members status

Usage: cluster config potentialmember status

13.1.4 cluster config route commands

cluster config route add + Add a route to a cluster membercluster config route heartbeat... Route heartbeat commandscluster config route list Display the routes to cluster memberscluster config route remove + Remove a route to a cluster membercluster config route rmall Remove routes to all cluster members



cluster config route add

Purpose: Add a route to a cluster member

Usage: cluster config route add [-p, --peer <peer>] [-s, --source <source>] [-t, --timeout <timeout>] <member-ip>

Parameters:


Options:

-p, --peer <peer> Peer IP address-s, --source <source> Source IP address-t, --timeout <timeout> Connection establishment timeout seconds.

cluster config route list

Purpose: Display the routes to cluster members

Usage: cluster config route list

cluster config route remove

Purpose: Remove a route to a cluster member

Usage: cluster config route remove <member-ip>

Parameters:


cluster config route rmall

Purpose: Remove routes to all cluster members

Usage: cluster config route rmall

13.1.4.1 cluster config route heartbeat commands

cluster config route heartbeat disable Dont maintain a route heartbeat and keep alive for all open routes



cluster config route heartbeat enable Maintain a route heartbeat and keep alive for all open routes

cluster config route heartbeat disable

Purpose: Dont maintain a route heartbeat and keep alive for all open routes

Usage: cluster config route heartbeat disable

cluster config route heartbeat enable

Purpose: Maintain a route heartbeat and keep alive for all open routes

Usage: cluster config route heartbeat enable



14 DB COMMANDS

db begin Begin a transactiondb commit Commit the current transactiondb connect Connect to configuration databasedb export Export the configuration database as compressed XML filedb import Import the configuration databasedb index... Indexing administration commandsdb record + Get a configuration database recorddb recover Recover a config database through the Recovery Wizarddb rollback Rollback the current transactiondb save Checkpoint database and save changes to diskdb select Perform a database querydb size Display database available spacedb status Display configuration database statusdb trx... Transaction administration commandsdb xlog... Transaction log administration commands

db begin

Purpose: Begin a transaction

Usage: db begin [-p, --priority <priority>]

Options:

-p, --priority <priority> Transaction priority: <system | user>



db commit

Purpose: Commit the current transaction

Usage: db commit

db connect

Purpose: Connect to configuration database

Usage: db connect [-f, --force-reconnect]

Options:

-f, --force-reconnect Forcibly disconnect and reconnect to configuration Database

db export

Purpose: Export the configuration database as compressed XML file

Usage: db export [-f, --ftp-dir <ftp-dir>] [-l, --lkm] [-p, --password <password>] [-x, --purge] [-u, --username <username>]

Options:

-f, --ftp-dir <ftp-dir> Export to FTP server as compressed XML file <ftp://[user:pass@]host[:port]/path>

-l, --lkm Export to Lifetime Key Management server-p, --password <password> Password of FTP user-x, --purge Purge unused Cryptainer Keys after export is complete-u, --username <username> User to connect to FTP server as



db import

Purpose: Import the configuration database

Usage: db import [-v, --dbversion <dbversion>] [-f, --ftp <ftp>] [-p, --password <password>] [-u, --username <username>] [-w, --webfile <webfile>]

Options:

-v, --dbversion <dbversion> Currently valid choices for <dbversion> are:-f, --ftp <ftp> Download compressed XML configdb from FTP server

<ftp://[user:pass@]host[:port]/path_to_configdb>-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as-w, --webfile <webfile> Name of compressed XML configdb file uploaded to web

server

db record

Purpose: Get a configuration database record

Usage: db record <rid>

Parameters:

<rid> Record id: 0x[64-bit hex]

db recover

Purpose: Recover a config database through the Recovery Wizard

Usage: db recover [-p, --password <password>] [-u, --username <username>]

Options:

-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as



db rollback

Purpose: Rollback the current transaction

Usage: db rollback

db save

Purpose: Checkpoint database and save changes to disk

Usage: db save

db select

Purpose: Perform a database query

Usage: db select [-n, --limit <limit>] [-o, --offset <offset>]

Options:


db size

Purpose: Display database available space

Usage: db size [-s, --summary] [-t, --tables]

Options:

-s, --summary Shows free space only-t, --tables Shows table information

db status

Purpose: Display configuration database status

Usage: db status [-v, --verbose]

Options:

-v, --verbose Show more detail



14.1 db index commands

db index list List all database indexesdb index test Test database index integrity

db index list

Purpose: List all database indexes

Usage: db index list

db index test

Purpose: Test database index integrity

Usage: db index test

14.2 db trx commands

db trx kill + Kill (rollback) a transactiondb trx list List transactions

db trx kill

Purpose: Kill (rollback) a transaction

Usage: db trx kill <txid>

Parameters:

<txid> Txid (0x[64-bit hex]) of trx to be killed



db trx list

Purpose: List transactions

Usage: db trx list

14.3 db xlog commands

db xlog list Query transaction redo log recordsdb xlog test Test transaction redo log

db xlog list

Purpose: Query transaction redo log records

Usage: db xlog list [-a, --action <action>] [-d, --detail] [-n, --limit <limit>] [-o, --offset <offset>] [-i, --rid <rid>] [-x, --txid <txid>]

Options:

-a, --action <action> Xlog action: <start | insert | update | delete | p2commit | ready | dont_commit | commit | abort | chkpt>

-d, --detail Show extra record details - record id and tablename-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-i, --rid <rid> Record id: 0x[64-bit hex]-x, --txid <txid> Transaction id 0x[64-bit hex]

db xlog test

Purpose: Test transaction redo log

Usage: db xlog test



15 SYSTEM COMMANDS

system agreement... Agreement commandssystem allproperties globalize Globalize all properties which can be globalizedsystem banner Banner commandssystem certificate... Certificate commandssystem check Perform basic system checkssystem crypto... Crypto commandssystem date... Date commandssystem finalize Finalize the systemsystem httpd... HTTPD commandssystem license... License commandssystem log... System log commandssystem lproperty get Get long propertysystem ntpd restart Restart NTP daemonsystem property... Property commandssystem raid... Raid commandssystem reboot Reboot the systemsystem revert Revert system to snapshot imagesystem selftest Perform system selftestsystem sensors Display system sensorssystem serial Display Appliance serial numbersystem shutdown Shutdown the systemsystem snmp restart Restart the SNMP agentsystem sshd restart Restart the Appliance SSH serversystem tamper... Tamper commandssystem timers list List system timerssystem timezone... Timezone commandssystem upgrade Upgrade the systemsystem util... System utilitiessystem version Display the version of all system componentssystem wizard... Wizard commandssystem zeroize Zeroize all key material and delete configuration database



system allproperties globalize

Purpose: Globalize all properties which can be globalized

Usage: system allproperties globalize

system check

Purpose: Perform basic system checks

Usage: system check [-q, --quiet] [-v, --verbose]

Options:


system finalize

Purpose: Finalize the system

Usage: system finalize

system lproperty get

Purpose: Get long property

Usage: system lproperty get [-d, --detail] [-n, --limit <limit>] [-k, --name <name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value <value>]

Options:

-d, --detail Show more detail-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-k, --name <name> Query properties by name-o, --offset <offset> Query offset: negative=>step backward-r, --role <role> Evaluate permissions for specified role-v, --value <value> Query properties by value



system ntpd restart

Purpose: Restart NTP daemon

Usage: system ntpd restart

system reboot

Purpose: Reboot the system

Usage: system reboot [-p]

Options:

-p Power cycle Appliance

system revert

Purpose: Revert system to snapshot image

Usage: system revert [-k, --keep_ip] [--verbose]

Options:

-k, --keep_ip use saved IP in case configdb value is not set--verbose Print a more verbose set of messages to the screen

system selftest

Purpose: Perform system selftest

Usage: system selftest [-q, --quiet] [-v, --verbose]

Options:




system sensors

Purpose: Display system sensors

Usage: system sensors

system serial

Purpose: Display Appliance serial number

Usage: system serial

system shutdown

Purpose: Shutdown the system

Usage: system shutdown

system snmp restart

Purpose: Restart the SNMP agent

Usage: system snmp restart

system sshd restart

Purpose: Restart the Appliance SSH server

Usage: system sshd restart

system timers list

Purpose: List system timers

Usage: system timers list

system upgrade

Purpose: Upgrade the system



Usage: system upgrade [-k, --keep_ip] [--keep_journal] [--keep_key_db] [--keep_remote_cdbs] [-n, --no_snapshot] [-r, --partial] [-p, --password <password>] [-u, --username <username>] [--verbose] [-v, --verify] [-z, --zeroize]

Options:

-k, --keep_ip Allow the upgrade process to keep old admin IP info--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs-n, --no_snapshot Do not create a snapshot with the upgrade-r, --partial Allow the upgrade process to do a partial zeroization-p, --password <password> Password of FTP user-u, --username <username> User to connect to FTP server as--verbose Print a more verbose set of messages to the screen-v, --verify Only compute and display a verification hash of package-z, --zeroize Allow the upgrade process to zeroize the box

system version

Purpose: Display the version of all system components

Usage: system version [-c, --crypto-card <crypto-card>]

Options:

-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this Appliance to which this command should apply

system zeroize

Purpose: Zeroize all key material and delete configuration database

Usage: system zeroize [-k, --keep_ip] [--keep_journal] [--keep_key_db] [-p, --keep_protected] [--keep_remote_cdbs]

Options:

-k, --keep_ip Allow the zeroize process to keep old admin IP info--keep_journal Allow the zeroize process to keep LKM journal--keep_key_db Allow the zeroize process to keep LKM key DB-p, --keep_protected Allow the zeroize process to keep contents of protected

EEPROM--keep_remote_cdbs Allow the zeroize process to keep remote ConfigDBs



15.1 system agreement commands

system agreement sign Sign the license agreementsystem agreement view view the license agreement

system agreement sign

Purpose: Sign the license agreement

Usage: system agreement sign

system agreement view

Purpose: view the license agreement

Usage: system agreement view

15.2 system banner commands

system banner postlogin... Postlogin banner commandssystem banner prelogin... Prelogin banner commands

15.2.1 system banner postlogin commands

system banner postlogin add Append string to postlogin banner messagesystem banner postlogin get Print the postlogin banner messagesystem banner postlogin set Initialize postlogin banner message



system banner postlogin add

Purpose: Append string to postlogin banner message

Usage: system banner postlogin add

system banner postlogin get

Purpose: Print the postlogin banner message

Usage: system banner postlogin get

system banner postlogin set

Purpose: Initialize postlogin banner message

Usage: system banner postlogin set

15.2.2 system banner prelogin commands

system banner prelogin add Append string to prelogin banner messagesystem banner prelogin get Print the prelogin banner messagesystem banner prelogin set Initialize prelogin banner message



system banner prelogin add

Purpose: Append string to prelogin banner message

Usage: system banner prelogin add

system banner prelogin get

Purpose: Print the prelogin banner message

Usage: system banner prelogin get

system banner prelogin set

Purpose: Initialize prelogin banner message

Usage: system banner prelogin set

15.3 system certificate commands

system certificate get View the Appliance certificatesystem certificate getcert Get the PEM format certificatesystem certificate request... Certificate request commandssystem certificate set + Set results from the CA as the Appliance certificatesystem certificate sign + Self-sign and set the Appliance certificate



system certificate get

Purpose: View the Appliance certificate

Usage: system certificate get

system certificate getcert

Purpose: Get the PEM format certificate

Usage: system certificate getcert [-s, --summary] [-v, --version <version>]

Options:

-s, --summary Output summary only-v, --version <version> Certificate version

system certificate set

Purpose: Set results from the CA as the Appliance certificate

Usage: system certificate set [-v, --version <version>] <certificate>

Parameters:

<certificate> Certificate

Options:

-v, --version <version> Certificate version



system certificate sign

Purpose: Self-sign and set the Appliance certificate

Usage: system certificate sign [-v, --version <version>] <CN> <C> <ST> <L> <O> <OU> <E>

Parameters:

<CN> commonName<C> countryName<ST> stateOrProvinceName<L> localityName<O> organizationName<OU> organizationalUnitName<E> emailAddress

Options:


15.3.1 system certificate request commands

system certificate request generate + Generate a certificate request for the CA to signsystem certificate request get Get the certificate request



system certificate request generate

Purpose: Generate a certificate request for the CA to sign

Usage: system certificate request generate [-v, --version <version>] <CN> <C> <ST> <L> <O> <OU> <E>

Parameters:

<CN> commonName<C> countryName<ST> stateOrProvinceName<L> localityName<O> organizationName<OU> organizationalUnitName<E> emailAddress

Options:


system certificate request get

Purpose: Get the certificate request

Usage: system certificate request get [-v, --version <version>]

Options:


15.4 system crypto commands

system crypto approve... Approve action by messages signed by recovery cardssystem crypto authenticate Authenticate System Card and SEPsystem crypto channel... Establish secure channelsystem crypto ignitionkey... SEP and System Card Ignition Key commandssystem crypto interrupts Display crypto device interrupt count statisticssystem crypto level Get the crypto level of SEPsystem crypto manager Security managersystem crypto masterkey... Appliance Master Key commandssystem crypto numSEPs Get the number of SEPs in this Datafortsystem crypto protected... Protected EEPROMsystem crypto proxy Execute System Card commands



system crypto rc... Recovery Card commandssystem crypto rip... Recovery Information Package Commandssystem crypto scstatus Status of the System Cardsystem crypto secretshare... Secret sharing commandssystem crypto start Start the crypto module (set cipher and load Master Key)system crypto test Crypto self testsystem crypto whitelist... Manage whitelist entries

system crypto authenticate

Purpose: Authenticate System Card and SEP

Usage: system crypto authenticate

system crypto interrupts

Purpose: Display crypto device interrupt count statistics

Usage: system crypto interrupts [-c, --crypto-card <crypto-card>]

Options:

-c, --crypto-card <crypto-card> Index number of the specific crypto-card in this DataFort to which this command should apply

system crypto level

Purpose: Get the crypto level of SEP

Usage: system crypto level [-c, --crypto-card <crypto-card>]

Options:




system crypto manager

Purpose: Security manager

Usage: system crypto manager [-a, --authenticate] [-c, --changeaks] [-d, --device <device>] [-g, --genmk] [-h, --help] [-i, --id] [-k, --key <key>] [-n, --newik] [-r, --rcid] [-s, --seed] [-V, --version-syscard]

Options:

-a, --authenticate Authenticate System Card to SEP-c, --changeaks Change system card and SEP AKS-d, --device <device> Use the specified SEP in the Datafort instead of the

default-g, --genmk Generate first encmk-h, --help Show help and exit-i, --id Get public key and node ID of the SEP-k, --key <key> Use specified key as as enc(MK) in start up-n, --newik MK must already be loaded to SEP, returns enc(MK)

encrypted w/ new IK-r, --rcid Retrieve DRTKN ID-s, --seed Send RNG seed to system card-V, --version-syscard Get the version of the system card

system crypto numSEPs

Purpose: Get the number of SEPs in this Datafort

Usage: system crypto numSEPs

system crypto proxy

Purpose: Execute System Card commands

Usage: system crypto proxy [-r, --reset]

Options:

-r, --reset Reset System Card



system crypto scstatus

Purpose: Status of the System Card

Usage: system crypto scstatus

system crypto start

Purpose: Start the crypto module (set cipher and load Master Key)

Usage: system crypto start [-c, --cluster]

Options:

-c, --cluster start crypto without global domain key

system crypto test

Purpose: Crypto self test

Usage: system crypto test [-c, --crypto-card <crypto-card>]

Options:


15.4.1 system crypto approve commands

system crypto approve clear + Clear approve statesystem crypto approve message + Process (possibly part of) signed authorization messagesystem crypto approve nonce + Generate a noncesystem crypto approve status Get status of recovery card-based approval

system crypto approve clear

Purpose: Clear approve state

Usage: system crypto approve clear <purpose>

Parameters:

<purpose> purpose code



system crypto approve message

Purpose: Process (possibly part of) signed authorization message

Usage: system crypto approve message <message>

Parameters:

<message> (possibly part of) signed message

system crypto approve nonce

Purpose: Generate a nonce

Usage: system crypto approve nonce <purpose>

Parameters:

<purpose> purpose code

system crypto approve status

Purpose: Get status of recovery card-based approval

Usage: system crypto approve status

15.4.2 system crypto chan nel commands

system crypto channel challenge + Send challengesystem crypto channel response + Receive response

system crypto channel challenge

Purpose: Send challenge

Usage: system crypto channel challenge <id>

Parameters:

<id> peer device id



system crypto channel response

Purpose: Receive response

Usage: system crypto channel response <msg>

Parameters:

<msg> response message

15.4.3 system crypto ignitionkey commands

system crypto ignitionkey change Change ignition key valuesystem crypto ignitionkey ring Run the ECCDH Blade ring protocol to establish a new

Ignition Key among the SEPs

system crypto ignitionkey change

Purpose: Change ignition key value

Usage: system crypto ignitionkey change

system crypto ignitionkey ring

Purpose: Run the ECCDH Blade ring protocol to establish a new Ignition Key among the SEPs

Usage: system crypto ignitionkey ring

15.4.4 system crypto masterkey commands

system crypto masterkey create Generate and save a new master keysystem crypto masterkey load Load a previously saved master key into the SEP



system crypto masterkey create

Purpose: Generate and save a new master key

Usage: system crypto masterkey create [--replace]

Options:

--replace Replace masterkey if it exists

system crypto masterkey load

Purpose: Load a previously saved master key into the SEP

Usage: system crypto masterkey load [-c, --crypto-card <crypto-card>]

Options:


15.4.5 system crypto protected commands

system crypto protected clearSSL Clear SSL private key and cert from EEPROMsystem crypto protected loadSSL Load SSL private key and cert from protected EEPROMsystem crypto protected saveSSL Save SSL private key and cert to protected EEPROM

system crypto protected clearSSL

Purpose: Clear SSL private key and cert from EEPROM

Usage: system crypto protected clearSSL

system crypto protected loadSSL

Purpose: Load SSL private key and cert from protected EEPROM

Usage: system crypto protected loadSSL [-v, --version <version>]

Options:




system crypto protected saveSSL

Purpose: Save SSL private key and cert to protected EEPROM

Usage: system crypto protected saveSSL [-v, --version <version>]

Options:


15.4.6 system crypto rc commands

system crypto rc add + Add a new recovery card to the systemsystem crypto rc check + Check if the inserted Recovery Card belongs to this

Appliancesystem crypto rc delete Remove recovery cards from the systemsystem crypto rc list List the Recovery Cards in the systemsystem crypto rc restore Restore recovery officers from the config DB into the SEP

whitelist during recovery wizardsystem crypto rc sync Synchronize SEP whitelist with config DB

system crypto rc add

Purpose: Add a new recovery card to the system

Usage: system crypto rc add [--certblob <certblob>] <label> <domain> <command> <drtknid>

Parameters:

<label> Label of the recovery card<domain> Domain to which recovery card belongs<command> Securely signed and channel encrypted message

containing the RC key<drtknid> ID of the Recovery Card

Options:

--certblob <certblob> certification chain blob



system crypto rc check

Purpose: Check if the inserted Recovery Card belongs to this Appliance

Usage: system crypto rc check [--certblob <certblob>] <id>

Parameters:

<id> ID of the recovery card to check

Options:

--certblob <certblob> optional certificate chain to verify in SW

system crypto rc delete

Purpose: Remove recovery cards from the system

Usage: system crypto rc delete [-d, --domain <domain>] [-i, --id <id>] [-l, --label <label>]

Options:

-d, --domain <domain> Recovery card domain-i, --id <id> Recovery card id-l, --label <label> Recovery card label

system crypto rc list

Purpose: List the Recovery Cards in the system

Usage: system crypto rc list [-c, --count] [-d, --domain <domain>] [-i, --id <id>] [-l, --label <label>] [-n, --limit <limit>] [-o, --offset <offset>]

Options:

-c, --count Show current number of Recovery Cards-d, --domain <domain> Recovery Card domain-i, --id <id> Recovery Card ID-l, --label <label> Recovery Card label-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward



system crypto rc restore

Purpose: Restore recovery officers from the config DB into the SEP whitelist during recovery wizard

Usage: system crypto rc restore

system crypto rc sync

Purpose: Synchronize SEP whitelist with config DB

Usage: system crypto rc sync

15.4.7 system crypto rip commands

system crypto rip export Export an RIPsystem crypto rip getcombination Get the Combination ID given recovery card IDs and key

type being recoveredsystem crypto rip getshare Get a secret share given a combination ID and a recovery

card IDsystem crypto rip import Import an RIPsystem crypto rip loadshare Load a share for recoverysystem crypto rip rclist List the recovery cards from currently loaded RIP filesystem crypto rip status Get the status of the currently loaded RIP file

system crypto rip export

Purpose: Export an RIP

Usage: system crypto rip export [-f, --ftpPath <ftpPath>] [-p, --password <password>] [-u, --username <username>]

Options:

-f, --ftpPath <ftpPath> FTP path for the RIP-p, --password <password> password on the FTP server-u, --username <username> username on the FTP server



system crypto rip getcombination

Purpose: Get the Combination ID given recovery card IDs and key type being recovered

Usage: system crypto rip getcombination

system crypto rip getshare

Purpose: Get a secret share given a combination ID and a recovery card ID

Usage: system crypto rip getshare

system crypto rip import

Purpose: Import an RIP

Usage: system crypto rip import [-f, --ftpPath <ftpPath>] [-p, --password <password>] [-u, --username <username>] [-w, --webFile <webFile>]

Options:

-f, --ftpPath <ftpPath> FTP path for the RIP-p, --password <password> password on the FTP server-u, --username <username> username on the FTP server-w, --webFile <webFile> RIP file uploaded to web server

system crypto rip loadshare

Purpose: Load a share for recovery

Usage: system crypto rip loadshare [-f, --first] [-l, --last]

Options:

-f, --first First share of combination-l, --last Last share of combination



system crypto rip rclist

Purpose: List the recovery cards from currently loaded RIP file

Usage: system crypto rip rclist

system crypto rip status

Purpose: Get the status of the currently loaded RIP file

Usage: system crypto rip status

15.4.8 system crypto secretshare commands

system crypto secretshare authorizeDrtkn Get a secret shared drtkn authorization token. The secretsharing is done using the specified recovery cards

system crypto secretshare getclustertoken Get a secret shared cluster token from a remote master potential member. The secretsharing is done using the specified recovery cards

system crypto secretshare getcombination Get the Combination ID given recovery card IDs and key type being recovered

system crypto secretshare getshare + Get the secret share given the recovery card IDs and combination ID

system crypto secretshare loadshare + Load a secret share into the SEPsystem crypto secretshare recoverykey Secret share a recovery policy key and store the sharessystem crypto secretshare scheme + Set the recovery secret sharing scheme for this Appliance



system crypto secretshare authorizeDr tkn

Purpose: Get a secret shared drtkn authorization token. The secretsharing is done using the specified recovery cards

Usage: system crypto secretshare authorizeDrtkn

system crypto secretshare getclustert oken

Purpose: Get a secret shared cluster token from a remote master potential member. The secretsharing is done using the specified recovery cards

Usage: system crypto secretshare getclustertoken

system crypto secretshare getcombination

Purpose: Get the Combination ID given recovery card IDs and key type being recovered

Usage: system crypto secretshare getcombination [-c, --cleartext_recoverable] [-r, --recoverable]

Options:

-c, --cleartext_recoverable secret share for the cleartext recoverable policy key-r, --recoverable secret share for the recoverable policy key

system crypto secretshare getshare

Purpose: Get the secret share given the recovery card IDs and combination ID

Usage: system crypto secretshare getshare [-c, --cltkn] [-d, --drtkn] [-t, --trustee] <combnid> <drtknid>

Parameters:

<combnid> ID of the combination of secret shares<drtknid> ID of the required the drtkn whose component is required

Options:

-c, --cltkn get share for a cluster token-d, --drtkn get share for a drtkn authorization-t, --trustee get share for a trustee authorization



system crypto secretshare loadshare

Purpose: Load a secret share into the SEP

Usage: system crypto secretshare loadshare [-f, --first] [-l, --last] <command> <drtknid>

Parameters:

<command> Secure signed and channel encrypted message containing encrypted share

<drtknid> ID of the recovery card which encrypted the share

Options:

-f, --first first share in a combination-l, --last last share in a combination

system crypto secretshare recoverykey

Purpose: Secret share a recovery policy key and store the shares

Usage: system crypto secretshare recoverykey [-c, --cleartext_recoverable] [-r, --recoverable]

Options:

-c, --cleartext_recoverable secret share for the cleartext recoverable policy key-r, --recoverable secret share for the recoverable policy key

system crypto secretshare scheme

Purpose: Set the recovery secret sharing scheme for this Appliance

Usage: system crypto secretshare scheme <rec_scheme>

Parameters:

<rec_scheme> Currently valid choices for <recovery scheme> include:

15.4.9 system crypto whitelist commands

system crypto whitelist add + Add a public keysystem crypto whitelist lock Lock the whitelistsystem crypto whitelist query + query whitelist



system crypto whitelist remove + Remove a public key

system crypto whitelist add

Purpose: Add a public key

Usage: system crypto whitelist add [--certblob <certblob>] <keyblob>

Parameters:

<keyblob> public key blob

Options:

--certblob <certblob> certificate chain blob

system crypto whitelist lock

Purpose: Lock the whitelist

Usage: system crypto whitelist lock

system crypto whitelist query

Purpose: query whitelist

Usage: system crypto whitelist query <pattern>

Parameters:

<pattern> search pattern

system crypto whitelist remove

Purpose: Remove a public key

Usage: system crypto whitelist remove <pattern>

Parameters:

<pattern> key removal pattern



15.5 system date commands

system date get Get system datesystem date set Set system date

system date get

Purpose: Get system date

Usage: system date get [-f, --format <format>]

Options:

-f, --format <format> Date format in Unix 'date' command convention)

system date set

Purpose: Set system date

Usage: system date set [-f, --format <format>]

Options:

-f, --format <format> Date format in Unix 'date' command convention)

15.6 system httpd commands

system httpd getstatus Return the percentage of the job done and the job typesystem httpd restart Restart the Appliance web serversystem httpd setjobtype + Set the type of the current jobsystem httpd setstatus + Set the status of the current job



system httpd getstatus

Purpose: Return the percentage of the job done and the job type

Usage: system httpd getstatus

system httpd restart

Purpose: Restart the Appliance web server

Usage: system httpd restart

system httpd setjobtype

Purpose: Set the type of the current job

Usage: system httpd setjobtype <type>

Parameters:

<type> Job type to be set

system httpd setstatus

Purpose: Set the status of the current job

Usage: system httpd setstatus <status>

Parameters:

<status> Status value to be set

15.7 system license commands

system license add + Add specified licensesystem license check + Check if a valid license exists for a featuresystem license list List all licensessystem license remove + Remove specified license



system license add

Purpose: Add specified license

Usage: system license add <license>

Parameters:

<license> Appliance feature license

system license check

Purpose: Check if a valid license exists for a feature

Usage: system license check <feature>

Parameters:

<feature> Appliance license-enabled feature: <cluster|tape|disk|ipsec|hash-import|dha|iscsi|dcs|nfs|cifs>

system license list

Purpose: List all licenses

Usage: system license list

system license remove

Purpose: Remove specified license

Usage: system license remove <license>

Parameters:

<license> Appliance feature license

15.8 system log commands

system log list Query Appliance internal system logsystem log note + Allows a administrator to annotate the system logsystem log resetconf Reset log configuration to factory defaultssystem log restart Restart syslog daemonsystem log verify + Verify a signed log message



system log list

Purpose: Query Appliance internal system log

Usage: system log list [-b, --begin <begin>] [-i, --interval <interval>] [-n, --limit <limit>] [-o, --offset <offset>] [-p, --priority <priority>] [-t, --type <type>]

Options:

-b, --begin <begin> Message datetime >= <begin datetime> where datetime is local time (not UTC): 'YYYY-MM-DD [hh:mm:ss]' or 'now'

-i, --interval <interval> Messages within the begin datetime and this interval (in sec) (negative implies backward in time)

-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-o, --offset <offset> Query offset: negative=>step backward-p, --priority <priority> Message priority <= <priority>: 0 (highest) to 7-t, --type <type> Message type == <type>: <SEC|OPR|PRF|ADT>

system log note

Purpose: Allows a administrator to annotate the system log

Usage: system log note <type> <level> <mesg>

Parameters:

<type> <SEC|OPR|PRF|ADT><level> Message level: 0 (highest) to 7<mesg> Administrative note to add to system log



system log resetconf

Purpose: Reset log configuration to factory defaults

Usage: system log resetconf

system log restart

Purpose: Restart syslog daemon

Usage: system log restart

system log verify

Purpose: Verify a signed log message

Usage: system log verify <mesg>

Parameters:

<mesg> Log message to be verified mesg-text [meta-data signature]

15.9 system property commands

system property get Display an Appliance system propertysystem property globalize + Globalize an Appliance system propertysystem property secureset + Set an Appliance system property using an interactive

promptsystem property set Set or delete an Appliance system property



system property get

Purpose: Display an Appliance system property

Usage: system property get [-d, --detail] [-n, --limit <limit>] [-k, --name <name>] [-o, --offset <offset>] [-r, --role <role>] [-v, --value <value>]

Options:

-d, --detail Show more detail-n, --limit <limit> Query limit: zero=>no limit, negative=>backward range-k, --name <name> Query properties by name-o, --offset <offset> Query offset: negative=>step backward-r, --role <role> Evaluate permissions for specified role-v, --value <value> Query properties by value

system property globalize

Purpose: Globalize an Appliance system property

Usage: system property globalize <name> <boolean>

Parameters:

<name> Property name<boolean> Globalize? <on|off>

system property secureset

Purpose: Set an Appliance system property using an interactive prompt

Usage: system property secureset [-g, --global] [-i, --insert] [-v, --value <value>] <name>

Parameters:

<name> Property name

Options:

-g, --global Globalize the property while setting it-i, --insert Insert again even if the property exists already.-v, --value <value> Property value



system property set

Purpose: Set or delete an Appliance system property

Usage: system property set [-g, --global]

Options:

-g, --global Globalize the property while setting it

15.10 system raid commands

system raid errors... Get the error counters of the raid diskssystem raid status Get the status of the raidsystem raid temperature Get the temperature of the raid disks

system raid status

Purpose: Get the status of the raid

Usage: system raid status

system raid temperatu re

Purpose: Get the temperature of the raid disks

Usage: system raid temperature

15.10.1 system raid errors commands

system raid errors nonmedium Non-medium error counters of the raid diskssystem raid errors read Read error counters of the raid diskssystem raid errors verify Verify error counters of the raid diskssystem raid errors write Write error counters of the raid disks



system raid errors nonmedium

Purpose: Non-medium error counters of the raid disks

Usage: system raid errors nonmedium

system raid errors read

Purpose: Read error counters of the raid disks

Usage: system raid errors read

system raid errors verify

Purpose: Verify error counters of the raid disks

Usage: system raid errors verify

system raid errors write

Purpose: Write error counters of the raid disks

Usage: system raid errors write

15.11 system tamper commands

system tamper reset Ignore tamper errors and continue workingsystem tamper status Report if the Appliance has been physically tampered with

system tamper reset

Purpose: Ignore tamper errors and continue working

Usage: system tamper reset [-c, --crypto-card <crypto-card>]

Options:




system tamper status

Purpose: Report if the Appliance has been physically tampered with

Usage: system tamper status [-c, --crypto-card <crypto-card>]

Options:


15.12 system timezone commands

system timezone get Get system timezonesystem timezone list List all recognized timezonessystem timezone set + Set system timezone

system timezone get

Purpose: Get system timezone

Usage: system timezone get

system timezone list

Purpose: List all recognized timezones

Usage: system timezone list

system timezone set

Purpose: Set system timezone

Usage: system timezone set <timezone>

Parameters:

<timezone> Timezone (e.g.,America/Los_Angeles)



15.13 system util commands

system util autosupport + Trigger an autosupport messagesystem util cat + Display the contents of a filesystem util df Display free space statistics for all filesystemssystem util echo + Write argument to the standard outputsystem util iostat Display statistics of various devicessystem util lcdmessages Display the LCD messagessystem util ls + Display a directory listingsystem util mbeventlog... Manipulate motherboard event logsystem util mibget Query MIB informationsystem util mibwalk Walk through MIB informationsystem util openfiles Display the number of open filessystem util ps Display a listing of running processessystem util stacklog Display Appliance stack trace logsystem util stacktest Test Appliance stack trace logsystem util techdump... Prepare reports for NetApp customer supportsystem util top Display a listing of the top CPU processessystem util trend... Trending information: chargeback or usage trendssystem util uptime Show how long the system has been running,and its load

averages for the last 1,5,and 15 minutessystem util vmstat Report virtual memory statistics

system util autosuppor t

Purpose: Trigger an autosupport message

Usage: system util autosupport <subject>

Parameters:

<subject> subject of the message

system util cat

Purpose: Display the contents of a file

Usage: system util cat <file>

Parameters:

<file> Currently valid choices for <file> include:



system util df

Purpose: Display free space statistics for all filesystems

Usage: system util df [-h] [-i] [-k] [-m]

Options:

-h Print sizes in human-readable format-i Include statistics on number of free inodes-k Use 1024-byte blocks-m Use 1048576-byte blocks

system util echo

Purpose: Write argument to the standard output

Usage: system util echo <string>

Parameters:

<string> any string

system util iostat

Purpose: Display statistics of various devices

Usage: system util iostat [-c, --count <count>] [-w, --wait <wait>]

Options:

-c, --count <count> Total number of samples to display (default 10)-w, --wait <wait> Time interval between samples (default 1 sec)



system util lcdmessages

Purpose: Display the LCD messages

Usage: system util lcdmessages

system util ls

Purpose: Display a directory listing

Usage: system util ls <directory>

Parameters:

<directory> Currently valid choices for <directory> include:



system util mibget

Purpose: Query MIB information

Usage: system util mibget

system util mibwalk

Purpose: Walk through MIB information

Usage: system util mibwalk

system util openfiles

Purpose: Display the number of open files

Usage: system util openfiles

system util ps

Purpose: Display a listing of running processes

Usage: system util ps [-a] [-c] [-j] [-l] [-m] [-r] [-u] [-v] [-x]

Options:

-a Display information about other users' processes as well as your own

-c Change the ``command'' column output to just contain the executable name

-j Print information associated with the following keywords: user

-l Display information associated with the following keywords: uid

-m Sort by memory usage-r Sort by current cpu usage-u Display information associated with the following

keywords: user-v Display information associated with the following

keywords: pid-x Display information about processes without controlling

terminals



system util stacklog

Purpose: Display Appliance stack trace log

Usage: system util stacklog

system util stacktest

Purpose: Test Appliance stack trace log

Usage: system util stacktest

system util top

Purpose: Display a listing of the top CPU processes

Usage: system util top

system util uptime

Purpose: Show how long the system has been running,and its load averages for the last 1,5,and 15 minutes

Usage: system util uptime

system util vmstat

Purpose: Report virtual memory statistics

Usage: system util vmstat [-c <>] [-i] [-m] [-n <>] [-p <>] [-s] [-z]

Options:

-c <> Repeat the display count times (max = 255)-i Report on the number of interrupts taken by each device

since system startup-m Report on the usage of kernel dynamic memory listed first

by size of allocation and then by type of usage-n <> Change the maximum number of disks to display from the

default of 2-p <> Specify which types of devices to display-s Display the contents of the sum structure-z Report on memory used by the kernel zone allocator



15.13.1 system util mbeventlog commands

system util mbeventlog list Display motherboard event logssystem util mbeventlog remove Purge motherboard event logs

system util mbeventlo g list

Purpose: Display motherboard event logs

Usage: system util mbeventlog list

system util mbeventlo g remove

Purpose: Purge motherboard event logs

Usage: system util mbeventlog remove

15.13.2 system util techdump commands

system util techdump domain Prepare a report about the domains in the Appliance's configuration database

system util techdump os Prepare a report about the Appliance operating systemsystem util techdump server Prepare a report about the servers in the Appliance's

configuration databasesystem util techdump user Prepare a report about the users in the Appliance's

configuration database

system util techdump domain

Purpose: Prepare a report about the domains in the Appliance's configuration database

Usage: system util techdump domain [--all] [--name <name>] [--password <password>] [--server <server>] [--username <username>]

Options:

--all Dump information for all domains--name <name> Dump information for specified domain--password <password> Password of access user--server <server> Server/Domain Controller - this option ignored if domain

already in database--username <username> Access user - needed if domain is not in database



system util techdump os

Purpose: Prepare a report about the Appliance operating system

Usage: system util techdump os

system util techdump server

Purpose: Prepare a report about the servers in the Appliance's configuration database

Usage: system util techdump server [--all] [--name <name>]

Options:

--all Dump information for all servers--name <name> Dump information for specified server (takes real name)

system util techdump user

Purpose: Prepare a report about the users in the Appliance's configuration database

Usage: system util techdump user [--domain <domain>] [--name <name>]

Options:

--domain <domain> Dump information for users in the specified domain--name <name> username@domain

15.13.3 system util trend commands

system util trend disable Disable the trendssystem util trend enable Enable the trendssystem util trend list Display a list of current trending information, if no counter

name is specified then a list of counters is displayedsystem util trend status Status trending process



system util trend disable

Purpose: Disable the trends

Usage: system util trend disable

system util trend enable

Purpose: Enable the trends

Usage: system util trend enable [-s, --sample_rate <sample_rate>]

Options:

-s, --sample_rate <sample_rate> The given sample rate the trends should be sampled at(in seconds). Must be between 5 and 86400 (one day).

system util trend list

Purpose: Display a list of current trending information, if no counter name is specified then a list of counters is displayed

Usage: system util trend list [-b, --board_num <board_num>] [-c, --counter_name <counter_name>] [-n, --num_samples <num_samples>]

Options:

-b, --board_num <board_num> The board number that is to be displayed-c, --counter_name <counter_name> The counter name that is to be displayed, or the keyword

ALL to display all counters.-n, --num_samples <num_samples> An integer to specify that the number of samples that

should be displayed

system util trend status

Purpose: Status trending process

Usage: system util trend status [-b, --get_interval_rate]

Options:

-b, --get_interval_rate Option to get the number of available bins



15.14 system wizard commands

system wizard admin add Add a new full admin for the appliancesystem wizard agreement Get commands to sign the appliance license agreementsystem wizard cluster... Get commands to run cluster setupsystem wizard crypto... Get commands to run crypto mini-wizardssystem wizard datetime set Set the date, time and timezonesystem wizard finalize Get commands to finish the appliance setupsystem wizard license add Add a new license for a featuresystem wizard lkm configure Nothing needs to be done yetsystem wizard nas configure Configure Appliance serverside settingssystem wizard network... Get commands to manage network settingssystem wizard next Get the next action for the wizard to performsystem wizard prev Revert back to the previous page of the wizardsystem wizard restoredb Get commands to load a existing configuration DB into the

appliancesystem wizard san configure Configure Appliance WWNs and other settingssystem wizard status Get the status of the last wizard that was run

system wizard admin add

Purpose: Add a new full admin for the appliance

Usage: system wizard admin add [--wiztype <wiztype>]

Options:

--wiztype <wiztype> Wizard type



system wizard agreement

Purpose: Get commands to sign the appliance license agreement

Usage: system wizard agreement

system wizard datetime set

Purpose: Set the date, time and timezone

Usage: system wizard datetime set

system wizard finalize

Purpose: Get commands to finish the appliance setup

Usage: system wizard finalize

system wizard license add

Purpose: Add a new license for a feature

Usage: system wizard license add

system wizard lkm configure

Purpose: Nothing needs to be done yet

Usage: system wizard lkm configure

system wizard nas configure

Purpose: Configure Appliance serverside settings

Usage: system wizard nas configure

system wizard next

Purpose: Get the next action for the wizard to perform

Usage: system wizard next



system wizard prev

Purpose: Revert back to the previous page of the wizard

Usage: system wizard prev

system wizard restoredb

Purpose: Get commands to load a existing configuration DB into the appliance

Usage: system wizard restoredb

system wizard san configure

Purpose: Configure Appliance WWNs and other settings

Usage: system wizard san configure

system wizard status

Purpose: Get the status of the last wizard that was run

Usage: system wizard status

15.14.1 system wizard cluster commands

system wizard cluster enroll Enroll the new members into whitelists of cluster nodessystem wizard cluster introduce Introduce new members to an existing member and vice

versasystem wizard cluster join Get the new member to join the cluster after enrollmentsystem wizard cluster stabilize Wait to see if the cluster forms correctly



system wizard cluster enroll

Purpose: Enroll the new members into whitelists of cluster nodes

Usage: system wizard cluster enroll

system wizard cluster introduce

Purpose: Introduce new members to an existing member and vice versa

Usage: system wizard cluster introduce

system wizard cluster join

Purpose: Get the new member to join the cluster after enrollment

Usage: system wizard cluster join

system wizard cluster stabilize

Purpose: Wait to see if the cluster forms correctly

Usage: system wizard cluster stabilize

15.14.2 system wizard crypto commands

system wizard crypto backup Backup recovery material into secret sharessystem wizard crypto rcadd Get commands to introduce a new recovery card into the

systemsystem wizard crypto recover Recovery key material from secret sharessystem wizard crypto setup Get commands to setup trust between SEP and system

card and generate keyssystem wizard crypto tamperreset How to clear intrusion on this appliance



system wizard crypto backup

Purpose: Backup recovery material into secret shares

Usage: system wizard crypto backup

system wizard crypto rcadd

Purpose: Get commands to introduce a new recovery card into the system

Usage: system wizard crypto rcadd

system wizard crypto recover

Purpose: Recovery key material from secret shares

Usage: system wizard crypto recover

system wizard crypto setup

Purpose: Get commands to setup trust between SEP and system card and generate keys

Usage: system wizard crypto setup [--slave] [--wiztype <wiztype>]

Options:

--slave This crypto node is joining a cluster, generate only local keys

--wiztype <wiztype> Wizard type

system wizard crypto tamperreset

Purpose: How to clear intrusion on this appliance

Usage: system wizard crypto tamperreset

15.14.3 system wizard network commands

system wizard network certificate Manage the appliance SSL certificatessystem wizard network manage Manage the appliance network settings



system wizard network certificate

Purpose: Manage the appliance SSL certificates

Usage: system wizard network certificate

system wizard network manage

Purpose: Manage the appliance network settings

Usage: system wizard network manage



Alphabetical Index

active-role add........................................................................................................................................................................................46active-role list.........................................................................................................................................................................................46active-role remove.................................................................................................................................................................................46authorize....................................................................................................................................................................................................4challenge...................................................................................................................................................................................................5cli complete............................................................................................................................................................................................44cli cshelp disable....................................................................................................................................................................................45cli cshelp enable....................................................................................................................................................................................45cli cshelp find..........................................................................................................................................................................................45cli documentation..................................................................................................................................................................................44cli format.................................................................................................................................................................................................44cli pager...................................................................................................................................................................................................45cluster config ipsec dumpsad.............................................................................................................................................................76cluster config ipsec dumpspd.............................................................................................................................................................76cluster config ipsec flushsad...............................................................................................................................................................76cluster config ipsec restart..................................................................................................................................................................76cluster config ipsec secret...................................................................................................................................................................76cluster config member count..............................................................................................................................................................77cluster config member list...................................................................................................................................................................77cluster config member remove..........................................................................................................................................................77cluster config member rmall...............................................................................................................................................................78cluster config member set...................................................................................................................................................................78cluster config name..............................................................................................................................................................................74cluster config potentialmember add.................................................................................................................................................79cluster config potentialmember authenticate.................................................................................................................................79cluster config potentialmember commit..........................................................................................................................................80cluster config potentialmember getmaster.....................................................................................................................................80cluster config potentialmember list...................................................................................................................................................80cluster config potentialmember review............................................................................................................................................80cluster config potentialmember rmall...............................................................................................................................................81cluster config potentialmember set...................................................................................................................................................81cluster config potentialmember status.............................................................................................................................................81cluster config pull..................................................................................................................................................................................74cluster config remote list.....................................................................................................................................................................74cluster config route add.......................................................................................................................................................................82cluster config route heartbeat disable..............................................................................................................................................83cluster config route heartbeat enable...............................................................................................................................................83cluster config route list.........................................................................................................................................................................82cluster config route remove................................................................................................................................................................82cluster config route rmall.....................................................................................................................................................................82cluster config set-local..........................................................................................................................................................................75cluster disable........................................................................................................................................................................................72cluster enable.........................................................................................................................................................................................72cluster rexec...........................................................................................................................................................................................73cluster rsh................................................................................................................................................................................................73cluster state............................................................................................................................................................................................73cluster status..........................................................................................................................................................................................73db begin...................................................................................................................................................................................................84



db commit...............................................................................................................................................................................................85db connect..............................................................................................................................................................................................85db export.................................................................................................................................................................................................85db import.................................................................................................................................................................................................86db index list.............................................................................................................................................................................................88db index test...........................................................................................................................................................................................88db record.................................................................................................................................................................................................86db recover...............................................................................................................................................................................................86db rollback..............................................................................................................................................................................................87db save....................................................................................................................................................................................................87db select..................................................................................................................................................................................................87db size......................................................................................................................................................................................................87db status..................................................................................................................................................................................................87db trx kill..................................................................................................................................................................................................88db trx list..................................................................................................................................................................................................89db xlog list...............................................................................................................................................................................................89db xlog test.............................................................................................................................................................................................89db3 restart.................................................................................................................................................................................................7db3 techdump..........................................................................................................................................................................................7db3 zeroize................................................................................................................................................................................................7domain add.............................................................................................................................................................................................48domain controller discover..................................................................................................................................................................48domain group list...................................................................................................................................................................................49domain hash import..............................................................................................................................................................................49domain list..............................................................................................................................................................................................49domain migrate.....................................................................................................................................................................................50domain remove......................................................................................................................................................................................50domain set..............................................................................................................................................................................................51domain user list.....................................................................................................................................................................................51domain validate.....................................................................................................................................................................................52group add................................................................................................................................................................................................53group domain discover.........................................................................................................................................................................53group group list......................................................................................................................................................................................55group group parentlist..........................................................................................................................................................................56group list..................................................................................................................................................................................................54group remove.........................................................................................................................................................................................54group review...........................................................................................................................................................................................54group role grant.....................................................................................................................................................................................56group role revoke..................................................................................................................................................................................57help.............................................................................................................................................................................................................5keyman cryptainerkeys generate.......................................................................................................................................................40keyman cryptainerkeys list..................................................................................................................................................................40keyman cryptainerkeys rename.........................................................................................................................................................40keyman domainkeys list......................................................................................................................................................................38keyman expirekeys...............................................................................................................................................................................38keyman lkmkeys backup.....................................................................................................................................................................41keyman lkmkeys import......................................................................................................................................................................41keyman lkmkeys list.............................................................................................................................................................................42keyman masterkeys..............................................................................................................................................................................39keyman purgekeys accelerate............................................................................................................................................................43keyman purgekeys start.......................................................................................................................................................................43keyman purgekeys status....................................................................................................................................................................43keyman purgekeys stop.......................................................................................................................................................................43



keyman set.............................................................................................................................................................................................39lkm db copy............................................................................................................................................................................................19lkm db export.........................................................................................................................................................................................19lkm db list...............................................................................................................................................................................................19lkm db remove.......................................................................................................................................................................................19lkm disk usage.......................................................................................................................................................................................17lkm doc....................................................................................................................................................................................................17lkm key add............................................................................................................................................................................................21lkm key attribute add...........................................................................................................................................................................24lkm key attribute list.............................................................................................................................................................................24lkm key delete........................................................................................................................................................................................21lkm key export.......................................................................................................................................................................................21lkm key import.......................................................................................................................................................................................21lkm key journal list................................................................................................................................................................................24lkm key journal state............................................................................................................................................................................25lkm key journal status..........................................................................................................................................................................25lkm key journal zeroize........................................................................................................................................................................25lkm key list..............................................................................................................................................................................................22lkm key resync.......................................................................................................................................................................................22lkm key sharing group list...................................................................................................................................................................22lkm key statistics...................................................................................................................................................................................23lkm key update......................................................................................................................................................................................23lkm key verify.........................................................................................................................................................................................23lkm key whitelist list.............................................................................................................................................................................23lkm openkey client list..........................................................................................................................................................................26lkm openkey enroll list.........................................................................................................................................................................27lkm openkey enroll pending accept...................................................................................................................................................28lkm openkey enroll pending certificate get......................................................................................................................................28lkm openkey enroll pending list..........................................................................................................................................................28lkm openkey enroll pending reject.....................................................................................................................................................29lkm openkey enroll set.........................................................................................................................................................................27lkm openkey license list.......................................................................................................................................................................26lkm restart..............................................................................................................................................................................................17lkm server add.......................................................................................................................................................................................29lkm server certificate get.....................................................................................................................................................................31lkm server certificate set.....................................................................................................................................................................31lkm server list.........................................................................................................................................................................................30lkm server remove................................................................................................................................................................................30lkm server set.........................................................................................................................................................................................30lkm state info.........................................................................................................................................................................................17lkm status...............................................................................................................................................................................................17lkm test...................................................................................................................................................................................................18lkm zeroize..............................................................................................................................................................................................18net apply..................................................................................................................................................................................................32net connection list.................................................................................................................................................................................32net interface get....................................................................................................................................................................................32net status................................................................................................................................................................................................33net util arp...............................................................................................................................................................................................33net util host.............................................................................................................................................................................................33net util ifconfig.......................................................................................................................................................................................34net util ipsecstats..................................................................................................................................................................................35net util netstat........................................................................................................................................................................................35net util ping.............................................................................................................................................................................................36



net util tcpdump delete........................................................................................................................................................................36net util tcpdump start...........................................................................................................................................................................37net util tcpdump status........................................................................................................................................................................37net util tcpdump stop............................................................................................................................................................................37password....................................................................................................................................................................................................5quit..............................................................................................................................................................................................................6role list.....................................................................................................................................................................................................58role path list............................................................................................................................................................................................59system agreement sign........................................................................................................................................................................95system agreement view.......................................................................................................................................................................95system allproperties globalize............................................................................................................................................................91system banner postlogin add..............................................................................................................................................................96system banner postlogin get...............................................................................................................................................................96system banner postlogin set...............................................................................................................................................................96system banner prelogin add................................................................................................................................................................97system banner prelogin get.................................................................................................................................................................97system banner prelogin set.................................................................................................................................................................97system certificate get...........................................................................................................................................................................98system certificate getcert....................................................................................................................................................................98system certificate request generate...............................................................................................................................................100system certificate request get..........................................................................................................................................................100system certificate set............................................................................................................................................................................98system certificate sign..........................................................................................................................................................................99system check..........................................................................................................................................................................................91system crypto approve clear.............................................................................................................................................................103system crypto approve message.....................................................................................................................................................104system crypto approve nonce...........................................................................................................................................................104system crypto approve status...........................................................................................................................................................104system crypto authenticate...............................................................................................................................................................101system crypto channel challenge.....................................................................................................................................................104system crypto channel response......................................................................................................................................................105system crypto ignitionkey change...................................................................................................................................................105system crypto ignitionkey ring..........................................................................................................................................................105system crypto interrupts....................................................................................................................................................................101system crypto level.............................................................................................................................................................................101system crypto manager.....................................................................................................................................................................102system crypto masterkey create......................................................................................................................................................106system crypto masterkey load.........................................................................................................................................................106system crypto numSEPs....................................................................................................................................................................102system crypto protected clearSSL...................................................................................................................................................106system crypto protected loadSSL....................................................................................................................................................106system crypto protected saveSSL....................................................................................................................................................107system crypto proxy............................................................................................................................................................................102system crypto rc add..........................................................................................................................................................................107system crypto rc check......................................................................................................................................................................108system crypto rc delete......................................................................................................................................................................108system crypto rc list............................................................................................................................................................................108system crypto rc restore....................................................................................................................................................................109system crypto rc sync.........................................................................................................................................................................109system crypto rip export....................................................................................................................................................................109system crypto rip getcombination...................................................................................................................................................110system crypto rip getshare................................................................................................................................................................110system crypto rip import....................................................................................................................................................................110



system crypto rip loadshare..............................................................................................................................................................110system crypto rip rclist.......................................................................................................................................................................111system crypto rip status.....................................................................................................................................................................111system crypto scstatus.......................................................................................................................................................................103system crypto secretshare authorizeDrtkn....................................................................................................................................112system crypto secretshare getclustertoken...................................................................................................................................112system crypto secretshare getcombination...................................................................................................................................112system crypto secretshare getshare...............................................................................................................................................112system crypto secretshare loadshare.............................................................................................................................................113system crypto secretshare recoverykey.........................................................................................................................................113system crypto secretshare scheme.................................................................................................................................................113system crypto start.............................................................................................................................................................................103system crypto test...............................................................................................................................................................................103system crypto whitelist add..............................................................................................................................................................114system crypto whitelist lock..............................................................................................................................................................114system crypto whitelist query...........................................................................................................................................................114system crypto whitelist remove........................................................................................................................................................114system date get...................................................................................................................................................................................115system date set...................................................................................................................................................................................115system finalize.......................................................................................................................................................................................91system httpd getstatus......................................................................................................................................................................116system httpd restart...........................................................................................................................................................................116system httpd setjobtype....................................................................................................................................................................116system httpd setstatus.......................................................................................................................................................................116system license add.............................................................................................................................................................................117system license check.........................................................................................................................................................................117system license list...............................................................................................................................................................................117system license remove......................................................................................................................................................................117system log list......................................................................................................................................................................................118system log note...................................................................................................................................................................................118system log resetconf..........................................................................................................................................................................119system log restart...............................................................................................................................................................................119system log verify.................................................................................................................................................................................119system lproperty get.............................................................................................................................................................................91system ntpd restart...............................................................................................................................................................................92system property get............................................................................................................................................................................120system property globalize.................................................................................................................................................................120system property secureset................................................................................................................................................................120system property set............................................................................................................................................................................121system raid errors nonmedium........................................................................................................................................................122system raid errors read......................................................................................................................................................................122system raid errors verify....................................................................................................................................................................122system raid errors write.....................................................................................................................................................................122system raid status...............................................................................................................................................................................121system raid temperature...................................................................................................................................................................121system reboot........................................................................................................................................................................................92system revert..........................................................................................................................................................................................92system selftest.......................................................................................................................................................................................92system sensors......................................................................................................................................................................................93system serial..........................................................................................................................................................................................93system shutdown...................................................................................................................................................................................93system snmp restart.............................................................................................................................................................................93system sshd restart...............................................................................................................................................................................93



system tamper reset..........................................................................................................................................................................122system tamper status........................................................................................................................................................................123system timers list..................................................................................................................................................................................93system timezone get..........................................................................................................................................................................123system timezone list...........................................................................................................................................................................123system timezone set..........................................................................................................................................................................123system upgrade.....................................................................................................................................................................................93system util autosupport.....................................................................................................................................................................124system util cat.....................................................................................................................................................................................124system util df.......................................................................................................................................................................................125system util echo..................................................................................................................................................................................125system util iostat.................................................................................................................................................................................125system util lcdmessages...................................................................................................................................................................126system util ls........................................................................................................................................................................................126system util mbeventlog list...............................................................................................................................................................129system util mbeventlog remove.......................................................................................................................................................129system util mibget..............................................................................................................................................................................127system util mibwalk............................................................................................................................................................................127system util openfiles...........................................................................................................................................................................127system util ps.......................................................................................................................................................................................127system util stacklog............................................................................................................................................................................128system util stacktest..........................................................................................................................................................................128system util techdump domain..........................................................................................................................................................129system util techdump os...................................................................................................................................................................130system util techdump server............................................................................................................................................................130system util techdump user................................................................................................................................................................130system util top.....................................................................................................................................................................................128system util trend disable...................................................................................................................................................................131system util trend enable....................................................................................................................................................................131system util trend list...........................................................................................................................................................................131system util trend status.....................................................................................................................................................................131system util uptime..............................................................................................................................................................................128system util vmstat..............................................................................................................................................................................128system version.......................................................................................................................................................................................94system wizard admin add..................................................................................................................................................................132system wizard agreement.................................................................................................................................................................133system wizard cluster enroll.............................................................................................................................................................135system wizard cluster introduce.......................................................................................................................................................135system wizard cluster join.................................................................................................................................................................135system wizard cluster stabilize.........................................................................................................................................................135system wizard crypto backup...........................................................................................................................................................136system wizard crypto rcadd..............................................................................................................................................................136system wizard crypto recover...........................................................................................................................................................136system wizard crypto setup...............................................................................................................................................................136system wizard crypto tamperreset..................................................................................................................................................136system wizard datetime set..............................................................................................................................................................133system wizard finalize........................................................................................................................................................................133system wizard license add................................................................................................................................................................133system wizard lkm configure............................................................................................................................................................133system wizard nas configure............................................................................................................................................................133system wizard network certificate...................................................................................................................................................137system wizard network manage......................................................................................................................................................137system wizard next.............................................................................................................................................................................133



system wizard prev.............................................................................................................................................................................134system wizard restoredb....................................................................................................................................................................134system wizard san configure............................................................................................................................................................134system wizard status..........................................................................................................................................................................134system zeroize........................................................................................................................................................................................94trustee delete............................................................................................................................................................................................8trustee keys export..................................................................................................................................................................................9trustee keys import..................................................................................................................................................................................9trustee linkkey delete...........................................................................................................................................................................10trustee linkkey list.................................................................................................................................................................................10trustee linkkey map..............................................................................................................................................................................10trustee linkkeysharing disable............................................................................................................................................................11trustee linkkeysharing enable.............................................................................................................................................................11trustee list..................................................................................................................................................................................................8trustee peer delete................................................................................................................................................................................11trustee peer list......................................................................................................................................................................................12trustee unapproved approve...............................................................................................................................................................12trustee unapproved create..................................................................................................................................................................13trustee unapproved delete...................................................................................................................................................................13trustee unapproved list.........................................................................................................................................................................13trustee unapproved receive.................................................................................................................................................................14trustee unapproved review..................................................................................................................................................................14trustee unapproved rmall....................................................................................................................................................................15trustee unapproved send.....................................................................................................................................................................15user add...................................................................................................................................................................................................60user cifs password nullify.....................................................................................................................................................................64user cifs password verify......................................................................................................................................................................64user cifs sid.............................................................................................................................................................................................63user cifs validate....................................................................................................................................................................................63user comers cancel...............................................................................................................................................................................65user comers confirm.............................................................................................................................................................................66user group grant....................................................................................................................................................................................67user group list.........................................................................................................................................................................................67user group parentlist.............................................................................................................................................................................68user group revoke..................................................................................................................................................................................68user home list.........................................................................................................................................................................................69user home remove................................................................................................................................................................................69user home set........................................................................................................................................................................................69user list....................................................................................................................................................................................................61user remove............................................................................................................................................................................................61user role grant........................................................................................................................................................................................70user role list............................................................................................................................................................................................71user role revoke.....................................................................................................................................................................................71user set....................................................................................................................................................................................................62user token dump...................................................................................................................................................................................62who.............................................................................................................................................................................................................6whoami......................................................................................................................................................................................................6


command , netapp

Documents