• McAfee Web Gateway All Session Restart

     

    McAfee Web Gateway'de UI üzerindeki kullanıcı sessionlarını sonlandırmak ve yenilemek için aşağıdaki komutu shh komudunda çalıştırılır:

    cd ..

    cd \etc

    cd .\init.d\service mwg restart

     

     

  • McAfee Web Gateway UI Session Restart

    McAfee Web Gateway'de UI üzerindeki kullanıcı sessionlarını sonlandırmak ve yenilemek için aşağıdaki komutu shh komudunda çalıştırılır:

    cd ..

    cd \etc

    cd .\init.d\mwg-ui restart

  • Sophos UTM Command Line

     

    Speed Test:

    wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py

    chmod +x speedtest-cli

    ./speedtest-cli

     

    Clearing cache at Sophos Firewall:

    sync; echo 3 > /proc/sys/vm/drop_caches

     

    tcpdump -veni dst port 514

    tcpdump -veni any host X.X.X.X

     

    RED Client service restart: /var/mdw/scripts/red_client restart

    RED Server service restart: /var/mdw/scripts/red_server restart

     

    Sophos Log Servis restart: 

    /etc/init.d/syslogng restart

    /etc/init.d/ulogd restart

     

    Run Astaro HTTP proxy database localy

    1. ssh to ASG and login with loginuser

    2. su - root

    3. cc set http sc_local_db [disk][mem][none] (Choose what you prefer)

    4. /var/mdw/scripts/httpproxy restart

    Websurfing will be extremely slow until the database has downloaded and been put into place. The time is link speed dependent.

     

    View the link speed for the ASG's interfaces? 

    'ifstat'.

     

    Bandwidth usage - IFTOP

    Astaro also offers the command 'iftop' to see the live traffic and traffic statistics. 

    One can see the traffic live on an interface for Source Host, Destination Host, and Ports. 

    The peak and accumulative traffic is also displayed.

    Run 'iftop'

    Example:

    root # iftop -i eth1

     

    Host display:--------------------------General:

    n - toggle DNS host resolution------P - pause display

    s - toggle show source host---------h - toggle this help display

    d - toggle show destination host-----b - toggle bar graph display

    t - cycle line display mode-----------B - cycle bar graph average

    --------------------------------------- T - toggle cummulative line totals

    ---------------------------------------- Port display: j/k - scroll display

    N - toggle service resolution---------f - edit filter code

    S - toggle show source port----------l - set screen filter

    D - toggle show destination port-----L - lin/log scales

    p - toggle port display---------------- ! - shell command

    q – quit

    Sorting:

    1/2/3 - sort by 1st/2nd/3rd column

    < - sort by source name

    > - sort by dest name

    o - freeze current order

     

    Concurrent Connections:

    sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_establ ished=86400

     

    number of established connections:

    less /proc/net/ip_conntrack | grep ESTA | wc -l

    1907

     

    number of all connections:

    less /proc/net/ip_conntrack | wc -l

    3315

     

    number of connections with status WAIT (close_wait):

    less /proc/net/ip_conntrack | grep WAIT | wc –l

    39

     

    Saving Snapshots of TOP automatically every half hour

    create a cron job with,

    top -b -n 1 >>/tmp/top-report.txt

    An entry for each CPU core, and possibly another if the CPU(s) has hyperthreading:

    cat /proc/cpuinfo

     

    stopped and started again the HTTP proxy:

    "/var/mdw/scripts/httpproxy stop" and "/var/mdw/scripts/httpproxy start"

     

    Restarting MiddleWare:

    service mdw restart

    (from root)

    Warning: it doesn't cause a complete reboot, but it does cause an HA failover, interruption of any up/downloads and VoIP calls, etc. 

     

    HD

    Find what is taking the space type

    df –h

    df will only tell you how full the disk is.

    du will tell you what files/folders are using the most space

    I'd recommend:

    cd /var/storage

    du -sh *

    find the offending directories

     

    What kind of CPU

    "cat /proc/cpuinfo"?

     

    Determine if the disk is overloaded

    vmstat -d 5

    or

    vmstat -d | head -2 ; vmstat -d 5 | grep hda

    if hda is your hard disk; sda for scsi

    That should have similar output. 

    The '5' is 5 second updates.

    You'll have to look at the differences between the lines to figure out how many IO's you're getting in those 5 seconds, and whether you're saturating the disk or not.

     

    See detailed info about your eth:

    # ethtool eth1

    OR

    -mii-diag eth1

     

    webadmin passwd lost

    A user may use the following commands to reset the system passwords:

    cc

    RAW

    system_password_reset

    Ctrl c

     

    Upon saving the file and exiting, the admin may immediately navigate to WebAdmin and re-specify all passwords for the system accounts of Astaro Security Linux.

     

    DNS Flush cache option missing in V7

    the current workaround is to restart the DNS proxy from the command line as root with the following command:

    /var/mdw/scripts/named restart

     

    To change version number

    login as loginuser

    su -

    edit /etc/version

    save the file

    restart the ASG so the new version is displayed in Webadmin dashboard

     

    Change NIC order

    login as loginuser

    su -

    edit /etc/udev/rules.d/70-persistent-net.rules

    save the file

    restart the ASG so the new order is loaded.

     

    Locked out - How to regain all logins

    1) Shutdown the firewall and connect a screen and a keyboard to the firewall

    2) Power on the firewall, wait until the GRUB-loader starts and press ‘ESC’

    3) Select ‘Astaro Security Gateway 7.2’ (not previous or rescue!)

    4) Press ‘e’ to edit and select the 2nd entry

    5) Press ‘e’ once again and enter ‘init=/bin/bash’

    6) Press ‘ENTER’ and ‘b’ to boot up

    7) Now you are able to change the passwords for ‘loginuser’ and ‘root’

    8) After that press CTRL + ALT + DEL to reboot the system and wait until you get the login prompt

     

    Reset to factory settings

    Login the command-line as 'loginuser', afterwards as 'root' and enter following commands to restore to factory settings: 

    1. cc [Press ENTER]

    2. RAW [Press ENTER]

    3. system_factory_reset [Press ENTER]

     

    The system will automatically shutdown when it's finished.