vmsec Utility
The vmsec utility allows you to manage security aspects of CTE on the host. On Linux hosts, the vmsec
utility is located in:
/opt/vormetric/DataSecurityExpert/agent/vmd/bin/vmsec
vmsec Syntax
Syntax | Description |
---|---|
checkinstall |
Show vmd kernel status |
challenge |
Enter the dynamic host password |
vmdconfig |
Display the vmd configuration |
check_hwenc |
Display kernel configuration |
hwok |
Report status of hardware signature |
passwd [-p <password>] |
Enter the static host password |
version |
Display CTE version |
vmsec Examples
Display CTE Challenge String
To display a CTE password challenge string and enter the response string when the CipherTrust Manager is not network accessible, use the vmsec challenge
command. This command displays a challenge string that you can send to your key manager administrator, who will then send you back the correct response information.
For example:
vmsec challenge
Contact a Security Server administrator for a response.
Your host name is "Host120" Your challenge is: HPTQ-ZYLK
Response -> IHFY-W7WG-PDAO-QKKQ
Contact your key manager administrator and give them the challenge string. The administrator will give you the response string. Enter the response string in the Response field and press Enter. You have 15 minutes to enter the response string.
Tip
If you are using CipherTrust Manager, the ability to change the contact string will be added in a future release. For CipherTrust Manager, the contact string says "Contact your CM administrator".
Display CTE Status
This utility shows you if CTE is configured and running. If it is not running, you might need to start it manually. To display CTE status, use the vmsec checkinstall
command. For example:
vmsec checkinstall
The kernel component is installed and running.
Entering a Password
To enter the CTE static host password, use the vmsec passwd
command. For example:
vmsec passwd
Please enter password:
OK passwd
To enter CTE static host password on the command line so you can specify it in a batch script, specify the password using the -p option. For example:
vmsec passwd -p myPass123
OK passwd
Display Kernel Status
To display the kernel status, use the vmsec status command. For example:
vmsec status
FILE_FORMAT=2
FILE_GENERATED=08/27/2019 18:54:10
SA_QOS_STATUS=0
SA_HOST_CPU_UTIL=0
GP_1_Policy=27
GP_1_Dir=/gp
GP_1_lock=1
GP_1_type=1
GP_1_gtype=manual
GP_1_opt=gtype=2,policy=27,lock=1,type=1,dir=/gp/
GP_1_config_state=unguarded
GP_1_status=not guarded
GP_1_statuschk_tm=0-00-00 00:00:00
GP_1_config_op_retry_cnt=0
GP_1_config_op_attempt_tm=0-00-00 00:00:00
GP_1_flags=0
GP_1_reason=Inactive
GP_1_usage=free
TOTAL_GP=1
KEYS_AVAILABLE=TRUE
sdk_version=<Release.build-number>
sdk_builddate=2019-08-19 15:16:46 (PDT)
coreguard_locked=false
system_locked=false
logger_upload_url=https://thl602-2114.qa.com:8447/upload/logupload,https://thl602-2116.qa.com:8447/upload/logupload
logger_cert_dir=/opt/vormetric/DataSecurityExpert/agent/vmd/pem
hostname_for_logging=vmd
QOS_PAUSED=false
vmd_STRONG_ENTROPY=false
vmd_URL=https://thl602-2114.qa.com:8446
vmd_SRV_URLS=https://thl602-2114.qa.com:8446, https://thl602-2116.qa.com:8446
vmd_PRIMARY_URL=https://thl602-2114.qa.com:8446
vmd_SUPPORTS_F8P=TRUE
vmd_SUPPORTS_CR256=TRUE
vmd_RANDHP=TRUE
learn_mode=false
concise_logging=false
vmd_listening_port=7024
vmd_initialization_time=2019-07-25 12:07:14.514
vmd_last_server_update_time=2019-07-25 12:12:04.747 policy_name_27=aes256
policy_version_27=0
policy_keyvers_27=0
policy_type_27=ONLINE
policies=27
logger_suppression_VMD=SUPPRESS
logger_intervaltime_VMD=600
logger_repeat_max_VMD=5
logger_suppression_POL=SUPPRESS
logger_intervaltime_POL=600
logger_repeat_max_POL=5
CONFIG_SA_1=27
TOTAL_CONFIG_SA=1
SA_1_NAME=27
SA_1_ALIAS=aes256
SA_1_TYPE=0
SA_1_REF=1
SA_1_HIP_REG_TIME=0
SA_1_FLAGS=1
TOTAL_SA=1
TOTAL_AUTH=0
AUTHBIN_1=|authenticator|/usr/sbin/sshd B92A3D7EEF67B82230F7F76097D65159FCF5722A4154A249EFDC22C20F1B572C
AUTHBIN_2=|authenticator|/bin/login 4F210D1B83ACD79B006BCF7DB247ED002A45FC892C42720390BFA6AE21AEA8DC
TOTAL_AUTHBIN=2
Display CTE Build Information
To see the CTE build version, use the vmsec version
command. For example:
vmsec version
Version 6
7.2.0.128
2022-03-17 15:15:23 (PDT)
Copyright (c) 2009-2022, Thales. All rights reserved.
Display Contents of Conf files
To display the contents of the agent.conf
and .agent.conf.defaults
files, use the vmsec vmdconfig
command. For example:
vmsec vmdconfig
appender_syslogdest_Syslog_Appender_0=127.0.0.1
VMSDK_AGENT_CONFIG_FILE=/opt/vormetric/DataSecurityExpert/agent/vmd/etc/agent.conf
appender_layout_Syslog_Appender_0=Syslog_Layout
VMSDK_AGENT_VERSION=7.2.0.128
VMSDK_AGENT_BUILD_ID=28
PREV_URLS=https://srv.my.thales.com:8443
syslog_appender_myhost name=dev.my.thales.com
VMD_PORT=7024
...
...
appenders=Upload_Appender, File_Appender, Syslog_Appender_0
layouts=Upload_Layout, File_Layout, Syslog_Layout, Simple
CONNECT_TIMEOUT=180000
URL=https://srv.my.thales.com:8443
STRONG_ENTROPY=false