Luna SA stores details of your appliance's configuration settings for various services. Use the sysconf config commands to access and manage those settings. A file named "factoryInit_local_host_Config.tar.gz" preserves the original factory settings for all the configurable appliance .
You can create a backup summary of the state of all those service parameters at any time with sysconf config backup -description <some_words_of comment>, and you can list all such files, complete with the description you provided for each one with sysconf config list.
At any time, you can reset all the configurable appliance parameters back to factory state with sysconf config factoryReset, which applies the settings from "factoryInit_local_host_Config.tar.gz". When you run that command, the system first takes a snapshot of your current settings, in case you later wish to revert back from original factory settings to the settings you had just beforesysconf config factoryReset was issued.
Thus the configuration settings file area will always contain the original factory file, and might additionally contain any number of intentionally created backups, and possibly one or more automatic backup files, similar to this example for a Luna SA appliance named "sa5":
[sa5] lunash:>sysconf config list
Configuration backup files in file system:
| Size | File Name | Description. |
|---|---|---|
| 16641 | | sa5_Config_20120222_0556.tar.gz | | testing-this |
| .7028 | | factoryInit_local_host_Config.tar.gz | | Initial Factory Settings |
| 16588 | | sa5_Config_20120222_0558.tar.gz | | Automatic Backup Before Restoring |
Command Result : 0 (Success)
[sa5] lunash:>sysconf config restore
If you wish, you can keep only the backup files that you find useful, and individually delete any others with sysconf config delete -file <filename>.
Optionally, you clear away all the files with sysconf config clear.
Either way, the file "factoryInit_local_host_Config.tar.gz" is not touched.
Note that the configuration backup file area is a special-purpose location. You will not see those files listed if you run the command my file list.
Example of Backing Up and Restoring
If we factoryReset the configuration parameters, a snapshot backup is created automatically, but for this example we will explicitly create a config backup file.
Create a backup of current appliance configuration parameters.
[sa5] lunash:>sysconf config backup -description testing-this backup feature
Created configuration backup file: sa5_Config_20120222_0556.tar.gz
Command Result : 0 (Success)
[sa5] lunash:>
Check the current state of a configuration parameter (users).
[sa5] lunash:>user list
| Users | Roles | Status | RADIUS |
|---|---|---|---|
| admin | admin | enabled | no |
| bob | monitor | enabled | no |
| john | admin | enabled | no |
| monitor | monitor | enabled | no |
| operator | operator | enabled | no |
Command Result : 0 (Success)
[sa5] lunash:>
Perform the factory reset of the chosen configuration parameter (users).
[sa5] lunash:>sysconf config factoryReset -service users
This command restores the initial factory configuration of service: users.
The HSM and Partition configurations are NOT included.
WARNING !! This command restores the configuration backup file: factoryInit_local_host_Config.tar.gz.
It first creates a backup of the current configuration before restoring: factoryInit_local_host_Config.tar.gz.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'.
> proceed
Proceeding...
Created configuration backup file: sa5_Config_20120222_0800.tar.gz
Restore the users configuration: Succeeded
You must reboot the appliance for the changes to take effect.
Please check the new configurations BEFORE rebooting or restarting the services.
You can restore the previous configurations if the new settings are not acceptable.
Command Result : 0 (Success)
[sa5] lunash:>sysconf appliance reboot
WARNING !! This command will reboot the appliance.
All clients will be disconnected.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'
> proceed
Proceeding...
'hsm supportInfo' successful.
Use 'scp' from a client machine to get file named:
supportInfo.txt
Broadcast message from root (pts/1) (Wed Feb 22 08:00:41 2012):
The system is going down for reboot NOW!
Reboot commencing
Command Result : 0 (Success)
[sa5] lunash:>
After the appliance returns from reboot, restart the SSH session and log in.
[sa5] lunash:>
login as: admin
admin@172.20.10.202's password:
Access denied
admin@172.20.10.202's password:
Last login: Wed Feb 22 05:44:39 2012 from 172.20.10.143
Luna SA 5.1.0-25 Command Line Shell - Copyright (c) 2001-2011 SafeNet, Inc. All rights reserved.
*****************************************************
** **
** For security purposes, you must change your **
** admin password. **
** **
** Please ensure you store your new admin **
** password in a secure location. **
** **
** DO NOT LOSE IT! **
** **
*****************************************************
Changing password for user admin.
You can now choose the new password.
A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes.
An upper case letter that begins the password and a digit that
ends it do not count towards the number of character classes used.
Enter new password:
Re-type new password:
passwd: all authentication tokens updated successfully.
Password change successful.
[sa5] lunash:>
The reset to factory appliance settings for the "users" parameter seems to have worked. Our "admin" password was reset to the default password "PASSWORD", and we had to apply a non-default password.
With that done, we can verify if additional aspects of the "user" parameters were also reset to factory spec.
[sa5] lunash:>user list
| Users | Roles | Status | RADIUS |
|---|---|---|---|
| admin | admin | enabled | no |
| monitor | monitor | enabled | no |
| operator | operator | enabled | no |
Command Result : 0 (Success)
[sa5] lunash:>
Notice that created users "bob" and "john" are gone, but the system-standard users "admin", "operator", and "monitor" persist. Both "operator" and "monitor" will have had their passwords reset to the default, as well.
sa5] lunash:>sysconf config list
Configuration backup files in file system:
| Size | File Name | Description. |
|---|---|---|
| 16641 | | sa5_Config_20120222_0556.tar.gz | | testing-this |
| .7028 | | factoryInit_local_host_Config.tar.gz | | Initial Factory Settings |
| 16588 | | sa5_Config_20120222_0558.tar.gz | | Automatic Backup Before Restoring |
Command Result : 0 (Success)
[sa5] lunash:>sysconf config restore
The list of configuration backup files is unchanged. We can choose one and restore it.
[sa5] lunash:>sysconf config restore -service users -file sa5_Config_20120222_0556.tar.gz
WARNING !! This command restores the configuration backup file: sa5_Config_20120222_0556.tar.gz.
It first creates a backup of the current configuration before restoring: sa5_Config_20120222_0556.tar.gz.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'.
> proceed
Proceeding...
Created configuration backup file: sa5_Config_20120222_0606.tar.gz
Restore the users configuration: Succeeded
You must reboot the appliance for the changes to take effect.
Please check the new configurations BEFORE rebooting or restarting the services.
You can restore the previous configurations if the new settings are not acceptable.
Command Result : 0 (Success)
[sa5] lunash:>
[sa5] lunash:>sysconf appliance reboot
WARNING !! This command will reboot the appliance.
All clients will be disconnected.
If you are sure that you wish to proceed, then type 'proceed', otherwise type 'quit'
> proceed
Proceeding...
'hsm supportInfo' successful.
Use 'scp' from a client machine to get file named:
supportInfo.txt
Broadcast message from root (pts/1) (Wed Feb 22 08:00:41 2012):
The system is going down for reboot NOW!
Reboot commencing
Command Result : 0 (Success)
[sa5] lunash:>
After rebooting again, we are able to log in with our original "admin" password.
Once again we check the list of users.
[sa5] lunash:>user list
| Users | Roles | Status | RADIUS |
|---|---|---|---|
| admin | admin | enabled | no |
| bob | monitor | enabled | no |
| john | admin | enabled | no |
| monitor | monitor | enabled | no |
| operator | operator | enabled | no |
We see that users "bob" and "john" have returned. We could also log in as "operator" and "monitor" and find that their chosen passwords have been restored.
Finally, ask for the list of system configuration backup files one more time.
sa5] lunash:>sysconf config list
Configuration backup files in file system:
| Size | File Name | Description. |
|---|---|---|
| 16641 | | sa5_Config_20120222_0556.tar.gz | | testing-this |
| .7028 | | factoryInit_local_host_Config.tar.gz | | Initial Factory Settings |
| 16588 | | sa5_Config_20120222_0558.tar.gz | | Automatic Backup Before Restoring |
| 16248 | | sa5_Config_20120222_0606.tar.gz | | Automatic Backup Before Restoring |
Command Result : 0 (Success)
[sa5] lunash:>sysconf config restore
We see that a new file was created (...0606.tar.gz...) before the restore operation, and the other files are intact.
Additional options
You can protect a configuration setup against the possibility of appliance failure by moving a backup snapshot file into your HSM. The command sysconf config export allows you to place the configuration backup file onto an HSM and sysconf config import allows you to retrieve the file from that HSM, back to the appliance file system. The export command gives you two target options: