The Command Line Interface (CLI) provides users with administrative rights access to set these values through the command line. You can use the CLI to modify configuration options, including the required security checks that allow the configuration options to be changed.
Some CLI options require special arguments listed as words in capital letters in the option summary of the command. Descriptions of the format of these arguments are in the following table:
Table 1 CLI arguments Argument type | Description |
---|
DIR | A path to a directory where the HP SMH service has write access. | FILE | A path to a file. | GROUPLIST | A list of group names separated by semicolons. | IPBINDLIST | A list of IPv6 addresses and/or IPv4 address/netmask pairs separated by semicolons. | IPLIST | A list of IP addresses separated by semicolons. | NUM | A numeric value with a range that depends on the option being set. | NAMELIST | A list of host names and IP addresses separated by semicolons. | XENAMELIST | A list of trusted server host names. |
Anonymous AccessAnonymous access allows anonymous users to access unsecured pages, including local anonymous access. The following command enables or disables the anonymous access setting:
smhconfig -a|--anonymous-access [=] True | False
Local AccessThe local access command sets the local access privilege to anonymous or administrator, applying the specified access to the local system. If local access is selected, a user with access to the local console is granted anonymous or administrator access without being challenged for a username and password. The following command enables or disables local access:
smhconfig -L|--localaccess-enabled [=] True | False
The following command configures the local user privileges:
smhconfig -l|--local-access [=] administrator | anonymous
IP Restricted LoginsIP addresses can be explicitly permitted or restricted based on user type. If an IP address is explicitly restricted, it is restricted even if it is explicitly permitted. If there are IP addresses in the permitted list, only those IP addresses are allowed login access. If there are no IP addresses in the permitted list, login access is granted to any IP address not in the restricted list. The following command enables or disables IP restricted login:
smhconfig -P|--ip-restricted-login [=] True | False
IP Address Inclusion. Perform the IP address permitted command as follows:
smhconfig -i|--ip-restricted-include [=] IPLIST
The following is an example of how IPLIST is formatted:
122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128
IP Address Exclusion. Perform the IP address restricted command as follows:
smhconfig -e|--ip-restricted-exclude [=] IPLIST
The following is an example of how IPLIST is formatted:
122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128
IP BindingIP binding provides HP SMH the ability to listen only to the addresses configured in the IP binding list. If IP binding is enabled and the IP binding list is empty, HP SMH will only be accessible locally. Perform the IP binding command as follows:
smhconfig -g|--ip-binding [=] True | False
IP binding list. Use the following command to configure the IP binding list to be used when IP binding is enabled.
smhconfig -I|--ip-binding-list [=] IPBINDLIST
IPBINDLIST must be a list of semicolon-separated IP addresses and/or IP address/netmask pairs. The following is an example of how IPBINDLIST is formatted:
122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128
Trust ModesThe HP SMH trusts Systems Insight Manager (HP SIM) or Insight Manager 7 (IM 7) secure task execution requests and single sign on requests with various levels of security, ranging from trust all to only trust HP SIM or Insight Manager 7 with trusted certificates: Trust All. This command sets up the http server to accept all secure task execution requests and single sign on requests from any HP SIM or Insight Manager 7 server:
smhconfig -t|--trust-mode [=] TrustByAll
Trust By Name. This command sets up the HP SMH to only accept secure task execution requests and single sign on requests from the listed HP SIM or Insight Manager 7 servers:
smhconfig -t|--trust-mode [=] TrustByName
To configure the trusted servers name list for the TrustByName trust mode, use the following command:
smhconfig -X|--xe-name-list [=] XENAMELIST
XENAMELIST is a list of the Systems Insight Manager or Insight Manager 7 servers that trust, using a comma or semicolon as a delimiter. The following is an example of the name list format:
server1,server2.domain1;server3,server4.domain2
Trusted Certificates. This command establishes the trust relationship between HP SIM or Insight Manager 7 and the HP SMH using the certificate. The trust mode is set to TrustByCert using the following command:
smhconfig -t|--trust-mode [=] TrustByCert
A trusted certificate is added to the trusted certificate list using the following command:
smhconfig -C|--trust-certificate [=] FILE
FILE is the name of the file containing the base 64 encoded certificate to be added to the trusted certificate list.
Restart serviceRestart the HP SMH on completion of applying the new configuration settings.
smhconfig -r|--restart
Reject Program Admin LoginReject or accept and HP Web-enabled System Management Software or VCA login request.
smhconfig -j|--reject-prog-admin-login [=] true|false
Win32DisableAcceptEXAcceptEX() is a Microsoft WinSock v2 API that provides performance improvements over the use of the BSD style accept() API in specific circumstances. Some popular Windows products, typically virus scanning or virtual private network packages, have bugs that interfere with the operation of AcceptEx(). If you encounter an error condition like:
[error] (730038) An operation was attempted on something that is not a socket:: winnt_accept: AcceptEx failed. Attempting to recover.
Use the following directive to disable the use of AcceptEx():
smhconfig -w|--win32-disable-acceptex [=] True | False
Disable SSL v2By default the HP SMH has SSL v2 disabled. Use the following switch to re-enable SSL v2:
smhconfig -s|--disable-sslv2 [=] True | False
Log RotationsLog files can become large and unmanageable. The following switch enables log files to rotate automatically when they reach 5M (default size). Either the log file is over-written on the next rotation when the option is off or a new file is created and the previous file is marked as old when the option is on.
smhconfig -A|--rotate-logs [=] 0 | 1 | 2
Where: 0= off, 1 or 2= on.
Rotate Log SizeLog files can become large and unmanageable. The following switch allows the user to set the size of the log files.
smhconfig -z|--rotate-log-size [=] size
Where size is a value in the range of 1-9MB.
Maximum Number of Threads AllowedThe Maximum Number of Threads Allowed value allows the user to increase or reduce the maximum number of threads HP SMH creates to handle page requests. The default is 64 for Windows.
smhconfig -M|--max-threads [=] max-number-of-threads
Where max-number-of-threads is a number in the range of 64-512.
Maximum Number of Threads Allowed is only available on Windows.
Maximum Number of SessionsBy default, HP SMH supports 128 user sessions. This number can be lowered to 32 or raised to 500 using the session-maximum setting.
smhconfig -S|--session-maximum [=] maximum-number-of-sessions
Session TimeoutThe default session timer is set to 15 minutes. The session timeout can be set as low as 1 minute or as high as 60 minutes.
smhconfig -U|--session-timeout [=] session-timeout-in-minutes
Log LevelBy default, the logging level of HP SMH error messages is set to error. When a log level is set, all events that are the same or superior to the configured log level are written to the log file. The log level option only affects the error_log file located under
SystemDrive:\hp\hpsmh\logs in Windows and under /var/spool/opt/hp/hpsmh/logs in Linux. The following values are available, in order of decreasing significance: Table 2 Log level Value | Description |
---|
emerg | Emergencies - system is unusable | alert | Action must be taken immediately | crit | Critical conditions | error | Error conditions | warn | Warning conditions | notice | Normal but significant condition | info | Informational | debug | Debug-level messages |
smhconfig -v|--log-level [=] logging-level
Port 2301Port 2301 determines whether HP SMH listens on port 2301. If the value is set to True, HP SMH listens on port 2301. If the value is set to False, HP SMH does not listen on port 2301. The default is to listen on port 2301.
smhconfig -T|--port2301 [=] True | False
Multihomed certificate alternative names listYou can set the name for the certificate through the multihomed option. It is important to restart the hpsmhd service when running smhconfig with multihomed values using a single command on the console (--restart option).
smhconfig -u|--multihomed [=] NAMELIST
smhconfig -u|--multihomed [=] NAMELIST
--restart
NAMELIST must be a semicolon-separated list of IP addresses and hostnames.
Custom UIEnabling custom UI enables you to customize the signin and header images as well as adding a small text in the signin page. See the HP SMH README.txt in the hpsmh/data/htdocs/custom_ui directory in the HP SMH install path.
smhconfig -c|--custom-ui [=] True | False
Httpd Error LogThe httpd error log option enables you to determine if it is possible to view the httpd error_log log file through the user interface.
smhconfig -p|--httpd-error-log [=] True | False
Icon ViewIcon view allows you to set the default view mode to show icons (True) like a desktop File Manager appearance or to show the traditional list (False) that displays items in boxes.
smhconfig -n|--iconview [=] True | False
Box OrderBox order defines the ordering method used to display the boxes. You can choose name, which places the boxes in alphabetical order, or you can choose status, which displays the boxes from the worst status (critical) to the best status (normal).
smhconfig -x|--box-order [=] Name | Status
Box Item OrderBox item order defines the ordering method used to display the items inside boxes. You can choose name, which places, boxes in alphabetical order, or you can choose status, which displays boxes from the worst status (critical) to the best status (normal).
smhconfig -b|--box-item-order [=] Name | Status
Kerberos AuthenticationTo enable or disable Kerberos authentication support, use the following command:
smhconfig -k|--Kerberos [=] True | False
Administrator Kerberos users. To configure Kerberos groups of users from a Kerberos domain with administrator privileges, use the following command:
smhconfig –m|--admin-kerberos [=] GROUPLIST
Note:
GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons. Operator Kerberos users. To configure Kerberos groups of users from a Kerberos domain with operator privileges, use the following command:
smhconfig –R|--operator-kerberos [=] GROUPLIST
Note:
GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons. User Kerberos users. To configure Kerberos groups of users from a Kerberos domain with user privileges, use the following command:
smhconfig –K|--user-kerberos [=] GROUPLIST
Note:
GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons.
User GroupsUser Groups are a set of policies to access and modify HP SMH functionalities. Only valid existing operating system groups can be added to the group list. To add groups into HP SMH user types, complete the following: Administrators. Users with Administrator access can view and set all information provided throughout the HP SMH. The default user group (Administrators for Microsoft operating systems and root for Linux) always has administrative access. Windows systems that are part of a domain can specify domain groups and local groups for any level of access.
smhconfig -d|--admin-group [=] [ groupList ]
Operators. Users with Operator access can view and set most information provided through the HP SMH. Some web applications limits access to the most critical information to administrators only.
smhconfig -E|--operator-group [=] [ groupList ]
Users. Users with User access can view most information provided through the HP SMH. Some web applications restricts viewing of critical information from individuals with User access.
smhconfig -G|--user-group [=] [ GROUPLIST ]
Where groupList is a single operating system group or a list of operating system group names separated by semicolons.
Help messageTo display a help message on the screen, use the following command:
smhconfig –h|--help
File Based Command Line InterfaceThe Command Line Interface (CLI) option enables a file with configuration parameters to be passed on the command line. The CLI parses the file and processs the arguments. The command to use a file for the input to the CLI is:
smhconfig -f configFile
Command Line Interface File Structure. The CLI file structure format includes the # character for comments, a bracketed key word indicating the parameter to be set, and the parameter value. An example of the CLI file structure format is as follows: # Characters placed after the # on a given line are not parsed. An example of a configuration file for smhconfig is as follows: # SMH configruation file for smhconfig
[anonymous-access]
false
[localaccess-enabled]
true
[localaccess-type]
administrator
[user-group]
users
Related Topic
|