Summary

In this chapter, we presented common tasks performed by system administrators on a regular basis in the context of the Nokia Security Platform. It will be necessary for you to perform many if not all of these tasks throughout the duration of your NSP ownership.

Knowing how to properly shut down or reboot your Nokia is very important. If you don't shut down a Nokia system cleanly, you could boot up with a damaged file system, which will require a console connection so that you can run fsck to repair the file system. It's simple to reboot or halt your Nokia system properly through the Voyager Web interface.

Nokia packages are additional, optional software packages that run on IPSO, such as Check Point FireWall-1 or ISS RealSecure. A tool is available through Voyager to easily install, upgrade, or remove software packages. It is also easy to back out of new packages simply by toggling the package on or off; thus you can move from one package version to another in no time. If you don't like your latest upgrade to NG FP3, you can back down to NG FP2 without losing any configuration data.

IPSO images are the operating system kernel and binary files that run the system. Voyager provides an interface for installing, upgrading, and removing images for easy administration of the OS. If you prefer to install new images from the command line, use the newimage tool. Images are stored in the /image directory, and the current image is symlinked to the file /image/current. After making changes to the image parameters in Voyager, you need to reboot the NSP.

Another common sys admin task is to administer users and groups. Voyager provides you with a Web interface to manage your accounts on the system from any Web browser. You can change passwords, create new users and groups, and delete accounts through Voyager.

Maintaining network routes can be configured through Voyager as well. Using the Static Routes configuration screen, you can add or remove your default gateway or router and configure static route entries one by one or through an easy quick-add text box where you can enter multiple routes at one time.

Every administrator should plan on getting system backups and have recovery action plans in place in the event of a disaster. Even if you have a simple hardware failure, a backup can make a big difference if you need to rebuild from scratch on a new box. Since your Nokia will usually sit at key points in your network, it is an important box to back up. Voyager provides you with a Web interface for making backups of your system configuration, user home directories, log files, and package configuration. Using this interface, you can FTP the backup files off the Nokia or download them for a restore. Check Point NG FP1 and FP2 backup scripts are missing or corrupted, so if you have these packages, read the preceding section to find out how to back up these important software packages.

Every task covered in this chapter is very important, and system logging is no exception. Fortunately, Nokia's Network Voyager has an administration tool for configuring system logging; you can use this tool to enable remote logging, receive logs from the network, and enable an audit log of Voyager configuration changes. You can monitor system logs via the /var/log/messages file, which is available through the Voyager monitor area, under the System Logs heading.

The final topic we covered in this chapter was configuring cron. cron is used to schedule tasks for the system to run at specified times. Tasks could include running a custom written shell script to a system binary file. As long as the file is executable, the cron daemon will run the task. The /var/etc/crontab file holds the cron configuration, and it can be edited through Voyager's Job Scheduler link under the System Configuration heading. You can add or delete cron jobs through this interface, which is available in IPSO 3.5 and 3.6. Earlier IPSO releases would require that you manually edit the crontab file using the crontab –e command.