Cisco IDS Sensor Initialization
| [ LiB ] |
Basic sensor initialization involves a few steps. These steps include the initial setup command to configure the interfaces, hostname, IP address, and default gateways. After accomplishing these tasks , you are ready to create user accounts for the sensor. These steps are discussed in detail in the following subsections of this chapter.
Using the setup Command
Configuring basic sensor settings with the setup command is a simple process. The command issues a series of prompts that take you through the process of configuring the sensor. Here is a list of those prompts:
-
Hostname
-
IP address
-
Netmask
-
Default gateway
-
Telnet server
-
Web server port
Listing 6.3 shows the dialog the setup command uses while you enter the basic configuration settings. The text in bold indicates points where the sensor stops and requests a setting. As you can see, we have entered all the settings needed to complete the setup and save the configuration. Follow the listing slowly and perhaps even execute the command on your sensor to learn the flow of this sequence and to practice entering the settings.
Listing 6.3. Sample setup Command Dialog
sensor# setup --- System Configuration Dialog --- At any point you may enter a question mark '?' for help. User ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Current Configuration: networkParams ipAddress 10.1.9.201 netmask 255.255.255.0 defaultGateway 10.1.9.1 hostname sensor telnetOption enabled accessList ipAddress 10.0.0.0 netmask 255.0.0.0 exit timeParams summerTimeParams active-selection none exit exit service webServer general ports 443 exit exit Current time: Mon Dec 1 12:03:46 2003 Setup Configuration last modified: Mon Dec 1 12:01:11 2003 Continue with configuration dialog?[yes]: yes Enter host name[sensor]: sensor1 Enter IP address[10.1.9.201]: 10.1.9.201 Enter netmask[255.255.255.0]: 255.255.255.0 Enter default gateway[10.1.9.1]: 10.1.9.1 Enter telnet-server status[enabled]: enabled Enter web-server port[443]: 443 Modify current access list?[no]: no Modify system clock settings?[no]: no The following configuration was entered. networkParams ipAddress 10.1.9.201 defaultGateway 10.1.9.1 hostname sensor1 telnetOption enabled accessList ipAddress 10.0.0.0 netmask 255.0.0.0 exit timeParams summerTimeParams active-selection none exit exit service webServer general ports 443 exit exit [0] Go to the command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration and exit setup. Enter your selection[2]: 2 Configuration Saved.
Notice that the setup command first outputs the current configuration before you start entering the first value; this point occurs at the code line Continue with configuration dialog?[yes]: yes .
User Accounts
The IDS 4.0 supports several types of user accounts as explained in Chapter 5, "Cisco IDS Architecture and Communications Protocols." Once you finish the setup command, you are ready to create user accounts. For example, to create an administrator account, just use the username command at the sensor(config)# prompt.
In Listing 6.4, a user called danny is created as an administrator on the sensor. This code example also uses the show users all command to display all the accounts currently configured. Once you finish these steps, your sensor is ready for action.
Listing 6.4. Sample Administrator Account Creation
sensor# config terminal sensor(config)# username danny password 13579@$^*) privilege administrator sensor(config)# exit sensor# show user all CLI ID User Privilege * 1292 cisco administrator danny administrator
| [ LiB ] |
