Security

Hi,

 

Not exactly sure if this is the correct location for this question.....apologies if not.

 

I am trying to find information about accessing the CLI of our clearpass policy manager. I am fine to access it using the appadmin account both locally and also using ssh. How do I give other accounts permission to also access the CLI? The accounts we have set up using the http interface are 'Super Admins' however they do not have permission to login using CLI (locally or over SSH).

 

I have found in the documentation info about setting up CPPM for ssh access to other devices but not actually to the CPPM itself.

 

Any help or pointing to right direction appreciated.

 

the only access for the CLI is via the login "appadmin".  There is no ability to create other user accounts for the CLI.

So is it generally accepted that most/all config needs to be done in the http interface? As far as I can tell there would be no way to audit the CLI access if all admins need to use the same login credentials?

Yes - all config is done in the UI.  Since the CLI access doesn't show up in the UI (access tracker), there is no way to audit who logged in from a user perspective.  

You should rarely have to go into the CLI after initial configuration.

Hi.

I'm about to upgrade Hyper-V integration services on my CPPM installation.

How would I do that if I can't execute i.e. "mount /dev/cdrom /media"?

 

Thanks.

cappalli said rarely, not never.

 

personally im not a huge fan of the only the appadmin account and then also having the password being the cluster password. but it is what it is and it works well enough.