Manuals

Manuals
Setup and Administration: Dell OpenManage Server Administrator Version 5.3 User's Guide

Back to Contents Page

Setup and Administration

Dell™ OpenManage™ Server Administrator Version 5.3 User's Guide

  Security Management

  Assigning User Privileges

  Disabling Guest and Anonymous Accounts in Supported Windows Operating Systems

  Configuring the SNMP Agent

  Firewall Configuration on Systems Running Supported Red Hat Enterprise Linux Operating Systems


Security Management

Server Administrator provides security through role-based access control (RBAC), authentication, and encryption for both the Web-based and command line interfaces.

Role-Based Access Control

RBAC manages security by determining the operations that can be executed by persons in particular roles. Each user is assigned one or more roles, and each role is assigned one or more user privileges that are permitted to users in that role. With RBAC, security administration corresponds closely to an organization's structure.

User Privileges

Server Administrator grants different access rights based on the user's assigned group privileges. The three user levels are: User, Power User, and Administrator.

Users can view most information.

Power Users can set warning threshold values and configure which alert actions are to be taken when a warning or failure event occurs.

Administrators can configure and perform shutdown actions, configure Auto Recovery actions in case a system has a non-responsive operating system, and clear hardware, event, and command logs. Administrators can also configure the system to send e-mails.

Server Administrator grants read-only access to users logged in with User privileges, read and write access to users logged in with Power User privileges, and read, write, and administrator access to users logged in with Administrator privileges. See Table 3-1.

Table 3-1. User Privileges 

User Privileges

Access Type

 

Administrator

Write

Read

User

 

 

X

Power User

 

X

X

Administrator

X

X

X

Read access allows viewing of data reported by Server Administrator. Read access does not allow changing or setting values on the managed system.

Write access allows values to be changed or set on the managed system.

Administrator access also allows shutdown of the managed system.

Privilege Levels to Access Server Administrator Services

Table 3-2 summarizes which user levels have privileges to access and manage Server Administrator services.

Table 3-2. Server Administrator User Privilege Levels 

Service

User Privilege Level Required

 

View

Manage

Instrumentation

U, P, A

P, A

Remote Access

U, P, A

A

Storage Management

U, P, A

A

Table 3-3 defines the user privilege level abbreviations used in Table 3-2.

Table 3-3. Legend for Server Administrator User Privilege Levels 

U

User

P

Power User

A

Administrator

Authentication

The Server Administrator authentication scheme ensures that the correct access types are assigned to the correct user privileges. Additionally, when the command line interface (CLI) is invoked, the Server Administrator authentication scheme validates the context within which the current process is running. This authentication scheme ensures that all Server Administrator functions, whether accessed through the Server Administrator home page or CLI, are properly authenticated.

Microsoft Windows Authentication

For supported Microsoft® Windows® operating systems, Server Administrator authentication uses Integrated Windows Authentication (formerly called NTLM) to authenticate. This authentication system allows Server Administrator security to be incorporated in an overall security scheme for your network.

Red Hat Enterprise Linux and SUSE Linux Enterprise Server Authentication

For supported Red Hat® Enterprise Linux® and SUSE® Linux Enterprise Server operating systems, Server Administrator uses various authentication methods based on the Pluggable Authentication Modules (PAM) library. Users can log in to Server Administrator either locally or remotely using different account management protocols, such as LDAP, NIS, Kerberos, and Winbind.

NOTE: Server Administrator authentication using Winbind and Kerberos on SUSE Linux Enterprise Server (Version 9 Service Pack 3) is not supported because the 32-bit compatible libraries for Winbind and Kerberos are not present in the operating system.

Encryption

Server Administrator is accessed over a secure HTTPS connection using secure socket layer (SSL) technology to ensure and protect the identity of the system being managed. Java Secure Socket Extension (JSSE) is used by supported Microsoft Windows, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server operating systems to protect the user credentials and other sensitive data that is transmitted over the socket connection when a user accesses the Server Administrator home page.

Assigning User Privileges

To ensure critical system component security, assign user privileges to all Dell OpenManage software users before installing Dell OpenManage software. New users can log into Dell OpenManage software using their operating system user privileges.

NOTICE: To protect access to your critical system components, assign a password to every user account that can access Dell OpenManage software. Users without an assigned password cannot log into Dell OpenManage software on a system running Windows Server 2003 due to operating system design.
NOTICE: Disable guest accounts for supported Windows operating systems to protect access to your critical system components. Consider renaming the accounts so that remote scripts cannot enable the accounts using the name.
NOTE: For instructions on assigning user privileges for each supported operating system, see your operating system documentation.
NOTE: Add new users to the operating system if you want to add users to OpenManage software. You do not have to create new users from within the OpenManage software.

Adding Users to a Domain on Windows Operating Systems

NOTE: You must have Microsoft Active Directory® installed on your system to perform the following procedures. See "Microsoft Active Directory" for more information about using Active Directory.
  1. Navigate to Control Panel® Administrative Tools® Active Directory Users and Computers.

  2. In the console tree, right-click Users or right-click the container in which you want to add the new user, and then point to New® User.

  3. Type the appropriate user name information in the dialog box, and then click Next.

  4. Click Next, and then click Finish.

  5. Double-click the icon representing the user that you just created.

  6. Click the Member of tab.

  7. Click Add.

  8. Select the appropriate group and click Add.

  9. Click OK, and then click OK again.

New users can log into Dell OpenManage software with the user privileges for their assigned group and domain.

Creating Server Administrator Users for Supported Red Hat Enterprise Linux and SUSE Linux Enterprise Server Operating Systems

Administrator access privileges are assigned to the user logged in as root. To create users with User and Power User privileges, perform the following steps.

NOTE: You must be logged in as root to perform these procedures.
NOTE: You must have the useradd utility installed on your system to perform these procedures.

Creating Users

NOTE: For information about creating users and user groups, see your operating system documentation.
Creating Users With User Privileges
  1. Run the following command from the command line:

useradd -d <home-directory> -g <group> <username>

where <group> is not root.

NOTE: If <group> does not exist, you must create it by using the groupadd command.
  1. Type passwd <username> and press <Enter>.

  2. When prompted, enter a password for the new user.

You must assign a password to every user account that can access Server Administrator to protect access to your critical system components.

The new user can now log in to Server Administrator with User group privileges.

Creating Users With Power User Privileges
  1. Run the following command from the command line:

useradd -d <home-directory> -g root <username>

NOTE: You must set root as the primary group.
  1. Type passwd <username> and press <Enter>.

  2. When prompted, enter a password for the new user.

You must assign a password to every user account that can access Server Administrator to protect access to your critical system components.

The new user can now log in to Server Administrator with Power User group privileges.

Editing Server Administrator User Privileges on Linux Operating Systems

NOTE: You must be logged in as root to perform these procedures.
  1. Open the omarolemap file located at /etc.

  2. Add the following in the file:

<User_Name>[Tab]<Host_Name>[Tab]<Rights>

Table 3-4 lists the legends for adding the role definition to the omarolemap file

Table 3-4. Legends for adding the role definition in OpenManage Server Administrator

<User_Name>

<Host_Name>

<Rights>

User Name

Host Name

Administrator

(+)Group Name

Domain

User

Wildcard (*)

Wildcard (*)

User

[Tab] = \t (tab character)

Table 3-5 lists the examples for adding the role definition to the omarolemap file.

Table 3-5. Examples for adding the role definition in OpenManage Server Administrator

<User_Name>

<Host_Name>

<Rights>

Bob

Ahost

Poweruser

+root

Bhost

Administrator

+root

Chost

Administrator

Bob

*.aus.amer.com

Poweruser

Mike

192.168.2.3

Poweruser

  1. Save and close the file.

  2. Run the following command from the command line to restart the connection service:

service dsm_om_connsvc restart

NOTE: Make sure that you restart the connection service for the changes to take effect.
Best Practices while Using the omarolemap File

The following lists the best practices to be considered while working with omarolemap file:

  • Do not delete the following default entries in omarolemap file.
    • root

    *

    Administrator

    • +root

    *

    Poweruser

    • *

    *

    User



  • Do not change the omarolemap file permissions or file format.

  • Server Administrator uses the default operating system user privilege, if an user is degraded in the omarolemap file.

  • Do not use the loop back address for <Host_Name>, for example: localhost or 127.0.0.1.

  • After the connection services are restarted and the changes does not take effect for /etc/omarolemap file refer to command log for the errors.

  • When omarolemap file is copied from one machine to other machine, file permissions and the entries of the file needs to be rechecked.

  • Prefix the Group Name with +.

  • Server Administrator uses the default operating system user privileges, if there are duplicate entries of user names or user groups along with same <Host_Name>.

  • Space can also be used as a delimiter for columns instead of [Tab]

Disabling Guest and Anonymous Accounts in Supported Windows Operating Systems

NOTE: You must be logged in with Administrator privileges to perform this procedure.
  1. Open the Computer Management window.

  2. In the console tree, expand Local Users and Groups and click Users.

  3. Click the Guest or IUSR_system name user account.

  4. Click Action and point to Properties.

  5. Select Account is disabled and click OK.

A red circle with an X appears over the user name. The account is disabled.

Configuring the SNMP Agent

Server Administrator supports the Simple Network Management Protocol (SNMP)—a systems management standard—on all supported operating systems. The SNMP support may or may not be installed depending on your operating system and how the operating system was installed. In most cases, SNMP is installed as part of your operating system installation. An installed supported systems management protocol standard, such as SNMP, is required before installing Server Administrator. See "Installation Requirements" for more information.

You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as the Dell OpenManage™ IT Assistant, perform the procedures described in the following sections.

NOTE: The default SNMP agent configuration usually includes a SNMP community name such as public. For security reasons, change the SNMP community names from their default values. For information about changing SNMP community names, see the appropriate section below. For additional guidelines, see the Securing an SNMP Environment article, dated May 2003, in the Dell Power Solutions magazine. This magazine is also available at www.dell.com/powersolutions.
NOTE: SNMP Set operations are disabled by default in Server Administrator version 5.2 or later. Server Administrator provides support to enable or disable SNMP Set operations in Server Administrator. You can use the Server Administrator SNMP Configuration page under Preferences or the Server Administrator command line interface (CLI) to enable or disable SNMP Set operations in Server Administrator. For more information about the Server Administrator CLI, see the Dell OpenManage Server Administrator Command Line Interface User's Guide.
NOTE: For IT Assistant to retrieve management information from a system running Server Administrator, the community name used by IT Assistant must match a community name on the system running Server Administrator. For IT Assistant to modify information or perform actions on a system running Server Administrator, the community name used by IT Assistant must match a community name that allows Set operations on the system running Server Administrator. For IT Assistant to receive traps (asynchronous event notifications) from a system running Server Administrator, the system running Server Administrator must be configured to send traps to the system running IT Assistant.

The following procedures provide step-by-step instructions for configuring the SNMP agent for each supported operating system:

Configuring the SNMP Agent for Systems Running Supported Windows Operating Systems

Server Administrator uses the SNMP services provided by the Windows SNMP agent. You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures described in the following sections.

NOTE: See your operating system documentation for additional details on SNMP configuration.

Enabling SNMP Access By Remote Hosts

Windows Server 2003, by default, does not accept SNMP packets from remote hosts. For systems running Windows Server 2003, you must configure the SNMP service to accept SNMP packets from remote hosts if you plan to manage the system by using SNMP management applications from remote hosts.

To enable a system running the Windows Server 2003 operating system to receive SNMP packets from a remote host, perform the following steps:

  1. Open the Computer Management window.

  2. Expand the Computer Management icon in the window, if necessary.

  3. Expand the Services and Applications icon and click Services.

  4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and then click Properties.

The SNMP Service Properties window appears.

  1. Click the Security tab.

  2. Select Accept SNMP packets from any host, or add the remote host to the Accept SNMP packets from these hosts list.

Changing the SNMP Community Name

Configuring the SNMP community names determines which systems are able to manage your system through SNMP. The SNMP community name used by management applications must match an SNMP community name configured on the Server Administrator system so that the management applications can retrieve management information from Server Administrator.

  1. Open the Computer Management window.

  2. Expand the Computer Management icon in the window, if necessary.

  3. Expand the Services and Applications icon and click Services.

  4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and then click Properties.

The SNMP Service Properties window appears.

  1. Click the Security tab to add or edit a community name.

    1. To add a community name, click Add under the Accepted Community Names list.

The SNMP Service Configuration window appears.

    1. Type the community name of a system that is able to manage your system (the default is public) in the Community Name text box and click Add.

The SNMP Service Properties window appears.

    1. To change a community name, select a community name in the Accepted Community Names list and click Edit.

The SNMP Service Configuration window appears.

    1. Make all necessary edits to the community name of the system that is able to manage your system in the Community Name text box, and then click OK.

The SNMP Service Properties window appears.

  1. Click OK to save the changes.

Enabling SNMP Set Operations

SNMP Set operations must be enabled on the Server Administrator system to change Server Administrator attributes using IT Assistant.

  1. Open the Computer Management window.

  2. Expand the Computer Management icon in the window, if necessary.

  3. Expand the Services and Applications icon, and then click Services.

  4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and click Properties.

The SNMP Service Properties window appears.

  1. Click the Security tab to change the access rights for a community.

  2. Select a community name in the Accepted Community Names list, and click Edit.

The SNMP Service Configuration window appears.

  1. Set the Community Rights to READ WRITE or READ CREATE, and click OK.

The SNMP Service Properties window appears.

  1. Click OK to save the changes.

Configuring Your System to Send SNMP Traps to a Management Station

Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored parameters. You must configure one or more trap destinations on the Server Administrator system for SNMP traps to be sent to a management station.

  1. Open the Computer Management window.

  2. Expand the Computer Management icon in the window, if necessary.

  3. Expand the Services and Applications icon and click Services.

  4. Scroll down the list of services until you find SNMP Service, right-click SNMP Service, and click Properties.

The SNMP Service Properties window appears.

  1. Click the Traps tab to add a community for traps or to add a trap destination for a trap community.

    1. To add a community for traps, type the community name in the Community Name box and click Add to list, which is located next to the Community Name box.

    1. To add a trap destination for a trap community, select the community name from the Community Name drop-down box and click Add under the Trap Destinations box.

    2. The SNMP Service Configuration window appears.

Type in the trap destination and click Add.

The SNMP Service Properties window appears.

  1. Click OK to save the changes.

Configuring the SNMP Agent on Systems Running Supported Red Hat Enterprise Linux

Server Administrator uses the SNMP services provided by the ucd-snmp or net-snmp SNMP agent. You can configure the SNMP agent to change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures described in the following sections.

NOTE: See your operating system documentation for additional details on SNMP configuration.

SNMP Agent Access Control Configuration

The management information base (MIB) branch implemented by Server Administrator is identified by the OID 1.3.6.1.4.1.674. Management applications must have access to this branch of the MIB tree to manage systems running Server Administrator.

For Red Hat Enterprise Linux operating systems, the default SNMP agent configuration gives read-only access for the "public" community only to the MIB-II "system" branch (identified by the 1.3.6.1.2.1.1 OID) of the MIB tree. This configuration does not allow management applications to retrieve or change Server Administrator or other systems management information outside of the MIB-II "system" branch.

Server Administrator SNMP Agent Install Actions

If Server Administrator detects the default SNMP configuration during installation, it attempts to modify the SNMP agent configuration to give read-only access to the entire MIB tree for the "public" community. Server Administrator modifies the /etc/snmp/snmpd.conf SNMP agent configuration file in two ways.

The first change is to create a view to the entire MIB tree by adding the following line if it does not exist:

view all included .1

The second change is to modify the default "access" line to give read-only access to the entire MIB tree for the "public" community. Server Administrator looks for the following line:

access notConfigGroup "" any noauth exact systemview none none

If Server Administrator finds the line above, it modifies the line so that it reads:

access notConfigGroup "" any noauth exact all none none

These changes to the default SNMP agent configuration give read-only access to the entire MIB tree for the "public" community.

NOTE: To ensure that Server Administrator is able to modify the SNMP agent configuration to provide proper access to systems management data, it is recommended that any other SNMP agent configuration changes be made after installing Server Administrator.

Server Administrator SNMP communicates with the SNMP agent using the SNMP Multiplexing (SMUX) protocol. When Server Administrator SNMP connects to the SNMP agent, it sends an object identifier to the SNMP agent to identify itself as a SMUX peer. Because that object identifier must be configured with the SNMP agent, Server Administrator adds the following line to the SNMP agent configuration file, /etc/snmp/snmpd.conf, during installation if it does not exist:

smuxpeer .1.3.6.1.4.1.674.10892.1

Changing the SNMP Community Name

Configuring the SNMP community names determines which systems are able to manage your system through SNMP. The SNMP community name used by management applications must match an SNMP community name configured on the Server Administrator system so that the management applications can retrieve management information from Server Administrator.

To change the SNMP community name used for retrieving management information from a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

com2sec publicsec default public

or

com2sec notConfigUser default public

  1. Edit this line, replacing public with the new SNMP community name. When edited, the new line should read:

com2sec publicsec default community_name

or

com2sec notConfigUser default community_name

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

service snmpd restart

Enabling SNMP Set Operations

SNMP Set operations must be enabled on the system running Server Administrator in order to change Server Administrator attributes using IT Assistant.

To enable SNMP Set operations on the system running Server Administrator, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

access publicgroup "" any noauth exact all none none

or

access notConfigGroup "" any noauth exact all none none

  1. Edit this line, replacing the first none with all. When edited, the new line should read:

access publicgroup "" any noauth exact all all none

or

access notConfigGroup "" any noauth exact all all none

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

service snmpd restart

Configuring Your System to Send Traps to a Management Station

Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored parameters. One or more trap destinations must be configured on the system running Server Administrator for SNMP traps to be sent to a management station.

To configure your system running Server Administrator to send traps to a management station, edit the SNMP agent configuration file, /etc/snmp/snmpd.conf, and perform the following steps:

  1. Add the following line to the file:

trapsink IP_address community_name

where IP_address is the IP address of the management station and community_name is the SNMP community name

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

service snmpd restart

Configuring the SNMP Agent on Systems Running Supported SUSE Linux Enterprise Server Operating Systems

Server Administrator uses the SNMP services provided by the ucd-snmp or net-snmp agent. You can configure the SNMP agent to enable SNMP access from remote hosts, change the community name, enable Set operations, and send traps to a management station. To configure your SNMP agent for proper interaction with management applications such as IT Assistant, perform the procedures described in the following sections.

NOTE: On SUSE Linux Enterprise Server (Version 9), the SNMP agent configuration file is located at /etc/snmpd.conf. On SUSE Linux Enterprise Server (Version 10), the SNMP agent configuration file is located at /etc/snmp/snmpd.conf.
NOTE: See your operating system documentation for additional details about SNMP configuration.

Sever Administrator SNMP Install Actions

Server Administrator SNMP communicates with the SNMP agent using the SNMP Multiplexing (SMUX) protocol. When Server Administrator SNMP connects to the SNMP agent, it sends an object identifier to the SNMP agent to identify itself as a SMUX peer. This object identifier must be configured with the SNMP agent, therefore, Server Administrator adds the following line to the SNMP agent configuration file (/etc/snmpd.conf or /etc/snmp/snmpd.conf) during installation if it does not exist:

smuxpeer .1.3.6.1.4.1.674.10892.1

Enabling SNMP Access From Remote Hosts

The default SNMP agent configuration on SUSE Linux Enterprise Server operating systems gives read-only access to the entire MIB tree for the "public" community from the local host only. This configuration does not allow SNMP management applications such as IT Assistant running on other hosts to discover and manage Server Administrator systems properly. If Server Administrator detects this configuration during installation, it logs a message to the operating system log file, /var/log/messages, to indicate that SNMP access is restricted to the local host. You must configure the SNMP agent to enable SNMP access from remote hosts if you plan to manage the system by using SNMP management applications from remote hosts.

NOTE: For security reasons, it is advisable to restrict SNMP access to specific remote hosts if possible.

To enable SNMP access from a specific remote host to a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmpd.conf or /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

rocommunity public 127.0.0.1

  1. Edit or copy this line, replacing 127.0.0.1 with the remote host IP address. When edited, the new line should read:

rocommunity public IP_address

NOTE: You can enable SNMP access from multiple specific remote hosts by adding a rocommunity directive for each remote host.
  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

/etc/init.d/snmpd restart

To enable SNMP access from all remote hosts to a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmpd.conf or /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

rocommunity public 127.0.0.1

  1. Edit this line by deleting 127.0.0.1. When edited, the new line should read:

rocommunity public

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

/etc/init.d/snmpd restart

Changing the SNMP Community Name

Configuring the SNMP community name determines which management stations are able to manage your system through SNMP. The SNMP community name used by management applications must match the SNMP community name configured on the Server Administrator system, so the management applications can retrieve the management information from Server Administrator.

To change the default SNMP community name used for retrieving management information from a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmpd.conf or /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

rocommunity public 127.0.0.1

  1. Edit this line by replacing public with the new SNMP community name. When edited, the new line should read:

rocommunity community_name 127.0.0.1

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

/etc/init.d/snmpd restart

Enabling SNMP Set Operations

SNMP Set operations must be enabled on the system running Server Administrator in order to change Server Administrator attributes using IT Assistant. To enable remote shutdown of a system from IT Assistant, SNMP Set operations must be enabled.

NOTE: Rebooting of your system for change management functionality does not require SNMP Set operations.

To enable SNMP Set operations on a system running Server Administrator, edit the SNMP agent configuration file, /etc/snmpd.conf or /etc/snmp/snmpd.conf, and perform the following steps:

  1. Find the line that reads:

rocommunity public 127.0.0.1

  1. Edit this line by replacing rocommunity with rwcommunity. When edited, the new line should read:

rwcommunity public 127.0.0.1

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

/etc/init.d/snmpd restart

Configuring Your System to Send Traps to a Management Station

Server Administrator generates SNMP traps in response to changes in the status of sensors and other monitored parameters. One or more trap destinations must be configured on the system running Server Administrator for SNMP traps to be sent to a management station.

To configure your system running Server Administrator to send traps to a management station, edit the SNMP agent configuration file, /etc/snmpd.conf or /etc/snmp/snmpd.conf, and perform the following steps:

  1. Add the following line to the file:

trapsink IP_address community_name

where IP_address is the IP address of the management station and community_name is the SNMP community name.

  1. To enable SNMP configuration changes, restart the SNMP agent by typing:

/etc/init.d/snmpd restart

Firewall Configuration on Systems Running Supported Red Hat Enterprise Linux Operating Systems

If you enable firewall security while installing Red Hat Enterprise Linux, the SNMP port on all external network interfaces is closed by default. To enable SNMP management applications such as IT Assistant to discover and retrieve information from Server Administrator, the SNMP port on at least one external network interface must be open. If Server Administrator detects that the SNMP port is not open in the firewall for any external network interface, Server Administrator displays a warning message and logs a message to the system log.

You can open the SNMP port by disabling the firewall, opening an entire external network interface in the firewall, or opening the SNMP port for at least one external network interface in the firewall. You can perform this action before or after Server Administrator is started.

To open the SNMP port using one of the previously described methods, perform the following steps:

  1. At the Red Hat Enterprise Linux command prompt, type setup and press <Enter> to start the Text Mode Setup Utility.

NOTE: This command is available only if you have performed a default installation of the operating system.

The Choose a Tool menu appears.

  1. Select Firewall Configuration using the down arrow and press <Enter>.

The Firewall Configuration screen appears.

  1. Press <Tab> to select Security Level and then press the spacebar to select the security level you want to set. The selected Security Level is indicated by an asterisk.

NOTE: Press <F1> for more information about the firewall security levels. The default SNMP port number is 161. If you are using the X Window System graphical user interface, pressing <F1> may not provide information about firewall security levels on newer versions of Red Hat Enterprise Linux.
    1. To disable the firewall, select No firewall or Disabled and go to step 7.

    1. To open an entire network interface or the SNMP port, select High, Medium, or Enabled and continue with step 4.

  1. Press <Tab> to go to Customize and press <Enter>.

The Firewall Configuration - Customize screen appears.

  1. Select whether to open an entire network interface or just the SNMP port on all network interfaces.

    1. To open an entire network interface, press <Tab> to go to one of the Trusted Devices and press the spacebar. An asterisk in the box to the left of the device name indicates that the entire interface will be opened.

    1. To open the SNMP port on all network interfaces, press <Tab> to go to Other ports and type snmp:udp.

  2. Press <Tab> to select OK and press <Enter>.

The Firewall Configuration screen appears.

  1. Press <Tab> to select OK and press <Enter>.

The Choose a Tool menu appears.

  1. Press <Tab> to select Quit and press <Enter>.

Back to Contents Page

 

Shop
Laptops & Netbooks
Desktops & Workstations
Servers, Storage & Networking
Printer & Ink
Electronics & Accessories
Support
Drivers and Downloads
Product Support
Support by Topic
Warranty Information
Customer Service
Community
Join the discussion
Share your ideas
Read our blog
Ratings & Reviews
Community Home
Company Information
About Dell
Corporate Responsibility
Careers
Investors
Newsroom
My Account
Sign-in/Register
Order Status
Saved Carts

Laptops | Desktop Computers | Business Laptops | Business Desktops | Workstations | Servers | Storage | Alienware | Monitors | Printers | LCD TVs, HD TVs & TV Accessories | Electronics & Accessories
Copyright 1999-2012 Dell Inc. For Canadian customers only.
Privacy : About Our Ads : Terms of Sale : Warranty and Service : Terms of Use : About Dell : Site Map : Feedback

Large Text
All prices, specifications and promotional offers are subject to error, change and/or substitution at Dell's discretion at any time without notice. Dell cannot be responsible for errors in typography or photography. Unless otherwise specifically advertised, promotional offers are not combinable with any other offer or volume based or other discounts to which you may be entitled. Advertised configurations and limited time offers only available to business customers in Canada with 99 employees or less. All purchases subject to your Customer Agreement or Dell's standard terms of sale, Dell's limited warranty terms and the applicable Dell or third party service agreement. Copies available on request or at www.dell.ca. Remember to back-up your data. Dell is not responsible for lost or corrupt data or software. Limit one (1) offer per eligible system. Dell reserves the right to limit quantities to five (5) systems per customer.


Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Core, Intel Inside, Intel Inside Logo, Intel Viiv, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, Viiv Inside, vPro Inside, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries.

snEB10