NDR Sensor CLI

Security

Associated Commands:

CLI Description	Command
Clear security banner or message of the day Clear the security banner or message of the day. The banner is reset to the system default banner.	clear banner
Resets configured password complexity requirements to default Resets configured password complexity requirements to default.	clear password-complexity
Disable password expiration for the user Disable password expiration for the user.	clear user <node-all-username> password-expiration
Disable password expiration warning for the user Disable password expiration warning for the user.	clear user <node-all-username> password-expiration-warning
Delete SSH service keys from authorized_keys file for specified user Delete any SSH key with specified label from specified user's authorized_keys file. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.	del user <username> ssh-keys label <key-label> [password <password>]
Get CLI account lockout period Get the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts.	get auth-policy cli lockout-period
Get CLI maximum authentication failures Get the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	get auth-policy cli max-auth-failures
Get minimum allowable password length Get the minimum number of characters that passwords must have.	get auth-policy minimum-password-length
Show Sensor Certificate in the system Show Sensor Certificate in the system.	get certificate <get-certificate-entity-arg>
Get configured password complexity requirements Get configured password complexity requirements.	get password-complexity
Get the number of days until user password expiration Get number of days the user's password is valid after a password change and number of days before user receives password expiration warning message.	get user <node-all-username> password-expiration
Get user status for specified non-root user Get user status for specified non-root user.	get user <node-all-username> status
Get SSH keys from authorized_keys file for specified user Get SSH keys from authorized_keys file for specified user.	get user <node-username> ssh-keys
Set CLI account lockout period Sets the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.	set auth-policy cli lockout-period <lockout-period-arg>
Set CLI maximum authentication failures Set the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	set auth-policy cli max-auth-failures <auth-failures-arg>
Set minimum allowable password length Set the minimum number of characters that passwords must have. The smallest value that can be set is 8.	set auth-policy minimum-password-length <password-length-arg>
Set security banner or message of the day Set the security banner or message of the day.	set banner
Update certificate Update certificate for the given entity.	set certificate <set-certificate-entity-arg> <x509-encoded-certificate-arg>
Configure password complexity requirements Configure password complexity requirements. Minimum password length: minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128 Maximum password length: maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128 Lower characters: number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case character in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having lower case character in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum password length value up to N lower case characters. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Upper characters: number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case character in the new password, i.e. this is the minimum number of upper case characters that must be met for a new password. N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum password length value up to N upper case characters. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Numeric characters: number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum password length value up to N digits. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Special characters: number of special characters (!@#$&..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password. N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum password length* value up to N special case characters.. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Minimum unique characters: number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Allowed similar consecutive characters: reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Allowed monotonic sequence: reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Hash algorithm: sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ] Password remembrance: limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0 Note, passwords less than 8 characters are never allowed.	set password-complexity [<complexity-name> <complexity-value>]
Set number of days the user's password is valid after a password change Set number of days the user's password is valid after a password change.	set user <node-all-username> password-expiration <password-expiration-arg>
Set number of days prior user receives warning message before password expires Set number of days prior user receives warning message before password expires. Set 0 to disable warning messages for password expiry.	set user <node-all-username> password-expiration-warning <password-expiration-warn-arg>
Set new username for specified non-root user Set new user name for the specified non-root user.	set user <node-all-username> username <new-node-username>
Set user password Set the password for the specified user. If you do not specify the password on the command line, you will be prompted for it. For details on setting passwords during installation, see the NDR Sensor documentation.	set user <username> password [<password> [old-password <old-password>]]
Add SSH service key to authorized_keys file for specified user Add SSH service key to authorized_keys file for specified user. If password is not provided in the command then you are prompted to enter it. Password is required only for users root and admin.	set user <username> ssh-keys label <key-label> type <key-type> value <key-value> [password <password>]

Total commands: 24

NDR Sensor CLI

Security

Associated Commands:

Clear security banner or message of the day

Resets configured password complexity requirements to default

Disable password expiration for the user

Disable password expiration warning for the user

Delete SSH service keys from authorized_keys file for specified user

Get CLI account lockout period

Get CLI maximum authentication failures

Get minimum allowable password length

Show Sensor Certificate in the system

Get configured password complexity requirements

Get the number of days until user password expiration

Get user status for specified non-root user

Get SSH keys from authorized_keys file for specified user

Set CLI account lockout period

Set CLI maximum authentication failures

Set minimum allowable password length

Set security banner or message of the day

Update certificate

Configure password complexity requirements

Set number of days the user's password is valid after a password change

Set number of days prior user receives warning message before password expires

Set new username for specified non-root user

Set user password

Add SSH service key to authorized_keys file for specified user