asc service
Use this command to perform generic CloudControl service management and simple configuration file changes.
Syntax
asc service [options]
|
Option |
Description |
|||
|
-d, --disable |
Disable a service. The |
|||
|
-e, --enable |
Enable a service. The |
|||
|
-f, --configfile <file> |
Specify the configuration file(s) to read or modify. Multiple files can be specified. Searches and changes are processed to each file in the order specified. |
|||
|
-h, --help |
Display usage text. |
|||
|
-m, --message <message> |
Specify the message to use in log files and configuration file change journals for service related activities. |
|||
|
-n, --servicename <service> |
The name of the service to manage. The name must match the name of the service init script in the directory Multiple service names can be specified and are managed in the order specified. |
|||
|
-R, --reboot |
Reboot the CloudControl appliance. |
|||
|
-r, --revert |
Revert the specified configuration file parameters to their previous value. The |
|||
|
-v, --verbose |
Enable verbose output. |
|||
|
-vv |
Enable debug output. |
|||
|
-C or --create-rescue |
Creates the ascrescue account to add an additional layer of security. The ascsupport account, used by HyTrust Support, can not be logged into until you log in to the ascrescue account and hand over the session.
|
|||
|
-l or --lockdown |
Locks down user accounts to prevent unauthorized users from logging in with a "su <user>" command. Use this command after creating the ascrescue account. |
Examples
Disable the NTP, Tomcat, and PostgresSQL services:
asc service -d -n ntpd -n postgresql -n tomcat7
Specify multiple services to manage:
asc service -n ntpd -n httpd -n monit
Create the ascrescue account to prevent support from logging into your system without a handoff:
[htcc:standalone ~]$ asc service --create-rescue
Created the 'ascrescue' account. Please log in using the default password 'hytrust'
and change the password. The 'ascadminuser' password can be updated from the 'ascrescue'
account by executing 'sudo passwd ascadminuser'.
Success: Account settings updated
[htcc:standalone ~]$ ssh ascrescue@<host.example.com>
The authenticity of host '<host.example.com> (<host.example.com>)' can't be established.
RSA key fingerprint is d9:8e:e4:71:b1:da:72:6c:a6:80:eb:ca:2d:56:18:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<host.example.com>' (RSA) to the list of known hosts.
ascrescue@<host.example.com>'s password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user ascrescue.
Changing password for ascrescue.
(current) UNIX password:
New password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Connection to <host.example.com> closed.
[htcc:standalone ~]$ asc service --lockdown ascadminuser
Preventing 'ascadminuser' from elevating account to 'ascsupport'.
Success: Account settings updated
[htcc:standalone ~]$ asc service --lockdown ascrescue
Preventing 'ascrescue' from changing the 'ascadminuser' password.
Success: Account settings updated
|
Follow us: |
