Skip to content

NAME

ltpsecrc - LTP security policy management commands file

DESCRIPTION

LTP security policy management commands are passed to ltpsecadmin either in a file of text lines or interactively at ltpsecadmin's command prompt (:). Commands are interpreted line-by line, with exactly one command per line. The formats and effects of the LTP security policy management commands are described below.

COMMANDS

  • ?

    The help command. This will display a listing of the commands and their formats. It is the same as the h command.

  • #

    Comment line. Lines beginning with # are not interpreted.

  • e { 1 | 0 }

    Echo control. Setting echo to 1 causes all output printed by ltpsecadmin to be logged as well as sent to stdout. Setting echo to 0 disables this behavior.

  • v

    Version number. Prints out the version of ION currently installed. HINT: combine with e 1 command to log the version number at startup.

  • a ltprecvauthrule ltp_engine_id ciphersuite_nbr [key_name]

    The add ltprecvauthrule command. This command adds a rule specifying the manner in which LTP segment authentication will be applied to LTP segments received from the indicated LTP engine.

    A segment from the indicated LTP engine will only be deemed authentic if it contains an authentication extension computed via the ciphersuite identified by ciphersuite_nbr using the applicable key value. If ciphersuite_nbr is 255 then the applicable key value is a hard-coded constant and key_name must be omitted; otherwise key_name is required and the applicable key value is the current value of the key named key_name in the local security policy database.

    Valid values of ciphersuite_nbr are:

    0: HMAC-SHA1-80
    1: RSA-SHA256
    255: NULL
    
  • c ltprecvauthrule ltp_engine_id ciphersuite_nbr [key_name]

    The change ltprecvauthrule command. This command changes the parameters of the LTP segment authentication rule for the indicated LTP engine.

  • d ltprecvauthrule ltp_engine_id

    The delete ltprecvauthrule command. This command deletes the LTP segment authentication rule for the indicated LTP engine.

  • i ltprecvauthrule ltp_engine_id

    This command will print information (the LTP engine id, ciphersuite number, and key name) about the LTP segment authentication rule for the indicated LTP engine.

  • l ltprecvauthrule

    This command lists all LTP segment authentication rules in the security policy database.

  • a ltpxmitauthrule ltp_engine_id ciphersuite_nbr [key_name]

    The add ltpxmitauthrule command. This command adds a rule specifying the manner in which LTP segments transmitted to the indicated LTP engine must be signed.

    Signing a segment destined for the indicated LTP engine entails computing an authentication extension via the ciphersuite identified by ciphersuite_nbr using the applicable key value. If ciphersuite_nbr is 255 then the applicable key value is a hard-coded constant and key_name must be omitted; otherwise key_name is required and the applicable key value is the current value of the key named key_name in the local security policy database.

    Valid values of ciphersuite_nbr are:

    0: HMAC\_SHA1-80
    1: RSA\_SHA256
    255: NULL
    
  • c ltpxmitauthrule ltp_engine_id ciphersuite_nbr [key_name]

    The change ltpxmitauthrule command. This command changes the parameters of the LTP segment signing rule for the indicated LTP engine.

  • d ltpxmitauthrule ltp_engine_id

    The delete ltpxmitauthrule command. This command deletes the LTP segment signing rule for the indicated LTP engine.

  • i ltpxmitauthrule ltp_engine_id

    This command will print information (the LTP engine id, ciphersuite number, and key name) about the LTP segment signing rule for the indicated LTP engine.

  • l ltpxmitauthrule

    This command lists all LTP segment signing rules in the security policy database.

  • h

    The help command. This will display a listing of the commands and their formats. It is the same as the ? command.

SEE ALSO

ltpsecadmin(1)