Commands for inspecting and changing system rules for authentication, SSH, and HTTP(S).
show security
Reports on the system’s access model in general terms.
show securityExample output:
[Fri Jan 24 04:43:17 2025] > show security
[Fri Jan 24 04:43:17 2025] Authentication: BASIC
[Fri Jan 24 04:43:17 2025] HTTP Access : enable
[Fri Jan 24 04:43:17 2025] Timeout SSH : 0.000000min (idle)
[Fri Jan 24 04:43:17 2025] Timeout WWW : 0.000000min (session)
[Fri Jan 24 04:43:17 2025]config security auth
Change the authentication model used by the system.
After running this command, the Nginx server will be restarted, which may take several seconds.
config security auth <BASIC|OAUTH|RADIUS|PAM-LDAP>Example output:
[Fri Jan 24 06:13:09 2025] > config security auth OAUTH
[Fri Jan 24 06:13:11 2025] Authentication [BASIC] -> [OAUTH]
wait for respawn 0/120
wait for respawn 1/120
wait for respawn 2/120
wait for respawn 3/120
wait for respawn 4/120
wait for respawn 5/120
process respawned
[Fri Jan 24 06:13:17 2025] rebooting the system may be requiredconfig security http
Set whether the system allows access over plain HTTP (true) or not (false).
Note that if this command succeeds, the Nginx server gets restarted, which may take from 5 seconds to 2 minutes.
Fmad Engineering officially recommends that, if not using “basic” authentication, this be disabled, so that passwords are not sent in cleartext.
config security http <true|false>Example output:
[Fri Jan 24 05:46:21 2025] > config security http false
[Fri Jan 24 05:46:21 2025] HTTP Access [enable] -> [false]
[Fri Jan 24 05:46:21 2025] please wait 60sec for web access to restart
[Fri Jan 24 05:47:40 2025] > config security http true
[Fri Jan 24 05:47:41 2025] HTTP Access [disable] -> [true]
[Fri Jan 24 05:47:41 2025] please wait 60sec for web access to restartconfig security timeoutSSH
Set the time-out period after which connected SSH clients are forcibly disconnected from the system.
In specific terms, this alters the TMOUT environment variable.
config security timeoutSSH <#s|#m|#h|disable>Example output:
[Fri Jan 24 07:29:35 2025] > config security timeoutSSH 2h
[Fri Jan 24 07:29:35 2025] SSH Timeout [0] -> [7200000000000]
[Fri Jan 24 07:29:35 2025] please reboot for new setting to take effect
[Fri Jan 24 07:29:37 2025] > config security timeoutSSH disable
[Fri Jan 24 07:29:37 2025] SSH Timeout [7200000000000] -> [0]
[Fri Jan 24 07:29:37 2025] please reboot for new setting to take effectconfig security timeoutWWW
Set the time-out period after which a logged-in web user has their session forcibly terminated, requiring them to log in again.
config security timeoutWWW <#s|#m|#h|disable>Example output:
[Fri Jan 24 07:28:39 2025] > config security timeoutWWW 1h
[Fri Jan 24 07:28:40 2025] WWW Timeout [0] -> [3600000000000]
[Fri Jan 24 07:28:40 2025] please reboot for new setting to take effect
[Fri Jan 24 07:28:42 2025] > config security timeoutWWW disable
[Fri Jan 24 07:28:42 2025] WWW Timeout [3600000000000] -> [0]
[Fri Jan 24 07:28:42 2025] please reboot for new setting to take effectconfig security default_role
Set whether all users defined in the userlist have full permissions (full). If user is set, any given user only has the permissions which they have been assigned.
config security default_role <full|user>Example output:
[Fri Jan 24 05:44:06 2025] > config security default_role user
[Fri Jan 24 05:44:06 2025] Default role updated successfully
[Fri Jan 24 05:44:14 2025] > config security default_role full
[Fri Jan 24 05:44:14 2025] Default role updated successfully