Commands for inspecting and changing system rules for authentication, SSH, and HTTP(S).
show security
Reports on the system’s access model in general terms.
show securityExample output:
[Wed Mar 5 03:54:51 2025] > show security
[Wed Mar 5 03:54:51 2025] Authentication: BASIC
[Wed Mar 5 03:54:51 2025] HTTP Access : enable
[Wed Mar 5 03:54:51 2025] Timeout SSH : 0.000000min (idle)
[Wed Mar 5 03:54:51 2025] Timeout WWW : 0.000000min (session)
[Wed Mar 5 03:54:51 2025] Default Role : fullconfig security auth
Change the authentication model used by the system.
After running this command, the Nginx server will be restarted, which may take several seconds.
config security auth <BASIC|OAUTH|RADIUS|PAM-LDAP>Example output:
[Fri Jan 24 06:13:09 2025] > config security auth OAUTH
[Fri Jan 24 06:13:11 2025] Authentication [BASIC] -> [OAUTH]
wait for respawn 0/120
wait for respawn 1/120
wait for respawn 2/120
wait for respawn 3/120
wait for respawn 4/120
wait for respawn 5/120
process respawned
[Fri Jan 24 06:13:17 2025] rebooting the system may be requiredconfig security http
Set whether the system allows access over plain HTTP (true) or not (false).
Note that if this command succeeds, the Nginx server gets restarted, which may take from 5 seconds to 2 minutes.
Fmad Engineering officially recommends that, if not using “basic” authentication, this be disabled, so that passwords are not sent in cleartext.
config security http <true|false>Example output:
[Fri Jan 24 05:46:21 2025] > config security http false
[Fri Jan 24 05:46:21 2025] HTTP Access [enable] -> [false]
[Fri Jan 24 05:46:21 2025] please wait 60sec for web access to restart
[Fri Jan 24 05:47:40 2025] > config security http true
[Fri Jan 24 05:47:41 2025] HTTP Access [disable] -> [true]
[Fri Jan 24 05:47:41 2025] please wait 60sec for web access to restartconfig security timeoutSSH
Set the time-out period after which connected SSH clients are forcibly disconnected from the system.
In specific terms, this alters the TMOUT environment variable.
config security timeoutSSH <#s|#m|#h|disable>Example output:
[Fri Jan 24 07:29:35 2025] > config security timeoutSSH 2h
[Fri Jan 24 07:29:35 2025] SSH Timeout [0] -> [7200000000000]
[Fri Jan 24 07:29:35 2025] please reboot for new setting to take effect
[Fri Jan 24 07:29:37 2025] > config security timeoutSSH disable
[Fri Jan 24 07:29:37 2025] SSH Timeout [7200000000000] -> [0]
[Fri Jan 24 07:29:37 2025] please reboot for new setting to take effectconfig security timeoutWWW
Set the time-out period after which a logged-in web user has their session forcibly terminated, requiring them to log in again.
config security timeoutWWW <#s|#m|#h|disable>Example output:
[Fri Jan 24 07:28:39 2025] > config security timeoutWWW 1h
[Fri Jan 24 07:28:40 2025] WWW Timeout [0] -> [3600000000000]
[Fri Jan 24 07:28:40 2025] please reboot for new setting to take effect
[Fri Jan 24 07:28:42 2025] > config security timeoutWWW disable
[Fri Jan 24 07:28:42 2025] WWW Timeout [3600000000000] -> [0]
[Fri Jan 24 07:28:42 2025] please reboot for new setting to take effectconfig security default_role
Overrides the users www permission level. The following table lists the settings
value | desc |
|---|---|
full | Sets all users to have full WWW permissions |
user | Sets all users to have user WWW permissions |
none | Defer the permissions to each user, via the userlist commands |
config security default_role <full|user|none>Example output:
[Fri Jan 24 05:44:06 2025] > config security default_role user
[Fri Jan 24 05:44:06 2025] Default role updated successfully
[Fri Jan 24 05:44:14 2025] > config security default_role full
[Fri Jan 24 05:44:14 2025] Default role updated successfully