LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

July 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS July 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Postgres user account on CAM database
From:	Michael Grinnell <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 26 Jul 2007 10:10:52 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (67 lines)

David,

If you log to a syslog server or use RADIUS accounting you can get  
that information without accessing the db directly.  I would  
recommend logging to a syslog server in any case.  There are free  
syslog servers for Linux, Solaris, Windows, OS X.  Heck, there's  
probably even one for DOS somewhere.

Michael Grinnell
Network Security Administrator
The American University
e-mail: [log in to unmask]
desk: (202) 885-2491
cell: (202) 215-3352


On Jul 26, 2007, at 10:03 AM, David Wang @ UoG CCS wrote:

> Thanks  Alex. Well, our admins are asking for the login use info,  
> and the "login time" is missed on "getuserinfo" API.
>
> David Wang, Networking Services,CCS
> www.uoguelph.ca 519-824-4120 x52046
>
>
>
> Alex Lanstein wrote:
>> There is no password and as Michael was saying, it's unsupported.   
>> You need to edit the script that creates the pg_hba.conf file (in / 
>> perfigo/scripts) and add in remote hosts to the ACL.  Then run the  
>> script and restart the perfigo service.  Because there is no  
>> password, a simple ip restriction isn't terribly secure, but  
>> that's what you need to do if you want to make external queries.
>>
>> Almost any thing you're trying to pull from the cam can be pulled  
>> using a clever mixture of the API calls... what information were  
>> you looking for specifically?
>> Regards,
>>
>> Alex Lanstein
>> Network/Systems Architect
>> FireEye, Inc.
>> 860-625-4277
>> [log in to unmask]
>>
>>
>> Michael Grinnell wrote:
>>> This is unsupported by Cisco.  The pg_hba.conf file prevents  
>>> access to the database from other machines.
>>>
>>> Michael Grinnell
>>> Network Security Administrator
>>> The American University
>>>
>>>
>>> On Jul 25, 2007, at 3:43 PM, David Wang @ UoG CCS wrote:
>>>
>>>> I am trying to pull some data from CAM's PostgresSQL database  
>>>> remotely by "psql -h /cam_ip/ controlsmartdb -U postgres" from  
>>>> another machine. Do I need a password for postgres? and if so,  
>>>> what it is? thanks in advance.
>>>> -- 
>>>> David Wang, Networking Services,CCS
>>>> www.uoguelph.ca 519-824-4120 x52046
>>>
>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU