Utils Commands


Note

The following System, and Network Utils commands require VOS platform log in.

You can run these Utils commands in Administrator (admin:) configuration mode.

utils auditd

To start, stop, and to provide the status of the system auditing service, use the utils auditd command in Administrator (admin:) mode.

utils auditd { enable | disable | status }

Syntax Description

enable

Enables the collection of audit logs. When enabled, the system monitors and records user actions as well as Linux events such as the creation and removal of users, as well as the editing and deleting of files.

disable

Disables the collection of audit logs.

status

Displays the status of audit log collection. You can also use CLI to retrieve logs.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

After the service has been enabled, it monitors and logs activity on the system. Be aware that the system auditing service logs a lot of information. Care must be taken not to overfill the disk.

Examples

The following is an example for utils auditd status command: 


admin:utils auditd status
auditd service is running

Examples

The following is an example for utils auditd enable command: 


admin:utils auditd enable
The auditd daemon has been started and was set to start upon reboot.

admin:utils auditd status
auditd service is running

Examples

The following is an example for utils auditd disable command: 


admin:utils auditd disable
The daemon has been stopped and removed from startup configuration

admin:utils auditd status
auditd service is stopped

utils core active analyze

To generate a backtrace for a core file, a thread list, and the current value of all CPU registers, use the utils core active analyze command in Administrator (admin:) mode.

utils core { active | inactive } analyze core_file_name

Syntax Description

active

Specifies an active version.
inactive

Specifies an inactive version.
core_file_name

Specifies the name of the core file from which to generate the stack trace.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

Use the utils core active analyze command creates a file of the same name as the core file, with a .txt extension, in the same directory as the core file. After you execute this command on a core file created by cimserver, an unexpected message is displayed. This message is a known limitation of the command.

Examples

The following example shows how to generate a backtrace for a core file:


admin:utils core active analyze core.9538

This comand may use a considerable amount of I/O and running it may impact system performance.

It is highly recommended that this command be run off-hours.

Continue (y/n)?y
The executable retrieved is null
Aborting command, unable to find executable

utils core active list

To display active or inactive core files, use the utils core list command in Administrator (admin:) mode.

utils core { active | inactive } list

Syntax Description

active

Specifies an active version.
inactive

Specifies an inactive version.
list

Displays active and inactive core files.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is a sample output for utils core active list command displaying all active core files: 


admin:utils core active list

 Size         Date                     Core File Name
=============================================================
 279182 KB     2025-10-17 11:00:25       core.9538

utils firewall ipv4

To enable or disable IPv4 firewall, to turn IPv4 firewall debugging on or off, to display the current configuration of the IPv4 firewall, and to display the current status of the IPv4 firewall, use the utils firewall ipv4 command in Administrator (admin:) mode.

utils firewall ipv4 { enable | disable [time ] | status | list | debug [ off | time ] }

Syntax Description

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

If you do not enter a time parameter, the utils firewall ipv4 debug command turns on debugging for 5 minutes.

Examples

The following is an example for utils firewall ipv4 status command: 


admin:utils firewall ipv4 status
firewall (iptables) is enabled
firewall (iptables) debugging is off

Examples

The following is an example for utils firewall ipv4 debug command: 


admin:utils firewall ipv4 debug
firewall (iptables) debugging will be turned off at Fri Oct 24, 2025 06:14:20

admin:utils firewall ipv4 status
firewall (iptables) is enabled
firewall (iptables) debugging is on
Will turn off at Fri Oct 24, 2025 06:14:20

Examples

The following is an example for utils firewall ipv4 disable command: 


admin:utils firewall ipv4 disable

Warning: Disabling the internal firewall can cause disruption in network
services. In particular redirected traffic such as HTTP and TFTP will be
disrupted which can affect phone registrations.
Do you want to continue?
Enter (yes/no)? yes
firewall (iptables) is disabled
firewall (iptables) will be enabled at Fri Oct 24, 2025 06:14:52

admin:utils firewall ipv4 status
firewall (iptables) is disabled
Will resume at Fri Oct 24, 2025 06:14:52
firewall (iptables) debugging is on
Will turn off at Fri Oct 24, 2025 06:14:20

Examples

The following is an example for utils firewall ipv4 list command: 


admin:utils firewall ipv4 list
Table: raw
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 flags:0x0F/0x08 u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0>>0x8=0x160300:0x160303&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x2&0xff=0x3:0xa,0x11:0x13,0x15:0xff" limit: above 3/sec burst 3 mode srcip htable-expire 60000
2    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 flags:0x17/0x02 state NEW limit: above 4/sec burst 20 mode srcip htable-expire 60000
3    DROP       all  --  127.0.0.0/8          0.0.0.0/0
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  -f  0.0.0.0/0            0.0.0.0/0
6    DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID
7    ACCEPT    !icmp --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
8    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5
9    LOG        icmp --  0.0.0.0/0            0.0.0.0/0            limit: avg 1/min burst 5 LOG flags 0 level 4 prefix "ping flood "
10   DROP       icmp --  0.0.0.0/0            0.0.0.0/0
11   DROP       icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 13
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 flags:0x02/0x02 limit: up to 25/sec burst 1500 mode srcip-dstport
13   LOG        tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 flags:0x02/0x02 limit: avg 1/min burst 1 LOG flags 0 level 4 prefix " Exceeded hashlimit "
14   DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 flags:0x02/0x02
15   ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
16   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:500 limit: up to 35/sec burst 10000 mode dstip-dstport
17   LOG        udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:500 limit: avg 1/min burst 1 LOG flags 0 level 4 prefix " Exceeded hashlimit "
18   DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:500

utils iostat

To display the iostat output for the given number of iterations and intervals, use the utils iostat command in Administrator (admin:) mode.

utils iostat [ interval | iterations | filename ]

Syntax Description

interval

Sets the seconds between two iostat readings. You must set this value if you are using the iteration parameter.
iterations

Sets the number of iostat iterations. You must set this value if you are using the interval parameter.

filename

Redirects the output to a file.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils iostat command: 


admin:utils iostat

Executing command... Please be patient

Linux 4.18.0-553.22.1.el8_10.x86_64 (cusp-iso187)       10/15/2025      _x86_64_        (2 CPU)

10/15/2025 10:18:23 AM
avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.29    0.01    0.57    0.17    0.00   98.96

Device            r/s     w/s     rkB/s     wkB/s   rrqm/s   wrqm/s  %rrqm  %wrqm r_await w_await aqu-sz rareq-sz wareq-sz  svctm  %util
sda              0.04   12.46      0.68     62.36     0.00     2.37   0.52  15.98    1.91    2.72   0.03    16.12     5.00   1.11   1.38
scd0             0.00    0.00      0.00      0.00     0.00     0.00   0.00   0.00    0.44    0.00   0.00     0.17     0.00   0.33   0.00

utils network arp

To set an entry, delete an entry, or to list the contents of the Address Resolution Protocol table, use the utils network arp command in Administrator (admin:) mode.

utils network arp { delete [host ] | set host addr | list [options] }

Syntax Description

delete host

(Optional) Represents the host name or IP address of the host to delete from the table.
set host

Represents the host name or IP address of the host to add to the table.

addr

Represents the hardware address (MAC) of the host to be added in the format: XX:XX:XX:XX:XX:XX
options

(Optional) page, numeric

  • Page: Pauses to display the output one page at a time.

  • Numeric: Shows hosts as dotted IP addresses.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils network arp list command: 


admin:admin: utils network arp list 
Address                  HWtype    HWaddress          Flags Mask     Iface
sjc21-3f-hsrp.cisco.com  ether     00:00:0C:07:AC:71  C              eth0
philly.cisco.com         ether     00:D0:B7:85:98:8E  C              eth0
Entries: 2 Skipped: 0 Found: 2

Examples

The following is an example for utils network arp set command: 


admin:utils network arp set 10.10.10.135 00:22:33:bc:3d:66

Address           HWtype    HWaddress          Flags Mask     Iface
10.10.10.135      ether     00:22:33:bc:3d:66  CM             eth0
_gateway          ether     00:D0:B7:85:98:8E  C              eth0
Entries: 2 Skipped: 0 Found: 2

Examples

The following is an example for utils network arp delete command: 


admin:utils network arp delete 10.10.10.135

utils network capture

To capture IP packets on a specified Ethernet interface, use the utils network capture command in Administrator (admin:) mode.

utils network capture { page | numeric | file fname | count num | size bytes | src addr | dest addr | port num | host protocol addr }

Syntax Description

eth0

Specifies Ethernet interface 0.

page

(Optional) Displays the output one page at a time.

When you use the page or file options, the complete capture of all requested packets must occur before the command completes.

numeric

(Optional) Displays hosts as dotted IP addresses.

file fname

(Optional) Outputs the information to a file.

The file option saves the information to platform/cli/fname.cap. The filename cannot contain the "." character.

count num

(Optional) Sets a count of the number of packets to capture.

For screen output, the maximum count equals 1000, and, for file output, the maximum count equals 10,000.

size bytes

(Optional) Sets the number of bytes of the packet to capture.

For screen output, the maximum number of bytes equals 128, for file output, the maximum of bytes can be either 262144 bytes or ALL.

src addr

(Optional) Specifies the source address of the packet as a host name or IPV4 address.
dest addr

(Optional) Specifies the destination address of the packet as a host name or IPV4 address.

port num

(Optional) Specifies the port number of the packet, either source or destination.

host protocol addr

(Optional) The protocol should be one of the following: ip/arp/rarp/all. The host address of the packet as a host name or IPV4 address. This option displays all packets to and fro that address.

Note

 

If "host" is provided, do not provide "src" or "dest".

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is a sample output for the utils network capture command: 


admin:utils network capture page
Executing command with options:
 size=128                count=1000              interface=eth0
 src=                    dest=                   port=                  
 ip=

utils network capture-rotate

To capture IP packets beyond the 100,000 packet limit of utils network capture, use the utils network capture-rotate command.

utils network capture-rotate file fname size bytes sizePerFile megabytes maxFiles num [ src addr ] [ dest addr ] [ port num ] [ host protocol addr ]

Syntax Description

file fname

Outputs the information to a file.

Note

 

The file will be saved in platform/cli/fname. fname should not contain the "." character.

size bytes

The number of bytes of the packet to capture. Valid values include any number up to 65535 or ALL. The default is ALL.
sizePerFile megabytes

The sizePerFile sets the value for the size of the log files. (Unit is millions of bytes). The default value of sizePerFile is 25 MB.

maxFiles num

The maxFiles indicates the maximum number of log files to be created. The default value of maxFiles is 10.

src addr

(Optional) Specifies the source address of the packet as a hostname or IPV4 address.

dest addr

(Optional) Specifies the destination address of the packet as a host name or IPV4 address.

port num

(Optional) Specifies the port number of the packet, either source or destination.

host protocol addr

(Optional) Limits capture to traffic to and from a specific host. Options for protocol are IP, arp, rarp, all, and addr must be in IPv4 or hostname format. If host is used, do not provide src or dest .

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

The command initiates a network packet capture and stores the data in files. Once a file hits the defined size limit, the capture proceeds in a new file. You can set how many files to retain; as new files are created, the oldest ones are deleted automatically (file rotation).

Examples

The following example shows how to output the packet captures to a file:


admin:utils network capture-rotate file test10 maxfile 2

Available common partition disk space    42657M
Projected disk usage from capture        250M
Total common partition size              48232M

Projected common partition utilization after capture is 6%
Will use default limit of 85%
For any given set of parameters, utilization must remain below 85%

Note:
        Current disk utilization from packet captures is 20K.
        Packet captures will remain on disk until deleted.
        It is recommended to delete these captures periodically.
            To list all captures, please run 'file list activlog platform/cli/*.cap*'
            To download captures, please run 'file get activlog platform/cli/*.cap*'
            To delete captures, please run 'file delete platform/cli/*.cap*'
Executing command with options:
size=65535        interface=eth0
sizePerFile=25    maxFiles=10
src=              dest=
port=             ip=

utils network host

To resolve a host name to an address or an address to a host name, use the utils network host command in Administrator (admin:).

utils network host name [ server serv ] [ page ] [ detail ] [ srv ]

Syntax Description

name

Represents the host name or IP address that you want to resolve.

serv

(Optional) Specifies an alternate domain name server.

page

(Optional) Displays the output one screen at a time.

detail

(Optional) Displays a detailed listing.

srv

(Optional) Displays DNS SRV records.

Note

 

Use keyword srv to get DNS SRV records.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following example shows how to resolve a host name to an address:


admin:utils network host proxy.esl.cisco.com
Local resolution:
Nothing found

External Resolution:
proxy.esl.cisco.com has address 173.33.99.222

utils network name-service

To clear the name service cache, use the utils network name-service command in Administrator (admin:) mode.

utils network name-service { hosts | services } [cache invalidate]

Syntax Description

hosts

Specifies the host service cache.
services

Specifies the services service cache.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following example displays flushing/clearing the hosts cache:


admin:utils network name-service services cache invalidate 
utils network name-service services cache invalidate help:
    This command will invalidate nscd related cache.

admin:utils network name-service services cache invalidate

Examples

The following is an example for utils network name-service hosts commands: 


admin:utils network name-service hosts cache invalidate

admin:utils network name-service cache invalidate help:
        This command will invalidate nscd related cache.

admin:utils network name-service hosts cache invalidate

utils network ping

To ping another server, use the utils network ping command in Administrator (admin:) mode.

utils network ping dest [ count VALUE ] [ size VALUE ]

Syntax Description

dest

Specifies IP address or host name.
count VALUE

Specifies the count value. Default is 4.
size VALUE

Specifies size of ping packet in bytes. Default is 56.

Command Default

None

Command Modes

Administrator (admin:) mode

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following example displays ping statistics for 10.10.10.10:


admin:utils network ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=0.236 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=0.399 ms
64 bytes from 10.10.10.10: icmp_seq=3 ttl=64 time=0.333 ms
64 bytes from 10.10.10.10: icmp_seq=4 ttl=64 time=0.305 ms

--- 10.10.10.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3059ms
rtt min/avg/max/mdev = 0.236/0.318/0.399/0.059 ms

utils network traceroute

To trace IP packets that are sent to a remote destination, use the utils network traceroute command in Administrator (admin:) mode.

utils network traceroute destination

Syntax Description

destination

Represents the hostname or IP address of the server to which you want to send a trace.

Command Modes

Administrator (admin:) mode

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following example displays a sample output for the utils network traceroute command: 


admin:utils network traceroute ntp.esl.cisco.com
traceroute to ntp.esl.cisco.com (173.33.111.111), 30 hops max, 60 byte packets
1 gateway (10.10.104.1) 3.773 ms 23.971 ms 0.650 ms
2 10.10.56.209 (10.10.56.209) 0.693 ms 0.649 ms 0.660 ms 41.716 s 41.997 ms
3 10.222.77.22 (10.222.77.22) 1.217 ms 1.180 ms 1.121 ms
4 10.111.44.169 (10.111.44.169) 1.419 ms 1.288 ms 1.332 ms
5 10.111.22.237 (10.111.22.237) 1.577 ms 1.562 ms 1.552 ms
6 10.111.33.170 (10.111.33.170) 41.702 ms 41.628 ms 41.604 ms
7 10.111.77.30 (10.111.77.30) 41.717 ms 41.612 ms
8 10.111.77.21 (10.111.77.21) 41.898 ms 41.823 ms
9 10.111.22.209 (10.111.22.209) 203.591 ms
10 10.111.77.20 (10.111.77.20) 203.677 ms
11 10.111.77.21 (10.111.77.21) 203.825 ms
12 10.111.11.19 (10.111.11.19) 228.412 ms
13 10.111.11.22 (10.111.11.22) 228.115 ms 203.288 ms 203.517 ms 203.904 ms 203.631 ms 204.030 ms 231.388 ms 
227.978 ms 227.994 ms 228.059 ms 228.005 ms
14 10.111.66.33 (10.111.66.33) 220.407 ms 220.467 ms 220.175 ms
15 173.33.19.33 (173.33.19.33) 220.476 ms 173.33.19.26 (173.33.19.26) 220.544 ms 220.417 ms
16 173.88.15.50 (173.88.15.50) 220.715 ms 221.015 ms 220.832 ms
17 173.11.11.111 (173.11.11.11) 220.675 ms 173.38.195.17 (173.38.195.17) 220.698 ms 173.11.11.11 (173.11.11.11) 220.642 ms
18***

utils os kerneldump

To enable, disable, or to display the status of the kerneldump service, use the utils os kerneldump command in Administrator (admin:) mode.

utils os kerneldump { enable | disable | status }

Syntax Description

enable

Enables the kerneldump service.
disable

Removes the kerneldump service.
status

Indicates the kerneldump status.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

If a kernel crash occurs, the capture kernel dumps the core on the local disk of the server. The primary kernel reserves 128MB of physical memory that the capture kernel uses to boot. The kerneldump uses the kexec command to boot into a capture kernel whenever the kernel crashes.

Examples

The following is an example for utils os kerneldump enable command: 


admin:utils os kerneldump enable
kdump already enabled

Examples

The following is an example for utils os kerneldump disable command: 


admin:utils os kerneldump disable

***************WARNING******************
Disabling kdump requires system reboot
Would you like to continue(y/n):y

Examples

The following is an example for utils os kerneldump status command: 


admin:utils os kerneldump status
kdump is enabled

utils os kerneldump ssh

To enable, disable, or display the status of an external SSH server, use the utils os kerneldump ssh command in Administrator (admin:) mode.

utils os kerneldump ssh { enable ip_address | disable ip_address | status }

Syntax Description

enable ip_address

Configures an external SSH server as a kernel dump server to kernel dumps.

Indicates the server IP address being added to dump cores to external server.
disable ip_address

Removes support of the external SSH server that is configured to collect kernel dumps.

Indicates the server IP address being removed to disable external support.
status

Indicates whether an external SSH server is configured or not, to collect kernel dumps.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

If external SSH server has the kerneldump service enabled and a kernel crash occurs, the capture kernel dumps the core on the external server that is configured to collect the dump. Enabling and disabling kerneldump require a system reboot for the changes to effect.

Examples

The following is an example for utils os kerneldump ssh enable command: 


admin:utils os kerneldump ssh enable 10.10.10.187

****************WARNING*****************
Enabling kdump requires local system reboot
Would you like to reboot this local machine(y/n): y

Enter server username:
root
Enter server password:
Do you wish to change dump location ?(y/n):y

Enter new dump location:
/root/
kdump enable operation succeeded
Vmcore will be dumped to path <directory_path> on <remote_server>
backing up kdump.conf file
The local system going for a reboot

Examples

The following is an example for utils os kerneldump ssh disable command: 


admin:utils os kerneldump ssh disable 10.10.10.187

***************WARNING******************
Disabling kdump requires the local system reboot
Would you like to continue(y/n):y

Dumping to external server 10.10.10.187 disabled successfully
Enable dumping to local disk Successful
Local system going for a reboot
backing up kdump.conf file

admin:utils os kerneldump ssh status
Dumping to external server is disabled

Examples

The following is an example for utils os kerneldump ssh status command: 


admin:utils os kerneldump ssh status
Dumping to external server 10.10.10.187 is enabled.Dump location is /root

utils os secure

To specify the level of security provided by Security-Enhanced Linux (SELinux), use the utils os secure command in Administrator (admin;) mode.

utils os secure { enforce | permissive | status }

Syntax Description

enforce

Sets SELinux to its strict, default "enforcing" mode, which is required for full security.
permissive

Temporarily changes SELinux to "permissive" mode, logging violations but not blocking them, useful for troubleshooting.
status

Checks if SELinux is currently enforcing or permissive.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

Note that selinux does not handle rate limiting. Rate limiting is handled by ipprefs and IP tables.

Examples

The following is an example for utils os secure enforce command: 


admin:utils os secure enforce
OS security mode changed to Enforcing

admin:utils os secure status
OS Security status:             enabled
Current mode:                   enforcing

Examples

The following is an example for utils os secure permissive command: 


admin:utils os secure permissive
OS security mode changed to Permissive

admin:utils os secure status
OS Security status:             enabled
Current mode:                   permissive

Examples

The following is an example for utils os secure status command: 


admin:utils os secure status
OS Security status:             enabled
Current mode:                   enforcing

utils os secure dynamic-policies

To perform the following functions, use the utils os secure dynamic-policies command in Administrator (admin:) mode:

  • stop-recording : To stop recording the selinux denials for the dynamic policy.

  • start-recording : To start recording the selinux denials and organize them under a new dynamic policy.

  • remove : To delete all the data for the dynamic policy from the operating system

  • load : To load the selinux policy module for the dynamic policy into selinux

  • compile : To generate the selinux policy module and type enforcement that resolves the recorded denials under the dynamic policy

utils os secure dynamic-policies { compile | load | remove | start-recording | stop-recording } policy_name

Syntax Description

compile policy_name

Indicates the dynamic policy name under which the compilation of the selinux policy module and type enforcement is done.
load policy_name

Indicates the dynamic policy name that has a generated selinux policy module, which is not loaded into selinux.
remove policy_name

Indicates the dynamic policy name that is unnecessary or no longer required.

start_recording policy_name

Indicates the dynamic policy name where the selinux denials and future policy data is to be organized.
stop_recording policy_name

Indicates the dynamic policy name the recording of which you want to stop.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

Use the utils os secure dynamic-policies stop-recording command to switch the system back to the original enforcement mode—either permissive mode or enforcing mode. This log generates a delta log for all selinux denials that occurred between the start of the recording till it ends.


Note

The utils os secure dynamic-policies stop-recording command fails if the delta log has no new denials. Then, the dynamic policy is purged and you will have to use this command again.

Use the utils os secure dynamic-policies start-recording command to:

  • Set the system into the permissive mode

  • The dynamic-policies are generated on a per-node basis. As a restriction, these policies cannot be exported or imported. This restriction has the following advantages:

    • Prevent loading external and unsigned policy modules into selinux that may create security vulnerabilities.

    • Prevent the transfer of policy modules between Unified Communications Manager clusters with different configurations.

Use the utils os secure dynamic-policies remove command to delete all the data including unloading the policy module from selinux and deleting the generated policy module, type enforcements, recorded denials, and delta logs.

Use the utils os secure dynamic-policies load command to apply new rules into selinux that prevent the denials that are recorded under the dynamic policy from reoccurring.

Examples

The following is an example for utils os secure dynamic-policies compile command: 


admin:utils os secure dynamic-policies compile test

Compiling "test" into a dynamic-policy

No new rules could be generated for "test"
Purging "test"

Examples

The following is an example for utils os secure dynamic-policies load command: 


admin:utils os secure dynamic-policies load test

Loading dynamic-policy "test" into SELinux

Cannot load dynamic-policy "test"
Ensure there is a compiled policy with:
   utils os secure dynamic-policies list

Examples

The following is an example for utils os secure dynamic-policies remove command: 


admin:utils os secure dynamic-policies remove test
Purging test
Successfully removed dynamic-policy test

admin:utils os secure dynamic-policies list
Viewable dynamic-policies
  [POLICY_NAME] ->   [STATUS]
-----------------------------------------

Examples

The following is an example for utils os secure dynamic-policies start-recording command: 


admin:utils os secure dynamic-policies start-recording test

Starting to record SELinux denials under "test"

Recording has started for "test"

##################################################
# WARNING:                                       #
# Recording for too long can be hazardous to the #
# system's health and security. Your recording   #
# will be terminated after 1 hour. You are       #
# encouraged to terminate the recording sooner.  #
##################################################

You can stop recording with:
   utils os secure dynamic-policies stop-recording test

Examples

The following is an example for utils os secure dynamic-policies stop-recording command: 


admin:utils os secure dynamic-policies stop-recording test

Halting the SELinux denial recording for "test"
Please wait. This may take several minutes.

New SELinux denials were caught under "test"
Run the following to compile into a dynamic-policy:
   utils os secure dynamic-policies compile test

utils os secure dynamic-policies list

To list all the operating system dynamic policies with their statuses, use the utils os secure dynamic-policies list command in Administrator (admin:) mode.

utils os secure dynamic-policies list

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils os secure dynamic-policies list command: 


admin:utils os secure dynamic-policies list

Viewable dynamic-policies
  [POLICY_NAME] ->   [STATUS]
-----------------------------------------
  test ->   [Recorded]

utils remote_account

To create, enable, disable, and to check the status of a remote account, use the utils remote_account command in Administrator (admin:) mode.

utils remote_account { enable | disable | status | create account life }

Syntax Description

account

Specifies the remote account name.
life

Specifies the duration for which the account is active.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

A remote account generates a pass phrase that allows Cisco Systems support personnel to get access to the system for the specified life of the account.

You can have only one remote account that is enabled at a time.

Examples

The following is an example for utils remote_account status command: 


admin:utils remote_account status

WARNING: Do not press Ctrl +C while the command execution is in progress.

In case you accidentally pressed Ctrl +C, verify the status of the remote account

using 'utils remote_account status' and execute the same command again if required.

Remote Support
Status         : disabled

Examples

The following is an example for utils remote_account enable command: 


admin:utils remote_account enable

WARNING: Do not press Ctrl +C while the command execution is in progress. In case

you accidentally pressed Ctrl +C, verify the status of the remote account using

'utils remote_account status' and execute the same command again if required.

Successful in enabling RemoteSupport

admin:utils remote_account status

WARNING: Do not press Ctrl +C while the command execution is in progress.

In case you accidentally pressed Ctrl +C, verify the status of the remote account using

 'utils remote_account status' and execute the same command again if required.

Remote Support
Status         : enabled

Examples

The following is an example for utils remote_account create command: 


admin:utils remote_account create rootacc 30

WARNING: Do not press Ctrl +C while the command execution is in progress.

 In case you accidentally pressed Ctrl +C, verify the status of the remote account

using 'utils remote_account status' and execute the same command again if required.

Account Successfully created
Account        : rootacc
Passphrase     :
-----BEGIN PASSPHRASE-----
of6i7adNqsNboeyySjgbyJMDGVdJsEnUiGYMfhSLq23Gr83Ta7HRQFIQHnH4CvJ

FNOoLxS2nJYBDufXrzg1OgzyjYrD6DxcuYnbh5lHfzG70r70X2hurviQXDzFxQ0Yz8slSqSLKvr
-----END PASSPHRASE-----
Version        : 2
Expiry         : 11-14-2025:9:00:00 (MM-DD-YYYY:Hr:Min:Sec)

utils service

To activate, deactivate, start, or to stop a service, use the utils service command in Administrator (admin:) mode.

utils service { activate | deactivate | start | stop } service_name

Syntax Description

service_name

Represents the name of the service you want to affect.

Use the utils service list command for a full list of node services.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils service activate command: 


admin:utils service activate Cisco SCSI Watchdog

Activating Cisco SCSI Watchdog...

Cisco SCSI Watchdog [STARTED]

Examples

The following is an example for utils service deactivate command: 


admin:utils service deactivate Cisco SCSI Watchdog

Stopping Cisco SCSI Watchdog...

Deactivating Cisco SCSI Watchdog...

Cisco SCSI Watchdog [STOPPED] Service Not Activated

Examples

The following is an example for utils service start command: 


admin:utils service start Cisco SCSI Watchdog

Starting Cisco SCSI Watchdog...

Cisco SCSI Watchdog [STARTED]

Examples

The following is an example for utils service stop command: 


admin:utils service stop Cisco SCSI Watchdog
Stopping Cisco SCSI Watchdog...

Cisco SCSI Watchdog [STOPPED] Service Activated

utils service list

To retrieve a list of all services, use utils service list command in Administrator (admin:) mode.

utils service list [page]

Syntax Description

page

Displays the output one page at a time.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils service list command: 


admin:utils service list

Requesting service status, please wait...
System SSH [STARTED]
Name Service Cache [STARTED]
Entropy Monitoring Daemon [STARTED]
Cisco SCSI Watchdog [STARTED]

utils system boot

To redirect where the system boot output gets sent, use the utils system boot command in Administrator (admin:) mode.

utils system boot { console | status }

Syntax Description

console

Redirects the system boot output to the console.

status

Displays the location where the system boot messages are sent. The location is either console or serial port one.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following example displays a sample output for utils system boot console command: 


admin:utils system boot console 
Changing boot output to the console
Boot output has been redirected to the console

Examples

The following example displays a sample output for utils system boot serial command: 


admin:utils system boot serial 
Changing boot output to serial port 1
Boot output has been redirected to COM1 (serial port 1)

Examples

The following example displays a sample output for utils system boot status command: 


admin:utils system boot status 

Boot output is redirected to the console

utils system restart

To restart the system on the same partition, use the utils system restart command in Administrator (admin:) mode.

utils system restart

Syntax Description

This command has no arguments or keywords.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is a sample output for utils system restart command: 


admin:utils system restart 

Do you really want to restart ?

Enter (yes/no)? no

Restart Aborted !

utils system shutdown

To shut down the system, use the utils system shutdown command in Administrator (admin:) mode.

utils system shutdown

Syntax Description

This command has no arguments or keywords.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

The utils system shutdown command has a five-minute timeout. If the system does not shut down within five minutes, the command gives you the option of doing a forced shutdown.


Caution

If the server is forced to shutdown and restart from your virtual machine, the file system may become corrupted.

Examples

The following is a sample output for utils system shutdown command: 


admin:utils system shutdown 
Do you really want to shutdown ?

Enter (yes/no)? yes

Appliance is being Powered - Off ...
Warning: Shutdown could take up to 5 minutes.

utils system switch-version

To restart the system on the inactive partition, use the utils system switch-version command in the Administrator (admin:) mode.

utils system switch-version

Syntax Description

This command has no arguments or keywords.

Command Modes

Administrator (admin:)

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is a sample output for utils system switch-version command: 


admin:utils system switch-version 

Active Master Version: 15.0.1.10000-9017
Inactive Master Version: 15.0.1.10000-9005

Do you really want to switch between versions ?

Enter (yes/no)? no

Switch Version Aborted !

utils system upgrade

To install upgrades and Cisco Option (COP) files from both local and remote directories, use the utils system upgrade command in Administrator (admin:) mode.

utils system upgrade { initiate | cancel | status }

Syntax Description

cancel

Cancels the active upgrade.

initiate

Starts a new upgrade wizard or assumes control of an existing upgrade wizard.
status

Displays the status of an upgrade.

Command Modes

Administrator (admin:) mode

Command History

Release Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

You can continue to upgrade with the existing Software Location configurations details.

Examples

The following is a sample output for the utils system upgrade initiate command: 


admin:utils system upgrade initiate 

Warning: Do not close this window without first canceling the upgrade.
Warning: This version only accepts COP files ending in .cop.sha512 and ISO files ending in .sha512.iso

Source:

 1) Remote Filesystem via SFTP
 2) Remote Filesystem via FTP
 3) Local DVD/CD
 4) Local Image <None>
 q) quit

Please select an option (1 - 4 or "q" ): 

Directory [/common/adminsftp/upgrade]: /common/adminsftp/fresh_install
Server [10.77.30.197]: 10.77.30.195
User Name [root]: root
Password [******]: ********
Please enter SMTP Host Server (optional):
Continue with upgrade after download (yes/no) [yes]: yes
Switch-version server after upgrade [valid only for ISO] (yes/no) [yes]: no
Checking for valid upgrades. Please wait...
Available options and upgrades in "10.77.30.195:/common/adminsftp/fresh_install":
1) UCSInstall_UCOS_14.0.1.13900-9001.iso
q) quit
Please select an option (1 - 1 or "q" ):

Examples


admin:utils system upgrade status 

Upgrade status: ready to be configured

Examples


admin:utils system upgrade cancel 
Canceling the upgrade. Please wait ...

Upgrade status: Ready to be ocnifgured.

utils ungraceful warn disable

To disable the console warning message that appears when an ungraceful shutdown is detected, use the utils ungraceful warn disable command in Administrator (admin:) mode.

utils ungraceful warn disable

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Usage Guidelines

The utils ungraceful warn disable command does not execute any system checks for file corruption.

This is not the recommended solution as this only suppresses the warning and does not address the underlying cause of the ungraceful shutdown. It is crucial to address the root cause and ensure the stability and integrity of the VOS system.

Examples

The following is an example for utils ungraceful warn disable command: 


admin:utils ungraceful warn disable
Before you disable the warning message, make sure that the ungraceful shutdown does not have any adverse affect on the server.
This command will ensure that the ungraceful shutdown warning is not shown in Cisco Contact Center SIP Proxy CLI.

Do you want to continue(yes/no): yes
Successfully disabled the warning message shown in Cisco Contact Center SIP Proxy CLI.

utils vmtools status

To display the type and the version of currently installed VMware Tools, use the utils vmtools status command in Administrator (admin:) mode.

utils vmtools status

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Administrator (admin:)

Command History

Release

Modification

CCCSP-15.0(1)

This command was introduced.

Examples

The following is an example for utils vmtools status command: 


admin:utils vmtools status
The vmtools installed on this server is running
Version: 12.3.5.46049
Type: OPEN