LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

July 2007

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS July 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Postgres user account on CAM database
From:	"David Wang @ UoG CCS" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Thu, 26 Jul 2007 10:41:03 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

This is a good idea as well, and thanks again Michael. We do have syslog 
server in place and fed by CAM, but obviously some info missed as well 
in logging, like OS -- just won't be perfect.

David Wang, Networking Services,CCS
www.uoguelph.ca 519-824-4120 x52046



Michael Grinnell wrote:
> David,
>
> If you log to a syslog server or use RADIUS accounting you can get 
> that information without accessing the db directly.  I would recommend 
> logging to a syslog server in any case.  There are free syslog servers 
> for Linux, Solaris, Windows, OS X.  Heck, there's probably even one 
> for DOS somewhere.
>
> Michael Grinnell
> Network Security Administrator
> The American University
> e-mail: [log in to unmask]
> desk: (202) 885-2491
> cell: (202) 215-3352
>
>
> On Jul 26, 2007, at 10:03 AM, David Wang @ UoG CCS wrote:
>
>> Thanks  Alex. Well, our admins are asking for the login use info, and 
>> the "login time" is missed on "getuserinfo" API.
>>
>> David Wang, Networking Services,CCS
>> www.uoguelph.ca 519-824-4120 x52046
>>
>>
>>
>> Alex Lanstein wrote:
>>> There is no password and as Michael was saying, it's unsupported.  
>>> You need to edit the script that creates the pg_hba.conf file (in 
>>> /perfigo/scripts) and add in remote hosts to the ACL.  Then run the 
>>> script and restart the perfigo service.  Because there is no 
>>> password, a simple ip restriction isn't terribly secure, but that's 
>>> what you need to do if you want to make external queries.
>>>
>>> Almost any thing you're trying to pull from the cam can be pulled 
>>> using a clever mixture of the API calls... what information were you 
>>> looking for specifically?
>>> Regards,
>>>
>>> Alex Lanstein
>>> Network/Systems Architect
>>> FireEye, Inc.
>>> 860-625-4277
>>> [log in to unmask]
>>>
>>>
>>> Michael Grinnell wrote:
>>>> This is unsupported by Cisco.  The pg_hba.conf file prevents access 
>>>> to the database from other machines.
>>>>
>>>> Michael Grinnell
>>>> Network Security Administrator
>>>> The American University
>>>>
>>>>
>>>> On Jul 25, 2007, at 3:43 PM, David Wang @ UoG CCS wrote:
>>>>
>>>>> I am trying to pull some data from CAM's PostgresSQL database 
>>>>> remotely by "psql -h /cam_ip/ controlsmartdb -U postgres" from 
>>>>> another machine. Do I need a password for postgres? and if so, 
>>>>> what it is? thanks in advance.
>>>>> --David Wang, Networking Services,CCS
>>>>> www.uoguelph.ca 519-824-4120 x52046
>>>>
>>>
>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU