Chat now with support
Chat with Support

syslog-ng Store Box 5.0.3 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Troubleshooting SSB Security checklist for configuring SSB About us Third-party contributions

Authenticating users to a RADIUS server

Purpose:

SSB can authenticate its users to an external RADIUS server. Group memberships of the users must be managed either locally on SSB or in an LDAP database.

Caution:

The challenge/response authentication methods is currently not supported. Other authentication methods (for example, password, SecureID) should work.

To authenticate SSB users to a RADIUS server, complete the following steps:

Steps:
  1. Navigate to AAA > Settings.

    Figure 49: AAA > Settings — Configuring RADIUS authentication

  2. Set the Authentication method field to RADIUS.

  3. Enter the IP address or domain name of the RADIUS server into the Address field.

  4. Enter the password that SSB can use to access the server into the Shared secret field.

    NOTE:

    SSB accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[]^-`{|}

  5. To add more RADIUS servers, click and repeat Steps 2-4.

    Repeat this step to add multiple servers. If a server is unreachable, SSB will try to connect to the next server in the list in failover fashion.

  6. When configuring RADIUS authentication with a local user database, complete the following steps.

    1. Set Password expiration to 0.

    2. Set Number of passwords to remember to 0.

    3. Set Minimal password strength to disabled.

    4. Set Cracklib check on password to disabled.

  7. Caution:

    After clicking Commit, the SSB web interface will be available only after successfully authenticating to the RADIUS server. Note that the default admin account of SSB will be able to login normally, even if the RADIUS server is unaccessible.

    Click Commit.

Managing user rights and usergroups

In SSB, user rights can be assigned to usergroups. SSB has numerous usergroups defined by default, but custom user groups can be defined as well. Every group has a set of privileges: which pages of the SSB web interface it can access, and whether it can only view (read) or also modify (read & write/perform) those pages or perform certain actions.

Figure 50: AAA > Access Control — Managing SSB users

NOTE:

Every group has either read or read & write/perform privileges to a set of pages.

The admin user is available by default and has all privileges, except that it cannot remotely access the shared logspaces. It is not possible to delete this user.

Assigning privileges to usergroups for the SSB web interface

Purpose:

To assign privileges to a new group, complete the following steps:

Steps:
  1. Navigate to AAA > Access Control and click .

  2. Find your usergroup. If you start typing the name of the group you are looking for, the autocomplete function will make finding your group easier for you.

  3. Click located next to the name of the group. The list of available privileges is displayed.

  4. Select the privileges (pages of the SSB interface) to which the group will have access and click Save.

    NOTE:

    To export the configuration of SSB, the Export configuration privilege is required.

    To import a configuration to SSB, the Import configuration privilege is required.

    To update the firmware and set the active firmware, the Firmware privilege is required.

  5. Select the type of access (read or read & write) from the Type field.

  6. Click Commit.

Modifying group privileges

Purpose:

To modify the privileges of an existing group, complete the following steps:

Steps:
  1. Navigate to AAA > Access Control.

  2. Find the group you want to modify and click . The list of available privileges is displayed.

  3. Select the privileges (pages of the SSB interface) to which the group will have access and click Save.

    Figure 51: AAA > Access Control — Modifying group privileges

    Caution:

    Assigning the Search privilege to a user on the AAA page grants the user search access to every logspace, even if the user is not a member of the groups listed in the Access Control option of the particular logspace.

  4. Select the type of access (read or read & write) from the Type field.

  5. Click Commit.

Related Documents