1.15. Tools#
LinOTP comes with some tools to ease system maintenance.
1.15.1. linotp#
Commands:
admin Administrative commands to manage the linotp application...
audit Manage audit options
backup Manage database-specific backups
config Show LinOTP configuration
dbsnapshot Manage system-independent database 'snapshots'
init Manage initialization of LinOTP
ldap-test Test LDAP user-ID resolver connection.
local-admins Manage local administrator accounts
routes Show the routes for the app.
run Runs a development server.
shell Runs a shell in the app context.
support Administrative commands to set and query the linotp support.
Use the help of the tool to get details about the syntax
linotp local-admins#
The command local-admins are the administrators for /manage, which are created in the internal UserIdResolver LinOTP_local_admins. Alternatively, they can be created and edited in the GUI of SVA (:8443).
linotp local-admins --help
linotp local-admins list --help
#output:
List local administrator accounts
Options:
-f, --format TEXT Output format template
-l, --long Detailed output
--help Show this message and exit.
Example create a new local admin for /manage
linotp local-admins add localadmin
linotp local-admins password --password geheim123 localadmin
linotp audit#
The command linotp audit currently features only the cleanup
command which deletes old entries in the SQL audit log table. The
linotp audit cleanup command is meant to be run once a day
via the daily cron job (/etc/cron.daily).
With the parameter --max-entries-to-keep you can specify the
maximum number of entries to be kept. If nothing is specified, 5000
entries are kept.
In addition, the linotp audit cleanup command can take a cleanup
threshold specified by the --cleanup-threshold parameter, so that
if the number of audit entries exceeds this cleanup threshold, old
entries are deleted and only the newest entries specified by
--max-entries-to-keep remain.
Example
linotp audit cleanup --max-entries-to-keep 7000 --cleanup-threshold 10000
This command reduces the audit entries to the latest 7000 if there are more than 10000 entries in the SQL audit log table.
Another way of regularly cleaning up audit entries is to use the
--delete-after-days parameter. Please note that this parameter
cannot be used together with the --max-entries-to-keep or
--cleanup-threshold parameters!
Example
linotp audit cleanup --delete-after-days 7
This command deletes all audit entries that are older than 7 days.
Specifying the --export parameter exports the audit entries before
deletion to a “SQLAuditExport.*.csv” file in the BACKUP_DIR, defined
by your linotp configuration.
However, a special export directory can be specified with the
parameter --exportdir or -e for short.
For details about the linotp audit cleanup command please run:
linotp audit cleanup --help
1.15.2. linotp-tokens-used#
This in fact is a munin [1] plugin to monitor the total amount of managed tokens, the number of unassigned tokens and the number of inactive tokens.
Of course the output can be used to be dumped to any other file.
The output can be used to set up a dynamic pay per use licensing model.
1.15.3. linotp-backup#
This shell script backs up the database and the encryption key to an PGP encrypted backup file.
1.15.4. linotp-restore#
This shell script restores a previously backed up database and encryption key.
1.15.5. linotp-convert-token#
This script converts a Safeword dat seed file to an Aladdin/SafeNet XML file.
1.15.6. linotp-convert-xml-to-csv#
This script converts an Aladdin XML file to an OATH CSV file.
1.15.7. linotp-decrypt-otpkey#
This script can be used for debug purposes. It helps to decrypt an OTP seed from the token database.
1.15.8. LinotpLDAPProxy.pm#
This is a perl module to be used with an OpenLDAP server to setup an LDAP proxy, to perform LDAP binds (authentication) with OTP values.