Skip to content

techbloc.net

my technical experience

  • Home
  • About me
  • Labs
  • Archive
  • Contact

Tag: Read-Only

Posted on July 10, 2013

Cisco ASA Read-Only User Account

I had to create an read-only user account on an Cisco ASA. It was for a company security officer who needed to looks into the configuration on the ASA firewalls.

At first you need to set authorization to local:

aaa authorization command LOCAL

Then you define the priviledge access level, feel free to adjust them:

privilege cmd level 3 mode configure command failover
privilege cmd level 3 mode exec command perfmon
privilege cmd level 5 mode exec command dir
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege cmd level 5 mode exec command export
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 3 mode exec command reload
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server

In the end you can create your user accounts where priviledge 3 are for monitor users and priviledge 5 are for read-only users.

(monitor)

username 'user' password 'password' priviledge 3

(read-only)

username 'user' password 'password' priviledge 5

To do it the easy way you can enable it also over the ASDM 😉

1. Go to Configuration > Device Managment > Users/AAA > AAA Access > Authorization
2. Click on the button “Set ASDM Defined Roles”
3. Select “Yes” to let ASDM configure the necessary settings
4. Click on “Apply” to send the configuration on the firewall

Recent Posts

  • Why Productising Your Platform Is Critical for Engineering Success
  • Kubernetes GitOps at Scale with Cluster API and Flux CD
  • Install OpenShift/OKD 4.9.x Single Node Cluster (SNO) using OpenShift Hive/ACM
  • Kubernetes in Docker (KinD) – Cluster Bootstrap Script for Continuous Integration
  • Kubernetes Cluster API – Machine Health Check and AWS Spot instances
  • OpenShift Hive v1.1.x – Latest updates & new features
  • Kubernetes Cluster API – Provision workload clusters on AWS
  • OpenShift Hive – Deploy Single Node (All-in-One) OKD Cluster on AWS
  • Mozilla SOPS and GitOps Toolkit (Flux CD v2) to decrypt and apply Kubernetes secrets
  • Getting started with Kubernetes Operators in Go

Categories

  • Automation
  • Cloud
  • Kubernetes
  • Monitoring
  • Networking
  • Platform Engineering
  • Programming
  • Security
  • Tools
  • Uncategorized

Links

  • cidrblocks – Generate subnets within Availability Zones
  • Kubernetes Documentation
  • List of TCP/UDP port numbers
  • My Github Profile
  • RedHat OpenShift Documentation
  • Techbloc RSS Feed
  • Xip.io Wildcard DNS Service

Tags

  • Amazon
  • Ansible
  • API
  • ASA
  • Automation
  • AVI Networks
  • AWS
  • BGP
  • CI/CD
  • Cisco
  • Cloud
  • cluster
  • Container
  • Container Platform
  • Continuous Delivery
  • Continuous Integration
  • Cumulus Linux
  • Cumulus Networks
  • DevOps
  • Docker
  • Firewall
  • GitOps
  • infrastructure as code
  • IOS
  • k8s
  • Kubernetes
  • NetOps
  • NetScaler
  • Network
  • Network Simulation
  • OKD
  • OpenShift
  • OpenShift Hive
  • Open Source
  • operator
  • PaaS
  • Pipeline
  • Platform as a Service
  • Playbook
  • RedHat
  • routing
  • SDN
  • Terraform
  • Vagrant
  • YAML
  • Twitter
  • Linkedin
Proudly powered by WordPress