cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9901
Views
5
Helpful
7
Replies

Delete Configuration Files

quentinperceval
Level 1
Level 1

Hi !

Following this thread (https://supportforums.cisco.com/thread/2066895), I establish a daily automatic backup of my configuration file to a remote server (via SSH and SCP).

My problem is the following : How can I delete sent files ont my ESA appliance ?

I saw ways to do it via FTP, but I don't want to open FTP on my applicance...

I'm running AsyncOS 7.6.3 on ESA C370.

Thank you for your help !

Best Regards

Quentin

1 Accepted Solution

Accepted Solutions

The command "help" lists all the available CLI commands (although it does not list "ls" and you can't issue "ls" commnd from a CLI putty session but for some reason you can using plink).  There is no command to delete files.  The shell is severely locked down for good security reasons.  File management is handled automatically by the system (like log file rollover).

View solution in original post

7 Replies 7

Mariusz Bochen
Level 1
Level 1

Hi Quentin,

This is from official Cisco documentation https://www.cisco.com/en/US/docs/security/esa/esa7.6/ESA_7.6_AdvancedGuide.pdf

•If you need to access the appliance for the purposes of uploading or downloading configuration files, you must enable FTP or Telnet on an interface.

•You can also upload or download files using secure copy (scp).

Since the SCP is probably not going to work as per this threat:

https://supportforums.cisco.com/thread/2146510

and Telnet is not something you would use, the only one option left is FTP

Regards

Mariusz


Hi !

My point isn't to download configuration files (I already did this, and SCP is going well ^^), my point is to delete configuration files, and I'm searching a way to do this, via the CLI, SSH or SCP.

I found that it is possible tu enter linux commande via SSH (like "ls" for example), but if I try a "rm" the prompt say "You do not have access to the rm command" ...

So I'm searching a command to delete files via the CLI or via SSH...

Thank you for your help !

Best regards

Quentin

The command "help" lists all the available CLI commands (although it does not list "ls" and you can't issue "ls" commnd from a CLI putty session but for some reason you can using plink).  There is no command to delete files.  The shell is severely locked down for good security reasons.  File management is handled automatically by the system (like log file rollover).

Thank you for your answer.

I did a little test with generating 1800 conf files (~5 years), and wait 24 hours : there is no "rollover", but the total size is arround 400Mo, so it's not such a bid deal.

I will come back soon with new questions

you can login with your admin or service account and type this command rm -rf /file.

it will delete the file.

Not 100% correct.  Customer does not have the ability to run 'rm -rf/' on the CLI of the appliance.  Nor, do they have service account access.

If you needed to remove a saved configuration (.XML) from the appliance - the one customer accessable way would be via FTP:

ftp> cd configuration

250 CWD command successful.

ftp> ls

227 Entering Passive Mode (XXX,YY,XX,YY,XXX,YYY)

150 Opening ASCII mode data connection for file list

drwxrwx---   2 root     config        512 Feb 26  2013 iccm

-rw-rw----   1 admin    config       1117 Feb 26  2013 profanity.txt

-rw-rw----   1 admin    config         90 Feb 26  2013 proprietary_content.txt

-rw-rw----   1 admin    config       2119 Feb 26  2013 sexual_content.txt

-rw-rw----   1 admin    config      26619 Feb 26  2013 ASYNCOS-MAIL-MIB.txt

-rw-rw----   1 admin    config       1287 Feb 26  2013 IRONPORT-SMI.txt

drwxrwx---   2 root     config        512 Jul 24 12:18 logos

-rw-rw----   1 admin    config         48 Sep  5 17:00 slbl-782BCB647CF3-DFZP9S1-20130905T210043.csv

-rw-rw----   1 admin    config     167649 Oct 30 10:45 X1070-782BCB647CF3-DFZP9S1-20131030T104500.xml

ftp> del X1070-782BCB647CF3-DFZP9S1-20131030T104500.xml

250 DELE command successful.

-Robert

Ravi,

I apologize but unless you are talking about Customer Support Engineers and their service account (via remote access), the information you provided could not be validated by me, at least.

Please see below:

> saveconfig yes

File written on machine "esalab.cisco.com" to the location "/configuration/C150-serial-20131030T121815.xml".

Configuration saved.

esalab.cisco.com> rm /configuration/C150-serial-20131030T121815.xml

Unknown command or missing feature key: rm

esalab.cisco.com> rm -rf /configuration/C150-serial-20131030T121815.xml

Unknown command or missing feature key: rm

esalab.cisco.com>

or via SSH:

$ ssh -l admin 10.97.14.35 rm -rf /configuration/C150-serial-20131030T121815.xml

You do not have access to the rm command.

vdacosta-mac:~ vdacosta$

You can do ls tough:

$ ssh -l admin 10.97.14.35 ls /configuration

-rw-rw----  1 admin  config     15712 Jan 31  2012 ASYNCOS-MAIL-MIB.txt

-rw-rw----  1 admin  config     62203 Jun 27 17:27 C150-serial-20130627T172739.xml

-rw-rw----  1 admin  config     64024 Jul 19 03:08 C150-serial-20130719T060855-7.5.1-102.xml

-rw-rw----  1 admin  config     81769 Aug 21 11:26 C150-serial-20130821T112655-7.6.2-014.xml

-rw-rw----  1 admin  config    170695 Oct 30 12:18 C150-serial-20131030T121815.xml

-rw-rw----  1 admin  config       972 Jan 31  2012 IRONPORT-SMI.txt

-rw-rw----  1 admin  config        47 Aug 19 16:03 backup1.txt

-r--r--r--  1 root   wheel     382127 Oct 24 14:57 cluster_config.dtd

-r--r--r--  1 root   wheel     381654 Sep 20 09:52 config.dtd

-rw-rw----  1 admin  config      6200 Sep 27 00:25 export.fdl

drwxrwx---  2 root   config       512 Jan 31  2012 iccm

drwxrwx---  2 admin  config       512 Jun 27 10:25 logos

-rw-rw----  1 admin  config      1117 Jan 31  2012 profanity.txt

-rw-rw----  1 admin  config        90 Jan 31  2012 proprietary_content.txt

vdacosta-mac:~ vdacosta$

###

The optios I see are:

a) Use FTP

b) Open a TAC ticket and aske the Engineer to remove the files for you

c) Open a TAC case and fill a feature request.

How do I file a Feature Request or ask for a change in system behaviour?

Knowledge Base Answer ID: 1438

http://tools.cisco.com/squish/5E452

=============================================

I hope this helps.

-Valter