ā04-16-2017 03:53 AM - edited ā03-12-2019 02:13 AM
Dears ,
i want to know which privilege i suppose to use to allow certain user to do "sh version" command as i tried some privilege and they all do the same
as privilege 15
Solved! Go to Solution.
ā04-17-2017 06:42 AM
The ASA capabilities are a bit different than IOS. On an ASA, here would be the command:
asa-5512(config)# privilege cmd level 14 mode exec command show ?
configure mode commands/options:
<cr>
asa-5512(config)# privilege cmd level 14 mode exec command show
Note that you cannot add "version" after show. However as noted in the link I provided earlier, we can use privilege level 0 which includes show version and a few other commands.
We would then add the user thus:
asa-5512(config)# username showuser password showuser123 privilege 0
This new user has access to a limited set of show commands but cannot configure:
[c:\~]$ ssh showuser@x.x.x.x
Connecting to x.x.x.x:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Type help or '?' for a list of available commands.
asa-5512> show ?
checksum Display configuration information cryptochecksum
community-list List community-list
curpriv Display current privilege level
disk0: Display information about disk0: file system
disk1: Display information about disk1: file system
environment Show environment information
flash: Display information about flash: file system
history Display the session command history
import Show imported objects
inventory Show all inventory information for all slots
policy-list List IP Policy list
prefix-list List IP prefix lists
software Show software information
version Display system software version
asa-5512> show run
^
ERROR: % Invalid input detected at '^' marker.
asa-5512>
ā04-16-2017 04:29 AM
I don't think you can restrict access to only "show version" but you cannot restrict access to "show" commands only on an ASA with local database for AAA.
Assign the user a non-default privilege level say level 10. Then customize the "show version" commmand to be available to a user with less than full enable (level 15) privilege.
More info:
https://supportforums.cisco.com/discussion/10987506/asa-privilege-levelsviews
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/p3.html#pgfId-2175310
ā04-17-2017 03:18 AM
Hello!
You can use for example command
privilege exec level 14 show version
ā04-17-2017 06:42 AM
The ASA capabilities are a bit different than IOS. On an ASA, here would be the command:
asa-5512(config)# privilege cmd level 14 mode exec command show ?
configure mode commands/options:
<cr>
asa-5512(config)# privilege cmd level 14 mode exec command show
Note that you cannot add "version" after show. However as noted in the link I provided earlier, we can use privilege level 0 which includes show version and a few other commands.
We would then add the user thus:
asa-5512(config)# username showuser password showuser123 privilege 0
This new user has access to a limited set of show commands but cannot configure:
[c:\~]$ ssh showuser@x.x.x.x
Connecting to x.x.x.x:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Type help or '?' for a list of available commands.
asa-5512> show ?
checksum Display configuration information cryptochecksum
community-list List community-list
curpriv Display current privilege level
disk0: Display information about disk0: file system
disk1: Display information about disk1: file system
environment Show environment information
flash: Display information about flash: file system
history Display the session command history
import Show imported objects
inventory Show all inventory information for all slots
policy-list List IP Policy list
prefix-list List IP prefix lists
software Show software information
version Display system software version
asa-5512> show run
^
ERROR: % Invalid input detected at '^' marker.
asa-5512>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide