LunaSH Command Summary

This section provides a summary of all of the LunaSH commands, and which users are able to access the commands.

The standard administrative LunaSH user accounts on the Luna Network HSM 7 appliance are:

admin All commands, except some specialized audit commands. This is the highest-level, full-access administrative role.
operator Most commands, except some configuration commands for the system and the HSM.
monitor Only commands that present information about the appliance or the HSM.
audit Only commands governing HSM audit logging functions.

When you log into the appliance as one of the standard users (or a custom user assigned one of the standard roles), you are able to access the subset of commands listed in the relevant column below. You can also create custom user roles and specify the list of commands that user role is able to access (see Appliance Users and Roles).

Some commands are restricted to the HSM SO or Auditor; these will not work until you log in to the HSM using hsm login or audit login.

NOTE   The commands marked "configurable" do not require hsm login by default. You can use sysconf forceSOLogin enable to require hsm login for these commands (see sysconf forceSOLogin).

Command admin operator monitor audit hsm or audit
login required
exit  
help  
audit admin operator monitor audit audit login
required
audit changePwd        
audit config      
audit init        
audit log clear        
audit log list        
audit log tail        
audit log tarlogs        
audit log untarlogs        
audit log verify        
audit login        
audit logout      
audit remotehost add        
audit remotehost clear        
audit remotehost delete        
audit remotehost list        
audit secret export      
audit secret import      
audit show        
audit sync      
client admin operator monitor audit hsm login
required
client addCA      
client assignPartition     configurable
client delete     configurable
client deleteCA      
client dn assign      
client dn delete      
client dn show    
client fingerprint      
client hostip map     configurable
client hostip show    
client hostip unmap     configurable
client list    
client listCAs    
client register     configurable
client revokePartition     configurable
client show    
client update     configurable
cluster admin operator monitor audit hsm login
required
cluster backup config        
cluster backup disable        
cluster backup enable        
cluster backup run        
cluster backup show    
cluster client deregister        
cluster client list    
cluster client register        
cluster config      
cluster config show    
cluster create        
cluster delete        
cluster disable        
cluster enable        
cluster group list    
cluster join        
cluster leave        
cluster list    
cluster member authorize        
cluster member config        
cluster member delete        
cluster member list    
cluster member show    
cluster restore run        
cluster restore show    
cluster show    
cluster status    
hsm admin operator monitor audit hsm login
required
hsm backup      
hsm changePolicy      
hsm changePw        
hsm checkCertificates    
hsm displayLicenses    
hsm factoryReset        
hsm firmware rollback    
hsm firmware show    
hsm firmware upgrade    
hsm fm delete      
hsm fm load      
hsm fm recover      
hsm fm smfs activate      
hsm fm status        
hsm generateDAK      
hsm information monitor    
hsm information reset      
hsm information show    
hsm init        
hsm loadCustomerCert      
hsm login      
hsm logout    
hsm ped connect    
hsm ped deselect    
hsm ped disconnect    
hsm ped select    
hsm ped server delete        
hsm ped server list    
hsm ped server register        
hsm ped set        
hsm ped show  
hsm ped timeout set    
hsm ped timeout show  
hsm ped vector erase        
hsm ped vector init      
hsm qos metrics reset      
hsm qos metrics show      
hsm restore    
hsm selfTest    
hsm setLegacyDomain        
hsm show    
hsm showPolicies  
hsm stc activationTimeOut set      
hsm stc activationTimeOut show      
hsm stc cipher disable      
hsm stc cipher enable      
hsm stc cipher show      
hsm stc disable      
hsm stc enable      
hsm stc hmac disable      
hsm stc hmac enable      
hsm stc hmac show      
hsm stc identity create      
hsm stc identity delete      
hsm stc identity initialize      
hsm stc identity partition deregister      
hsm stc identity partition register      
hsm stc identity show      
hsm stc partition export    
hsm stc partition show      
hsm stc rekeyThreshold set    
hsm stc rekeyThreshold show      
hsm stc status    
hsm stm recover    
hsm stm show    
hsm stm transport    
hsm supportInfo    
hsm tamper clear      
hsm time    
hsm time get    
hsm time sync    
hsm tamper show    
hsm update capability      
hsm update show      
hsm zeroize        
keyring admin operator monitor audit hsm login
required
keyring create        
keyring delete        
keyring disable        
keyring enable        
keyring list    
keyring reset        
keyring show    
keyring unlock        
my admin operator monitor audit hsm login
required
my file clear  
my file delete  
my file list  
my password expiry show  
my password set  
my public-key add  
my public-key clear  
my public-key delete  
my public-key list  
network admin operator monitor audit hsm login
required
network dns add nameserver      
network dns add searchdomain      
network dns delete nameserver      
network dns delete searchdomain      
network hostname      
network interface bonding config      
network interface bonding disable      
network interface bonding enable      
network interface bonding show    
network interface delete      
network interface dhcp      
network interface slaac      
network interface speed set-auto      
network interface speed set      
network interface speed show    
network interface static      
network ping  
network route add      
network route clear      
network route delete      
network route show    
network show  
ntls admin operator monitor audit hsm login
required
ntls bind     configurable
ntls certificate monitor disable     configurable
ntls certificate monitor enable     configurable
ntls certificate monitor show    
ntls certificate monitor trap trigger     configurable
ntls certificate show    
ntls information reset     configurable
ntls information show    
ntls ipcheck disable     configurable
ntls ipcheck enable     configurable
ntls ipcheck show    
ntls show    
ntls tcp_keepalive set     configurable
ntls tcp_keepalive show    
ntls threads set     configurable
ntls threads show    
ntls timer set     configurable
ntls timer show    
package admin operator monitor audit hsm login
required
package deletefile      
package erase    
package list    
package listfile    
package update    
package verify    
partition admin operator monitor audit hsm login
required
partition activate      
partition backup      
partition changePolicy      
partition changePw      
partition clear      
partition create    
partition createChallenge      
partition deactivate      
partition delete    
partition init    
partition init co    
partition init cu      
partition list    
partition rename    
partition resize    
partition restore      
partition show    
partition showContents      
partition showPolicies      
partition stcIdentity export    
partition stcIdentity show      
service admin operator monitor audit hsm login
required
service list    
service restart      
service start      
service status    
service stop      
status admin operator monitor audit hsm login
required
status cpu    
status date    
status disk    
status handles    
status interface    
status mac    
status mem    
status memmap    
status netstat    
status ps    
status sensors    
status sysstat code    
status sysstat show    
status time    
status zone    
stc admin operator monitor audit hsm login
required
stc activationTimeOut set    
stc activationTimeOut show  
stc cipher disable    
stc cipher enable    
stc cipher show  
stc hmac disable    
stc hmac enable    
stc hmac show  
stc partition export    
stc partition show  
stc rekeyThreshold set    
stc rekeyThreshold show  
sysconf admin operator monitor audit hsm login
required
sysconf appliance hardReboot        
sysconf appliance poweroff      
sysconf appliance reboot      
sysconf appliance rebootOnPanic disable      
sysconf appliance rebootOnPanic enable      
sysconf appliance rebootOnPanic show    
sysconf banner add        
sysconf banner clear        
sysconf config backup        
sysconf config clear        
sysconf config delete        
sysconf config export        
sysconf config factoryReset       configurable
sysconf config import        
sysconf config list    
sysconf config restore        
sysconf config show    
sysconf ctc class assign      
sysconf ctc class define      
sysconf ctc class delete      
sysconf ctc class revoke      
sysconf ctc class show      
sysconf ctc client show      
sysconf ctc disable      
sysconf ctc enable      
sysconf ctc measurement disable      
sysconf ctc measurement enable      
sysconf ctc measurement show      
sysconf ctc show      
sysconf drift init      
sysconf drift reset      
sysconf drift set      
sysconf drift startmeasure      
sysconf drift status    
sysconf drift stopmeasure      
sysconf fingerprint license    
sysconf fingerprint ntls    
sysconf fingerprint ssh    
sysconf forceSOLogin disable      
sysconf forceSOLogin enable      
sysconf forceSOLogin show        
sysconf installCert        
sysconf license apply      
sysconf license list    
sysconf license revoke      
sysconf ntp addserver      
sysconf ntp autokeyAuth clear      
sysconf ntp autokeyAuth generate      
sysconf ntp autokeyAuth install      
sysconf ntp autokeyAuth list      
sysconf ntp autokeyAuth update      
sysconf ntp deleteserver      
sysconf ntp disable      
sysconf ntp enable      
sysconf ntp listservers    
sysconf ntp log tail      
sysconf ntp ntpdate      
sysconf ntp show    
sysconf ntp status    
sysconf ntp symmetricAuth key add      
sysconf ntp symmetricAuth key clear      
sysconf ntp symmetricAuth key delete      
sysconf ntp symmetricAuth key list    
sysconf ntp symmetricAuth trustedKeys add      
sysconf ntp symmetricAuth trustedKeys clear      
sysconf ntp symmetricAuth trustedKeys delete      
sysconf ntp symmetricAuth trustedKeys list    
sysconf radius addServer        
sysconf radius deleteServer        
sysconf radius disable        
sysconf radius enable        
sysconf radius show        
sysconf regenCert       configurable
sysconf reimage start      
sysconf reimage tarlog        
sysconf snmp disable      
sysconf snmp enable      
sysconf snmp notification add      
sysconf snmp notification clear      
sysconf snmp notification delete      
sysconf snmp notification list    
sysconf snmp show    
sysconf snmp trap clear      
sysconf snmp trap disable      
sysconf snmp trap enable      
sysconf snmp trap set      
sysconf snmp trap show    
sysconf snmp trap test      
sysconf snmp user add      
sysconf snmp user clear      
sysconf snmp user delete      
sysconf snmp user list    
sysconf ssh client add      
sysconf ssh client clear      
sysconf ssh client delete      
sysconf ssh client list    
sysconf ssh client showRejectedClients      
sysconf ssh ciphers reset      
sysconf ssh ciphers set      
sysconf ssh ciphers show    
sysconf ssh device      
sysconf ssh ip      
sysconf ssh password disable      
sysconf ssh password enable      
sysconf ssh port        
sysconf ssh publickey disable      
sysconf ssh publickey enable      
sysconf ssh regenKeyPair      
sysconf ssh show    
sysconf time      
sysconf timezone list    
sysconf timezone set      
sysconf timezone show    
sysconf tls ciphers reset        
sysconf tls ciphers set        
sysconf tls ciphers show    
syslog admin operator monitor audit hsm login
required
syslog cleanup        
syslog export      
syslog period      
syslog remotehost add      

syslog remotehost cert

     
syslog remotehost cert delete      
syslog remotehost cert deleteCA      
syslog remotehost cert gen      
syslog remotehost cert install      
syslog remotehost cert installCA      
syslog remotehost clear      
syslog remotehost delete      
syslog remotehost list      
syslog rotate      
syslog rotations      
syslog severity set        
syslog show    
syslog tail    
syslog tarlogs    
token admin operator monitor audit hsm login
required
token backup factoryReset      
token backup init      
token backup list    
token backup login      
token backup logout      
token backup partition delete      
token backup partition list    
token backup partition show    
token backup show    
token backup update capability      
token backup update firmware      
token backup update show    
user admin operator monitor audit hsm login
required
user add        
user delete        
user disable        
user enable        
user list        
user password        
user radiusAdd        
user role add        
user role clear
       
user role delete        
user role import        
user role list        
webserver admin operator monitor audit hsm login
required
webserver bind        
webserver certificate generate        
webserver certificate show        
webserver ciphers reset        
webserver ciphers set        
webserver ciphers show        
webserver disable        
webserver enable        
webserver origin clear        
webserver origin set        
webserver origin show    
webserver show