How to survive an ACS audit with aaa-reports!

For many organisations the Cisco Secure ACS server is the guardian of the network - controlling administrative access to routers and switches plus overseeing end network users over VPN, wireless and firewall.
Its no surprise therefore that it should come under intense scrutiny during an audit. Perhaps what is surprising is the lack on awareness over best practice for running ACS in a secure way. We'd like to help in our small way and below is a list of tips we've picked up over the years of providing reporting services for ACS.
Buy aaa-reports! Of course we would say that... But without the ability to aggregate the logs from all your ACS servers and report on the data, or use our query builder for forensic analysis, or import the ACS database to document the policy features enabled.... you'll have a hard time getting the evidence that an auditor might ask for.
Make sure ACS is logging the appropriate attributes for the reports you need to create. For example if you need to document who did what to devices in specific Network Device Groups (NDG) you must ensure this value actually gets logged. Performing ACS upgrades often sets logging configs back to their defaults.
Create a build specification for your ACS. Detail the "meta config" of your ACS so that after an emergency hardware swap-out or software upgrade you can quickly check that the ACS has the correct configuration. The build spec document should be under version control and is a useful item in itself to convince an auditor your system is well controlled.
Create a Change Control system for config changes on the ACS. Since its ACS that decides who gets access and what commands they run on your network its vital you report on the Administration Audit logs. During an audit you can then correlate entries in your change control system with actual edits recorded in the Admin Audit logs. aaa-reports! can document what all or individual ACS admins did in detail.
Retain 2 years of actual CSV log data on your reporting server. For general day-to-day reporting you dont need this amount, but during an audit you may be required to show what happened on a specific historic date. aaa-reports! multi-db feature will allow you to create a specific back-end database just for this task and import logs from the required time period. Alternatively use the aaa-reports! snapshot feature to regularly save its database state, for example quarterly. You may then connect aaa-reports! to any of the historic snapshot databases to report on the data from that quarter.
Regularly export the ACS database into aaa-reports! If you are running reports against log data from 2 years ago you also need to know what was in the ACS database at the same time - using a more recent ACS database might yield unexpected results because the configuration is likely to changed in the meantime. Usecsvsync to regularly grab the ACS database and keep them alongside the retained CSV logs for future reference.
Review the quality of ACS log data. From time to time its worth taking a look at the quality of the data getting logged. We often find customers with rogue scripts being automated on devices that cause the ACS Failed Attempts logs to become full of many MBs of "junk data" - essentially one failed attempt for each line of the script. If left to continue for months the real data starts to become more difficult to find.
In terms of specific questions that an audit will concentrate on, typically it will revolve around demonstrating that not only is there specific and adequate policy to control access to those parts of the network require it, but also to seek evidence that those policies are in fact working. In aaa-reports! we added a whole set of reports for TACACS+ Device Administration (TDA) that attempt to document the ACS policy configuration, answer questions such as "who can/cannot access devices and once connected what can they do?" and finally report on what did actually happen.
Below are some additional TDA specific tips:
Ensure services such as shell/exec are only enabled for ACS groups that really need it. The aaa-reports! TDA Group Summary report will list every ACS group and what TDA features are enabled. The TDA Group Detailreport can be used to inspect the policy in detail.
Check for user-level ovverides. In general users should always inherit policy from their group unless there is good reason. The aaa-reports! TDA User Summary report list users with group overriden configuration. The TDA User Detail report can be used to inspect what policy items are specific to the user.
Use Network Access Restrictions (NAR) to prevent login by unauthorised personnel. The first line of defence is to only allow device admin users access to routers and switches. We find some customers rely purely on command authorisation - this potentially lets anyone access the device who can authenticate. Imagine the scenario where ACS has "unknown authentication" enabled pointing at your Windows AD then answer "Who has access?". aaa-reports! can report group-by-group on device access controlled by NARs and therefore answer "Who has access to device XYZ?"
Use Device Command Sets (DCS) for command authorisation. Create a set of re-usable DCSs with meaningful names in preference to simple group-level command authorisations. ACS administration is simplified and the auditor should understand what the intent of the policy is by its name. aaa-reports! can document the both the content of each DCS and the group assignments, thereby answering the question "What commands can user X execute on device XYZ?"
Seek out and remove old ACS user accounts. aaa-reports! can report on inactive users both from examination of accounting logs and (if password aging is enabled) from the imported ACS database itself.
Learn how to use the aaa-reports! Query Builder. Despite the comprehensive set of pre-built canned reports, during an audit you are likely to be asked questions about a specific date, user or device. Knowing how to use the QB to build filter/sort and group/totalling queries will get the answers quickly. Take the random question "How many sessions did user X have on devices A, B and C on this date?" The aaa-reports! QB can easily create custom reports that filter on any number of attribute values, group by multiple columns and have calculated fields such as sum, count, average etc. If you have a working knowledge of Visual Basic 6 (VB6) its also possible to use a rich array of formatting and other VB6 functions to create additional fields.
The above list is of course by no means definitive as every customer will have their own specific needs from ACS and face different levels of compliance. Undergoing an audit is never easy, but at least with the right tools it doesnt have to be awful!
For more infomation on extraxi aaa-reports! or to download our free 60 day trial version please visit http://www.extraxi.com/audit.htm

Similar Messages

How to send a conditional email with interactive report subscription

Hi,
i have an interactive report with subscription.
I would like to send an email with the attachment only when the query returns one or more records.
How to to this?
Apex 4.0.2
Thanks in advance
lukx

Well, to understand your requirements can I ask this:
You said earlier you want a report sent whenever records that meet a criteria exist, correct? So you want the application to query for a condition, and when that condition occurs (a row with primary Key = X, a select COUNT(1) for rows with column X returns a result of 1 or more)
Then you would schedule a batch job:
BEGIN
-- Job defined entirely by the CREATE JOB procedure.
DBMS_SCHEDULER.create_job (
job_name => 'Send_Email_Procedure',
job_type => 'PLSQL_BLOCK',
job_action => 'BEGIN Test_For_COND_SEND(); END;',
start_date => SYSTIMESTAMP,
repeat_interval => 'freq=hourly; byminute=0',
end_date => NULL,
enabled => TRUE,
comments => 'Job defined entirely by the CREATE JOB procedure.');
END;
This would in theory run hourly and run your test_for_cond_Send process, in which you would test for the condition and send an e-mail if it was found that would contain the results from your query/report.
Here is a link to generate a PDF report that could be sent via e-mail: Re: how to save pdf in APEX 3.0
Thank you,
Tony Miller
Webster, TX
While it is true that technology waits for no man; stupidity will always stop to take on new passengers.

How to Print Selection-Screen along with ALV Report output

Hi,
I have a requirement wherein i need to also print the Selection Screen of a report when I print the ALV report output.
Basically i need to print the ALV output along with selection screen.
Could you plz suggest me the way.
Regards,
Nitin

Hi,
My selection Screen is a very big one. It contains around 30 select-options.
So is their any standard method in which you can choose whether you want to take the output printout with or without Selection screen.
Regards,
Nitin

How to link a custom BADI with standard report.

Hi All,
I have a requirement to create a Custom BADI and to link it through the Standard Program. How to do this. As i cannot modify Standard Program.
I have put some checks in custom BADI, which i want to be done before anyone runs standard program. I have a doubt of how to do this in between (before executing Standard Program) as i cannot use my Custom BADI in Standard Program. Then how to trigger the BADI and where. Is there any way to accomplish the same ?
Thanks in advance.
Regards,
Neha

Hi Neha,
I am stuck to the same problem. if you have got the answer please share it.
Nilesh

How can i populate pdf form with access report data

i am trying to make a report electronicly signable. my report is compiled weekly from an access database and i need a way to make it signable. if i can export records from access to an existing pdf would be great. or maybe there is a way to get a signature block put in on the fly? got any ideas?

i am trying to make a report electronicly signable. my report is compiled weekly from an access database and i need a way to make it signable. if i can export records from access to an existing pdf would be great. or maybe there is a way to get a signature block put in on the fly? got any ideas?

How to solve the date issue with BIP report

Even the below query also giving "invalid Number error"
select * from scott.emp
where hiredate between TO_DATE('01-01'||TO_CHAR(:p_end_date,'YYYY'),'MM-DD-YYYY')
AND TO_DATE(to_char(:p_end_date,'MM-DD-YYYY'),'MM-DD-YYYY')
Regards
boo

Use:
BETWEEN TO_DATE(NVL(:p_varchar_FromDate, '01/01/1900'), 'MM/DD/YYYY')
AND TO_DATE(NVL(:p_varchar_ToDate, '12/31/5000'), 'MM/DD/YYYY')
Regards,
Amit

Aaa-reports! enterprise v1.2 - audit solutions for Cisco Secure ACS

Extraxi is pleased to announce the latest version of its flagship reporting package - aaa-reports! enterprise v1.2
The next release of aaa-reports! enterprise has just been made - mainly concentrating on new reports and datasets including:
Single TACACS+ command authorisations. Shows both permitted and denied commands by combining log entries from Failed Attempts and T+ Device Administration logs
RADIUS and TACACS session reports. These provide single row per session with all relevant data.
RADIUS identity networking reports. The dataset used by the RADIUS session report is key for auditing identity network environments allowing for a username to be tied to a client side MAC address/IP Address or telephone number, assigned IP address etc. Using the point and click query builder its possible to create deployment-centric reports with multi-level grouping, sorting, filtering plus calculated fields using flexible Visual Basic syntax and full function library
Stability and bug fixes
Updated installers
aaa-reports! enterprise v1.2 is a free upgrade for existing customers with a current support contract.
Visit www.extraxi.com for full product details and a 60 day fully working trial.
To see how aaa-reports! can help you meet your ACS audit requirements please take a look at this earlier post.

bump

How to use a macro with AAA Authorization set?

So!
We have ACS version 4.1, and one goal is to start working on authorization sets for groups. I am able to get basic commands to work, but was curious about making a macro work without having to allow all of the commands that are actually contained wihtin the macro itself.
I'm looking into this to promote standardization and minimize confiugration issues/inconsistencies on ports accross swtiches in our environment.
The macro I created is used for configuring a port on a swtich to change its VLAN. Basically as follows:
macro name T2
Description $DESC
switchport mode access
no cdp enable
switchport access vlan $STATIC
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
storm-control broadcast level 25.00
storm-control action trap
switchport nonegotiate
no lldp transmit
no lldp receive
#macro keywords $DESC $STATIC
In ACS I've created a shell command authorization set, and allowed 'macro' with 'permit apply T2' and 'permit trace T2'. This works fine and allows me to use those macro commands. The problem I'm having is that every command in the macro is not allowed in the authorization set, so when I run the macro it fails for each command.
I don't want to allow each individual command in the authorization set as it would then allow jr. admins the ability to make config changes on ports that would be outside of our standard. For example they could get into a port and forget to disable CDP and LLDP, casuing inconsistencies accross the envrionment. Is there a way to run these macros without putting all of the commands in the authorization set?

Hello Eric,
Please see the below link for configuring Macro and how you can use them with AAA
http://www.cisco.com/en/US/docs/switches/lan/auto_smartports/12.2_55_se/configuration/guide/configure.html

How to go about Online auditing of PM endusers with their daily transaction

Dear friends,
How to go about Online auditing of PM endusers with their daily transactions like Maintenence orders,Maint plans
measuring documents.can you give provide me navigation for this
your response is highly appriciated.
Regards,
Sunil

Hi Sunil,
We do a similar kind of Tracking on Month-to-month basis, actually the repost is given by the Security person, which is for all the users, and then as per the User Group for all the plants we can check as which T-Code is used by which person How many no of times, by converting the same report in the Pivit Table and Chart, the IT department take the Decission as from which all user , which T-Codes needs to be removed, and if the New T-Code is assigned then the requirement comes from Business.
I guess a Similar Report can be used by you also to check out as of which all users are using which T-Codes and that can serve your Purpose and check out for the Descipline in the users, but how can you judge on the day-to-day basis, I guess it will be helpfull if you can take a longet Period of time like monthly or atleaset Weekly.
Hope it helps you.
Regards,
Yawar Khan

Log into Device with AAA, how do I get right into enable mode?

I am using a Cisco ACS server with an RSA server behind it. When the user is authenticated from the ACS server, I want them to go straight into enable mode, not have to type the enable mode password. What line am I missing?
aaa authentication login ACS group ACS_servers local enable
aaa authorization exec ACS group ACS_servers local
aaa authorization commands 15 ACS group ACS_servers local
aaa accounting commands 1 default start-stop group ACS_servers
aaa accounting commands 15 default start-stop group ACS_servers
line vty 0 5
login authentication ACS
authorization commmands 15 ACS

The configuration in question is for telnet, but I do need to design my new console access connection. Console access would be either remotely or on-site, but I don't feel comfortable giving priv 15 right into it. I plan to use the same authentication method on the console (ACS group 1st, local database 2nd) and will just have to enter the enable password through the console.
One more question on the aaa config, I kept getting this error in the log:
AAA/AUTHOR: config command authorization not enabled
So I added:
aaa authorization config-commands
I don't know if it was needed because I could still execute config-commands, but it kept giving me that warning if I didn't have that line.
Also, do I really need this line if the ACS server is taking care of priv 15 authorization:
aaa authorization commands 15 ACS if-authenticated

[INFO TIPS] How to survive with Ovi Maps 3.0 insta...

Quick info tips. I wanna made this post earlier but I was on few days trip so didn't have a chance... but it's good coz I was tested GPS in real touristic environment.
I'm from Europe so I don't know how all links posted below will be works for people outside Europe.
My hardware: E63 with latest firmware + external GPS module LD-4W
Everything what we do here, we do with phone connected to the PC via USB cable in PC Suite mode and with fully battery charged.
If you have Maps 2.0, everything works well for you and you payed for any of licences - better stay with that version and don't touch Ovi Maps 3.0. Waste of time and nerves.
1. Please make phone data backup in PC Suite. Please make data backup of your memory card.
2. Check if you have firmware upgrade for your phone (click on some icon in PC Suite). But if you have cracked Symbian and you using cracked software better stay away from firmware upgrade. There's new cracking method for newest firmwares, ask Google. I don't use it, I'm clean. If you have new firmware - update the phone.
3. Download MapLoader - http://europe.nokia.com/explore-services/maps/download-maps/map-loader Do fresh install or update old MapLoader
4. Bluetooth MUST BE turn in phone. Why? Ask Nokia. -_- Just kidding but unfortunately it's not funny. Without Bluetooth Ovi Maps 3.0 installed in next step (6.) is crazy as hell. Application is completly unusable, skipping, switching... one big hell on the screen. I don't know how it looks like in phones with build in GPS module.
5. Download Ovi Maps 3.0 - http://europe.nokia.com/explore-services/maps/download-maps and update with this installer old Maps 2.0 in the phone.
6. Run Ovi Maps 3.0 and allow to download via Internet connection in your phone (wifi, gsm, 3g) some portion of initial data - 300 or 400kB - something like that, up to 1MB maximum then disconnect from Internet. It's needed to save some file (I don't remember name) and make structure of catalogues on memory card.
7. Leave Ovi Maps 3.0 and run MapLoader. This application is one big pain in **bleep**. Sometimes doesn't see your phone, sometimes doesn't recognize correctly your memory card size (when you are finished downloading your map/s data that stupid soft can say to you "you don't have" or something like that)... horrible! If something goes wrong - try restart your PC and phone then connect again via USB cable - still in PC Suite mode.
8. When luckily you have maps on your phone, try to pair your phone with your GPS module via Bluetooth or turn on build in module in other models (I think it works like that?).
9. When you will be look out for licence for walk navigation... you cannot find it. You can see only your region name (in my case it was Europe) and you have an option to buy... licenses for drivers. ROTFL! Licence for walk navigation is "hidden option". You must go here - http://europe.nokia.com/get-support-and-software/product-support/maps-support/how-to/how-to--use-map... - it's mini FAQ how to obtain it.
What I see, there's NO MORE free trial licenses in Maps v3.0 You must pay from day one. I buyed that licence for walk navigation for 10,12E (10 euro 12 euro cents) and it's not time restricted - looks like lifetime, ofc for the phone that you use (I think). Other licenses (for drivers) are time restricted (30 days and up as I remember).
Everything works fine for me. I was over 220km away from my hometown in awesome town Wrocław and Ovi Maps 3.0 helps me A LOT with navigation and searching for monuments in this town.
Marcin
NOKIA IN USE: N8

Ad. 1) "...Please make data backup of your memory card."
Because maybe you must be format memory card for proper maps installation (instead upgrade from Ovi Maps 3.0 installation level old installed maps from v2.0).
NOKIA IN USE: N8

Aaa-reports! v2.1 supports TACACS+ Device Admin Audit Reporting

extraxi is proud to announce a new release of aaa-reports! with support for TACACS+ Device Admin (TDA) reports for audit compliance.
Previous versions had the ability to import the Cisco Secure ACS database dump file and generate reports for group summaries, inactive users, expired and disabled user accounts.
But in v2.1 we've gone much deeper. In this release we provide new reports to more fully document your TACACS+ Device Administration (TDA) config:
* Group level Network Access Restrictions (NARs)
* Shared NARs
* Group level service & protocol authorization
* Group level enable authorization
* Group level shell command authorization
* Shared Device Command Sets (DCS) for shell & pixshell
* Network Device Group (NDG) content
With these additions you will at last be able to document your "policy intent" without having to either take screen dumps of the ACS Admin web pages, or write it down by hand!!
And the reports don't stop at config documentation... they can also show you
* Which groups/users have permit access to specific devices (or device group)
* What commands a group/user is authorised to execute against a specific device (or device group)
* What groups/users make reference to a given Shared Network Access Restriction (NAR) or Shared Device Command Set (DCS)
* Which Shared NARs and DCSs are not referenced at all
aaa-reports! v2.1 now supports several methods for importing the ACS Database:
* acsdb.cab - via extraxi "getacsdb" utility for v3.x
* package.cab - via 4.x cssupport/support admin page
All in all, aaa-reports! v2.1 is what ACS users have been crying out for to make network security auditing less painful!
Visit http://www.extraxi.com to download a working 60 day trial

.

How do you get a line with MULTIPLE fields to WRAP ?

How do you get a line with MULTIPLE fields to WRAP ?
Good afternoon everyone...
THE PROBLEM: Why doesn’t a line with multiple fields WRAP?
HYPOTHETICAL EXAMPLE/WHAT I”D LIKE TO SEE
If I have 2 fields on a line (this is now a hypothetical example and nothing to do with my actual report)….let’s call them field A and field B. And if field A has values of all ‘X’ and field B has values of all ‘Y’…then….the normal case would be (ignore dots – only for spacing):
A……………………… B
XXXXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYY
But what if A is too long? I would want to see B wrap onto the next line like this:
A……………………………………………………B
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX YYYYYY
YYYYYYYYYYYYY
And similarly….if B is extra long, can the line print as:
A………………………. B
XXXXXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYYYYYYYYYYY
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
I don’t want the case where B is long and I get:
A………………… …B…
XXXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYYYYYY
………………………..YYYYYYYYYYYYYYYYYYYYY
I can see how you can wrap an individual field like that…but how can you WRAP a line of[b] fields within the frame so it wraps to the BEGINNING of the frame on next line?
My SPECIFIC CASE
I have a report that I have stripped down to a simple structure for the purposes of this explanation.
My DATA MODEL has the main QUERY (for plant family and species data). The columns of the query are divided into 2 groups. The 1st GROUP contains the family data. Below that is the rest of the species data in a 2nd GROUP.
Linking from the 2nd species group (above) is a new QUERY to extract REGION data based on the common key field. Under this 2nd query is another group with all the REGION columns.
The LAYOUT MODEL has a group frame (the main , base one)
On top of this is a repeating frame based on the 1st group (family data).
On top of this is another repeating frame for the 2nd group (species data).
On top of this is 2 Frames on the same line line. The 1st frame contains columns from the species group .
The 2nd frame on this line is a repeating frame. The PRINT DIRECTION for this frame is ACROSS/DOWN. It repeats details of the REGION where the species is found. These columns come from this group come from the REGION QUERY and GROUP.
All fields on the report line have variable horizontal elasticity.
The problem is that when there is too much data on the line, it does NOT WRAP to the 2nd line.. It TRUNCATES.
Can the line be made to WRAP????..
In my current report, 1 of 2 things is happening:
1) All fields print on the line until it hits the page boundary and then it just stops. Truncated!
2) All fields print on the current line, then Oracle Reports throws a new page to print the REMAINDER of the long, input line
But I would like a LONG line to continue printing onto the following line of the same page.
I have tried all combinations of the elasticity fields and the ‘ADVANCED LAYOUT’ properties.
I have been focussing my attention with this problem on the frames .
We are using REPORT BUILDER V 6.0.8.26.0
Thankyou to anyone who may offer assistance.
Tony Calabrese.

Steve,
you gain 1 thing, but you lose something else!
This thing is SO frustrating!
Hey Steve! Good afternoon.
I've done as you suggested....I have a long text boilerplate item - the only 1 on the line...and it has all the column in it.
So it looks like:
&col1 &col2 &col3 &col4 &col5 etc etc etc
And the line expands nicely to each field's requirements.
And when it gets to the right page boundary...it WRAPS to the next line! Beautiful!!!
The only thing is that...when I had individual fields across the line I was able to create format triggers for those fields. And in doing so I was able to reduce the font and change the justification. I had to do that because some of the fields had to appear superscripted.
So I wanted something like (ignore the dots):
...................................ppppp
AAAA BBBB CCCCC DDDD EEEE FFFFFF
So the field of 'ppppp' appeared slightly higher on the line than the other fields...
I can't see how I can do this with a single TEXT field containing all the &COL values.
Have you ever come across anything like this?
Thankyou again,
Tony Calabrese 12/4/2007

[Solved]Compiling audit with staticlibs options

Hi everyone, I wanted e4rat to boost my boot time on my laptop, but recent updates requires me to recompile audit with static libs:
Index» Newbie Corner» [Solved] e4rat-preload cannot work
I made a copy of the audit PKGBUILD from the repositories and altered the options as indicated
depends=(krb5 libcap-ng)
makedepends=(libldap swig linux-headers python2)
license=(GPL)
options=(emptydirs staticlibs)
but when I run makepkg, the compile message tells me that:
libtool: link: ranlib .libs/libauparse.a
/usr/bin/sed: can't read Packages/audit/src/audit-2.3.2/lib/libaudit.la: No such file or directory
libtool: link: `Packages/audit/src/audit-2.3.2/lib/libaudit.la' is not a valid libtool archive
Makefile:895: recipe for target 'libauparse.la' failed
==> ERROR: A failure occurred in build().
Aborting...
but when I nagivate to the audit-2.3.2/lib/ directory, libaudit.la exists there. Am I missing out on something?
Last edited by enochnotsocool (2013-12-15 01:56:36)

Here is my entire /etc/makepkg.conf is it helps at all:
# /etc/makepkg.conf
# SOURCE ACQUISITION
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync --no-motd -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget
# ARCHITECTURE, COMPILE FLAGS
CARCH="x86_64"
CHOST="x86_64-unknown-linux-gnu"
#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
#CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
#CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="-march=native -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
CXXFLAGS="${CFLAGS}"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
DEBUG_CFLAGS="-g -fvar-tracking-assignments"
DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"
#-- Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j5"
# BUILD ENVIRONMENT
# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#-- fakeroot: Allow building packages as a non-root user
#-- distcc: Use the Distributed C/C++/ObjC compiler
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
#-- sign: Generate PGP signature file
BUILDENV=(fakeroot !distcc color !ccache check !sign)
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
# Default: OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
# A negated option will do the opposite of the comments below.
#-- strip: Strip symbols from binaries/libraries
#-- docs: Save doc directories specified by DOC_DIRS
#-- libtool: Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
#-- upx: Compress binary executable files using UPX
#-- debug: Add debugging flags as specified in DEBUG_* variables
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !upx !debug)
#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
# PACKAGE OUTPUT
# Default: put built package and cached source in build directory
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <[email protected]>"
#-- Specify a key to use for package signing
#GPGKEY=""
# COMPRESSION DEFAULTS
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
# EXTENSION DEFAULTS
# WARNING: Do NOT modify these variables unless you know what you are
# doing.
#PKGEXT='.pkg.tar.xz'
PKGEXT='.tar'
SRCEXT='.src.tar.gz'
# vim: set ft=sh ts=2 sw=2 et:
Those were the options I used to build. I installed the depends and then built in my home directory after making the change to the PKGBUILD (adding staticlibs to options array) as you specified. My cpu is i7 sandybridge. Aside from that I'm not sure how much help I can be.

Wich is better the ACS Server with VMware ESX or the Appliance for a multitenant environmet with ip overlaping

Excuse me, does any body can help me?
Wich is better the ACS Server with VMware ESX or the Appliance for a multitenant environmet with ip overlaping
I need to know if the ACS support the AAA functions but from equal ip segments (ip overlaping) on diferent places.... with diferent client networks.
We are implementing the ACS on a central site (our NOC), so each field engineer will be AAA from diferent sites, same ip networks and diferent places....
We need to implement support activities where our field engineer get access on a cisco device on the client premises, but the point is that we have a field engineer force wich get access on each device on diferent places.
With this scenary we need to decide wich is better: The appliance or the ACS Server with VMware ESX
ACS Server with VMware ESX
CSACS-5.1-VM-K9
CSACS-5-ADV-LIC
CSACS-5-LRG-LIC
CSACS-5-BASE-LIC
CON-CSSPS-5ADVLI
CON-CSSPS-5LRGLC
CON-CSSPS-51VMK
APPLIANCE
CSACS-1120-K9
CAB-AC
CSACS-5-BASE-LIC
CSACS-5.0-SW-K9
CON-OSP-CS1120K9

Just a quick question - have you looked at superwaba
and wabajump? Superwaba is basically Java for pocket
pc and palm, but wabajump allows you to compile to
palm (not pocket pc). You can also use Eclipse for
development in an applet - much quicker than deploying
to device/virtual device. Small memory footprint as
well.
Cheers
Andy StrattonThank you Andy. I'll try it. Have you tried to use Websphere Studio Device Developer ?
I've tried version 5.5 but i found it not too comfortable.
I'd like to know personal experiences of the whole stack of components and tools involved
in the development process. We're trying to design the best environment for it.
Kind Regards
J.L Perez

How to survive an ACS audit with aaa-reports!

Similar Messages

Maybe you are looking for