There are only a handful of commands that can be used with the command-line interface but they do everything you need to get the system up and online. We will explain each of those commands and what they are used for. One of the most important commands we'll explore is sysconfig-sensor. It provides you with a menu that allows you to configure the sensor name, IP address, network mask, default route, some basic access controls, and the communications infrastructure of the sensor. You will also learn about the two user accounts on the Cisco IDS—root and netrangr—what they are, and why you want to log in as one or the other.

Once the initialization process is complete and you have become familiar with the accounts and commands they perform, we will take you through the process of how to recover the sensor using a recovery partition CD-ROM. You may even need to know how to recover passwords. Thus, we'll discuss how to get past the dreaded unknown password of a used sensor. These two processes are important to know, considering frequent personnel turnover and how often hardware changes hands. As a result, information like passwords is not always passed on to the next responsible party. You may also experience a situation that requires you to change the interface configuration between the control port and the snooping port. We'll explain why and walk you through the process.