pcksh and cpcksh switch


Hi All
I am reading admin auide, and I know NPUM has 3 methods to control
user ...(1)use usrun command(2)use pcksh(3)use cpcksh
I have tested compledte about usrun command...but I want to test to let
all users's shell switch to use pcksh or cpcksh...I have create 2
command rules for pcksh / cpcksh....but I do not know make use login to
server , the deault shell is pcksh or cpcksh.
Besides, How to verify user's shell indeed use pcksh or cpcksh?? use
"echo $SHELL" ? if it will return "pcksh" or "cpcksh" message ?

thanks!!

wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=49150

  • On 11/05/2013 09:06 PM, wyldkao wrote:
    >
    > Hi All
    > I am reading admin auide, and I know NPUM has 3 methods to control
    > user ...(1)use usrun command(2)use pcksh(3)use cpcksh
    > I have tested compledte about usrun command...but I want to test to let
    > all users's shell switch to use pcksh or cpcksh...I have create 2
    > command rules for pcksh / cpcksh....but I do not know make use login to
    > server , the deault shell is pcksh or cpcksh.
    > Besides, How to verify user's shell indeed use pcksh or cpcksh?? use
    > "echo $SHELL" ? if it will return "pcksh" or "cpcksh" message ?


    Controlling which shell a user loads by default on login is up to the
    Linux/Unix system. Normally this is in the /etc/passwd file, and yes you
    can see which one it is by looking at the logged-in user's shell command,
    or by looking t the output of `getent passwd userNameHere` on most systems
    which will also show you users that come from systems other than the
    /etc/passwd file.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • DON'T CHANGE USERS SHELL TO PCKSH EVER.

    For *individual commands AND invoking a Privileged shell, (pcksh) users
    use 'usrun' *

    For example: Users invoke a Privileged shell with usrun, such as 'usrun
    -u root pcksh'

    For this 'usrun' to authothorize you would need to set up a Command and
    a Rule.

    Example Command: pcksh
    Commands:
    /usr/bin/pcksh
    pcksh

    Rewrite:
    /usr/bin/pcksh -o audit 1

    Example Rule: pcksh as root

    Begin Rule: pcksh as root
    If (command IN pcksh AND (user IN Security Admins))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Set runUser = "root"
    Stop if authorized
    End If
    End Rule: pcksh as root



    TO INVOKE THE CPCKSH SHELL

    You change the users shell to cpcksh (/usr/bin/cpcksh) in the
    /etc/passwd, however you need a matching rule that will authorize the
    shell (upon login)

    Example Command: cpcksh to bash
    Commands:
    -cpcksh

    Rewrite:
    /bin/bash

    Example Rule:
    Begin Rule: cpcksh to bash
    If ((command IN cpcksh to bash))
    Then
    Set Authorize: yes
    Set Session Capture: yes
    Stop if authorized
    End If
    End Rule: cpcksh as login shell


    Note: If Command Control is NOT available, users with their shell
    changed to cpcksh will NOT be able to login. The cpcksh shell is a
    shell that does NOT grant additinonal rights, as seen in the example
    above. It's meant for a monitoring normal users shell.


    --
    deni
    ------------------------------------------------------------------------
    deni's Profile: https://forums.netiq.com/member.php?userid=1793
    View this thread: https://forums.netiq.com/showthread.php?t=49150