This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

linux command block

Hi Team,

 

I am trying to block the specific command of the Linux system by ssh command but it not blocking can anyone provide the steps for command blocking, I follow each and every step from the guide but it is not working.

 

 

thanks for the support in advance

  • 0  

    Please share the link to the documented steps you are following so that we can verify. There are at least a few different ways to achieve a use-case for blocking commands on Linux / UNIX.

  • 0  

    Please share the link to the documented steps you are following so that we can verify. There are at least a few different ways to achieve a use-case for blocking commands on Linux / UNIX.

  • 0  

    Please share the link to the documented steps you are following so that we can verify. There are at least a few different ways to achieve a use-case for blocking commands on Linux / UNIX.

  • 0 in reply to   

     

     

    i created that the new command as below

    Rewrite: /usr/bin/pcksh -o audit 1

    Commands:    -cpcksh  

    after than i write the command risk  but it is not working.

  • Verified Answer

    0   in reply to 

    Enhanced Access Control (EAC) approach with cpcksh relies on a Path Policy provided to the Command Control Rule as a Script Argument. Please refer to the following from documentation:

    https://www.netiq.com/documentation/privileged-account-manager-37/npam_admin/data/eac.html

     

    The Path Policy is where you could configure certain commands to be blocked (if doing cpcksh approach).

     

    The following TID helps document this approach with EAC and optionally how to enhance with Command Risk feature to auto-disconnect or ban the user. The actual command blocking within their session and associated risk levels can all be done as per the Path Policy. Here is the article:

    https://support.microfocus.com/kb/doc.php?id=7022237

  • 0 in reply to   
    We tryed to following the steps but it not disconnection session,if you have pic or document then kindly share
  • 0   in reply to 

    There are two common approaches to block commands in Linux with PAM:

    1.  usrun.
      See documentation link here.

      Similar to a "sudo" type approach where a user can elevate their access privilege of a specific command.

      e.g. showing logged-in as an unprivileged user 'user1' and elevating their command privilege for 'whoami' as privileged account 'root'.

      user1 ~> usrun whoami
      root

    2. cpcksh/pcksh with Enhanced Access Control (EAC).
      See documentation link here.
      See TID 7022237 - How to configure cpcksh with Enhanced Access Control (EAC) for complete session control and command risk.

      User's entire shell / all their commands within their session are being evaluated by PAM cmdctrl against the EAC policy.

     

    The above are the available resources for these common approaches within PAM. If you run into any issue, I highly encourage you to create a Service Request through the Customer Center or Contact Support so that they can take a look at your unique environment.

  • 0 in reply to   

    Hi tdharris,

    Thanks for your kind support. Everytime you try to support your best. I have achieved block cmd with pcksh but could not restrict user to open a file or directory,Can we achive this with EAC for linux and windows ?

    Can you tell me please in which portion of PAM rule I have to mention " Path" .

    i.e path /tmp/confidential.txt read:!write:log=4

     

    Thank you very much

  • 0   in reply to 
    Thank you. The documentation covers the EAC Path Policy with some examples and where to configure the path for filenames or directories and/or sub-directories, etc.
    https://www.netiq.com/documentation/privileged-account-manager-37/npam_admin/data/eac.html#bovdw02
  • 0 in reply to   

    HI ,

     

    EAC is working but if users are using sudo then EAC is not working.