This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

linux command block

Hi Team,

 

I am trying to block the specific command of the Linux system by ssh command but it not blocking can anyone provide the steps for command blocking, I follow each and every step from the guide but it is not working.

 

 

thanks for the support in advance

Parents Reply Children
  • 0 in reply to   

    HI ,

     

    EAC is working but if users are using sudo then EAC is not working.

     

     

     

     

     

     

  • 0   in reply to 
    I suspect the command path must resolve differently when ran as 'root' via sudo. So to test this, try the following with the specific command where you see it working vs not working with sudo:

    1) Login as the user where EAC policy is applied:
    which <command>
    Note: replace <command> with the command you are trying with.

    2) Try the sudo approach as well:
    sudo which <command>

    Capture the outputs of the above and please provide, which may help explain any potential difference.

    Also provide the contents of the EAC policy being used in the cmdctrl rule here.

    Otherwise, please open a service request with Support.
  • 0 in reply to   

     

    EAC we configured script you can see below

     

    path /usr/**/passwd !exec:log=9

     

    if admin using 'passwd' command then showing permission denied

    but if admin using 'sudo passwd' then it is executing successfully

  • 0   in reply to 
    There are some discrepancies here, so it would probably be best to proceed with creating a service request with Support to take a look at how things are configured.

    For example, if an EAC policy is configured with just that single line, then not even the "which" command would resolve properly without some default allow line in that configuration as well and you would also see trouble starting the shell potentially when doing the command rewrite without some extra configuration in the EAC policy, so it would be good to take a full look with Support I feel.

    I can say that in my environment, this use-case is successful in that both 'passwd' and 'sudo passwd' are blocked with 'Permission denied.'