Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
Thomas69 Trusted Contributor.
Trusted Contributor.
96 views

File contents gets audited with scp/rsync

Hi all!

When i copy a file with scp/rsync the contents of the file gets audited by the remote host and everything is shown in the records at the framework manager's reports. I guess it's not normal (im not an expert of PAM), so i'm looking for a way to disable/to something about it.

Best regards, Thomas

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

Re: File contents gets audited with scp/rsync

Check the Reporting Console for the "command" in this session and you'll want to create a command control rule specifically for this type of session (scp/rsync) if you don't yet already have one. Once you are targeting just this traffic using Command Control Rule Conditions (e.g. command IN filter), then you can set to Authorize the session, but then disable Session Capture. This will prevent the contents from being captured as you have described, but still track session-level audits and authorize it.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.