Not applicable
512 views

How to block Windows commands from NPAM 3.6

Hi

Can someone explain to me, how to get block certain Windows commands or type key.

I try to add commands in Command Risk, but no luck.

Do I have to create some kind of script, or Command Risk is enough.



Thx
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: How to block Windows commands from NPAM 3.6

Command Risk is the correct feature, but it can sometimes be tricky to identify the "Command" that should be filtered. Here are some tips..

The feature is documented as follows:
Disconnecting a Privileged Session > Disconnecting the Session Automatically.
Note: This is "Command Risk" where the risk level is audited in the reporting console as a particular color indicating risk and reactive actions can be configured here to Auto Disconnect the session and/or block the user from attempting further sessions at that point.

In order to identify the particular "Command" you are interested in configuring here, it is helpful to view the Keystroke Report of an example session where you can view how the commands are audited from PAM perspective.
Reporting Console > Command Control Keystroke Report (select an example session to explore commands in)..
View the "Standard Input" column, these are the commands that you will want to come up with a filter for to enter in as "Command Risk."
It can also be helpful to enable the following option in the bottom right of the keystroke report, "Show audited commands: Use this option to show or hide the full list of audited commands. If this option is enabled, the screen shows the actual commands that are being run when a user types a command. You can also view each input command individually by mousing over the command."

Some examples for "Command Risk" that might be helpful to see (regex also possible):
=~/^(|\/bin\/|\/sbin\/|\/usr\/bin\/)passwd(\s+|$)/
*AppMgmt Service Stop*
0 Likes
Not applicable

Re: How to block Windows commands from NPAM 3.6

Thank's for your support.
I solved problem exactly as you suggested.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.