prasenjitmass Respected Contributor.
Respected Contributor.
693 views

How to configure command risk for Linux agent server

Hi ,
Windows command risk can be implemented from command risk option in PAM Admin console for RDP Relay. But for SSH Relay we cannot set any command risk. Is there any option that we can set command risk for Linux servers?

Can we set command risk for usrun rule also ? In command risk option, I have set risk for command "rm" with following parameter and it works with pcksh rule only. but after execution of command the user got blocked for further use of command.

=~/^(|\/bin\/|\/sbin\/|\/usr\/bin\/)rm(\s+|$)/

but in same way I have tried for init command , passwd command , userdel command etc ,it is not working. How can I implement these?
Is there any option that user would not run those specified risky command ?

Thank you
0 Likes
2 Replies
prasenjitmass Respected Contributor.
Respected Contributor.

Re: How to configure command risk for Linux agent server

Hi,
I've just tried once for configure these commands passwd , useradd, userdel for command risk and these are working but also tried for init command. In report It shows Red mark as it is risky command but user could not blocked.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to configure command risk for Linux agent server

Please see Disconnecting the Session Automatically and the details for Based on Risk Level section there. An SSH relay session cannot be disconnected automatically; however, through cpcksh and an Agent on the Linux/target server, then the session can be controlled completely including this risk-based auto-disconnect feature. Also, please refer to feature support based on method for Privileged Access to UNIX and Linux for hopefully a helpful overview.

The following document details an example of how this can be configured for complete session control (prevent the command from executing) and risk interpretation including auto-disconnect and/or risk level (colors):
TID 7022237 - How to configure cpcksh with Enhanced Access Control (EAC) for complete session control and command risk
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.