Highlighted
Contributor.
Contributor.
340 views

PAM Command risk

Hello,

I am trying to block a set of commands on a database. I tried with Command Risk, but the user executes the command and after is blocked. It is possible to block the command before is executed? The connector is in Proxy mode.

0 Likes
6 Replies
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: PAM Command risk

Hi DanteOR,

I am not sure actually whether what you are proposing could be implemented or not, but surely it is a better idea to block the command before being executed, not to block the user after his command has been executed, since there are some commands that can do a quick damage before the user being blocked (i.e. deleting a database table). So blocking after the damage has occurred does not make any sense.

By the way would you share with me how you did block SQL commands ?

It would be appreciated since I have recently been working on implementing some PAM features (video session recording, AppSSO), and I would like to add this feature as well.

Thank you in advance.
0 Likes
Highlighted
Contributor.
Contributor.

Re: PAM Command risk

Hello  MoeBarada,

I blocked the SQL commands using the Command Risk feature(Eg. *DELETE*). But the problem is that the user is blocked after the damage has been done. I'm trying to find a way to block the user before the command is executed. I didn't find anything in the documentation. 

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: PAM Command risk

I also did not find a solution for that in the documentation, I suggest PAM technical team enhance this feature in future releases, since it is critical.

It is the same thing regarding the video feature: you can start watching what the user is doing (using the video playback feature) only after 1 min (or 2 mins depending on your video length configuration), so one minute is a very long time to do bad things, thus you cannot disconnect the user immediately after noticing bad behavior. This feature should be enhanced to "live streaming" so you can do better control.

Btw did you specify an integer for the command risk ? (i.e. 1 or 9).

Thank you again.
0 Likes
Highlighted
Contributor.
Contributor.

Re: PAM Command risk

Yes. 9 because in the documentation is the highest risk.

 

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: PAM Command risk

Alright DanteOR, thanks and good luck ...
0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: PAM Command risk

can you help me for what details you fill in Remote connection details.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.