pappa_recd1 Absent Member.
Absent Member.

Restrict commands in UNIX machine

I want to achieve the following use case

Restrict a particular user from using the commands passwd, init, reboot and if they are executed the user should be auto disconnected and an email should be sent to the admin with the user name and the command trying to be executed

I have imported the rule RL-RESTRICT-COMMANDS and modified to be used on for the user (prabhat) (screenshot attached)

the script arguments are like

Name : policy
Value :
path default all:log
path /usr/bin/passwd !exec:log=9
path /sbin/init !exec:log=9
path /sbin/shutdown !exec:log=9
path /sbin/reboot !exec:log=9

Also in the command risk I have added the host and the user with the commands with the Auto disconnect checkbox checked.

Logging into the Unix box with the user prabhat and executing the command passwd I am able to do the same. So the use case is not being achieved.

Please suggest where I am going wrong
3 Replies
Knowledge Partner
Knowledge Partner

Re: Restrict commands in UNIX machine

When you login to the system is it a system that has the PAM/PUM agent
installed? Is the user's shell set to use cpcksh, or was the user
otherwise using pcksh in order to run the privileged command? Seeing the
history of how you accessed the box (text-based screenshots basically as
you SSH in and show your user's shell, etc.) would probably be useful to
verify all of this.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Micro Focus Expert
Micro Focus Expert

Re: Restrict commands in UNIX machine

This TID may also help as it outlines an example that covers most of this use case:
gsanjeev Absent Member.
Absent Member.

Re: Restrict commands in UNIX machine

PAM doesn't support auto disconnect (Command control) for agent less ssh tunnels. You need to use agent based options like pcksh and cpcksh to achieve auto disconnection on specific commands.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.