Highlighted
Valued Contributor.
Valued Contributor.
353 views

linux command block

Jump to solution

Hi Team,

 

I am trying to block the specific command of the Linux system by ssh command but it not blocking can anyone provide the steps for command blocking, I follow each and every step from the guide but it is not working.

 

 

thanks for the support in advance

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: linux command block

Jump to solution

Enhanced Access Control (EAC) approach with cpcksh relies on a Path Policy provided to the Command Control Rule as a Script Argument. Please refer to the following from documentation:

https://www.netiq.com/documentation/privileged-account-manager-37/npam_admin/data/eac.html

 

The Path Policy is where you could configure certain commands to be blocked (if doing cpcksh approach).

 

The following TID helps document this approach with EAC and optionally how to enhance with Command Risk feature to auto-disconnect or ban the user. The actual command blocking within their session and associated risk levels can all be done as per the Path Policy. Here is the article:

https://support.microfocus.com/kb/doc.php?id=7022237

View solution in original post

0 Likes
5 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: linux command block

Jump to solution

Please share the link to the documented steps you are following so that we can verify. There are at least a few different ways to achieve a use-case for blocking commands on Linux / UNIX.

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: linux command block

Jump to solution

 

 

i created that the new command as below

Rewrite: /usr/bin/pcksh -o audit 1

Commands:    -cpcksh  

after than i write the command risk  but it is not working.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: linux command block

Jump to solution

Enhanced Access Control (EAC) approach with cpcksh relies on a Path Policy provided to the Command Control Rule as a Script Argument. Please refer to the following from documentation:

https://www.netiq.com/documentation/privileged-account-manager-37/npam_admin/data/eac.html

 

The Path Policy is where you could configure certain commands to be blocked (if doing cpcksh approach).

 

The following TID helps document this approach with EAC and optionally how to enhance with Command Risk feature to auto-disconnect or ban the user. The actual command blocking within their session and associated risk levels can all be done as per the Path Policy. Here is the article:

https://support.microfocus.com/kb/doc.php?id=7022237

View solution in original post

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: linux command block

Jump to solution
We tryed to following the steps but it not disconnection session,if you have pic or document then kindly share
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: linux command block

Jump to solution

There are two common approaches to block commands in Linux with PAM:

  1.  usrun.
    See documentation link here.

    Similar to a "sudo" type approach where a user can elevate their access privilege of a specific command.

    e.g. showing logged-in as an unprivileged user 'user1' and elevating their command privilege for 'whoami' as privileged account 'root'.

    user1 ~> usrun whoami
    root

  2. cpcksh/pcksh with Enhanced Access Control (EAC).
    See documentation link here.
    See TID 7022237 - How to configure cpcksh with Enhanced Access Control (EAC) for complete session control and command risk.

    User's entire shell / all their commands within their session are being evaluated by PAM cmdctrl against the EAC policy.

 

The above are the available resources for these common approaches within PAM. If you run into any issue, I highly encourage you to create a Service Request through the Customer Center or Contact Support so that they can take a look at your unique environment.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.