Results 1 to 4 of 4

Thread: Restrict commands in UNIX machine

Threaded View

  1. #1
    Join Date
    Oct 2017

    Restrict commands in UNIX machine

    I want to achieve the following use case

    Restrict a particular user from using the commands passwd, init, reboot and if they are executed the user should be auto disconnected and an email should be sent to the admin with the user name and the command trying to be executed

    I have imported the rule RL-RESTRICT-COMMANDS and modified to be used on for the user (prabhat) (screenshot attached)

    the script arguments are like

    Name : policy
    Value :
    path default all:log
    path /usr/bin/passwd !exec:log=9
    path /sbin/init !exec:log=9
    path /sbin/shutdown !exec:log=9
    path /sbin/reboot !exec:log=9

    Also in the command risk I have added the host and the user with the commands with the Auto disconnect checkbox checked.

    Logging into the Unix box with the user prabhat and executing the command passwd I am able to do the same. So the use case is not being achieved.

    Please suggest where I am going wrong
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Rule.JPG 
Views:	37 
Size:	35.5 KB 
ID:	6057   Click image for larger version. 

Name:	User Group.JPG 
Views:	35 
Size:	49.3 KB 
ID:	6058   Click image for larger version. 

Name:	Command Risk.JPG 
Views:	36 
Size:	41.8 KB 
ID:	6059  

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts