Table of Contents
Advertisement
Novell Privileged User Manager v2.2
Evaluation Quick Start Guide
Use Command Control to access a privileged shell
a) On your test system, create 2 user accounts:
User account called cusr1 with /usr/bin/crush as the shell
User account called rusr1
b) Login as cusr1 and notice how you are dropped straight into a shell.
This shell runs as the cusr1 user account but will audit all keystroke activity
c) Type some test commands to generate activity, then type exit
d) Login as rusr1 and from the command line execute usrun rush
You will be in a shell that is running as root with full keystroke auditing and Command Risk
Analysis processing.
Additionally you should not be able to run the following commands:
passwd
/bin/ksh
ksh
/usr/bin/ksh
e) Type some test commands to generate activity, then type exit
f)
Still logged in as rusr1, execute usrun shell
Notice how you are taken into the rush shell as in the previous step.
This demonstrates the ability for Command Control to rewrite commands.
This is the end of Use Command Control to access a privileged shell
You may now view your generated events using the forensic method as described earlier in this guide.
Page 31
Advertisement
Table of Contents
