Using Crush For Complete Session Capture - Novell PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010 Administration Manual
Hide thumbs
Also See for PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010:
- Getting started manual (36 pages)
Table of Contents
Advertisement
You can also define illegal commands, including built-in shell commands, in a script assigned to the
rule. For configuration information, see
Commands Script" on page
5.2.3 Using crush for Complete Session Capture
This method of integration provides the most auditing functionality. By changing the user's shell to
the crush client instead of the rush client, Command Control can be configured to capture the user's
complete session, in addition to all other audit and control features.
When the user logs in to the server, the session is started with the crush client, which executes as a
normal Korn shell. A request is sent to the Command Control Manager for authorization. You must
define a crush rule that enables session capture, as described in the steps below. Functions and
aliases that can replace normal system commands are read from
user issues a command that needs privileges to run, it is executed through the Command Control
system.
1 Use the tool provided in the UNIX or Linux environment to set the user login shell to
/usr/bin/crush
2 Add a crush command:
2a Click Commands > Add Command.
2b Specify a name (for example,
2c Select the name of the crush command, then click Modify Command.
2d Fill in the following fields:
Description: Explain the purpose of the rule. Specify something similar to the following:
When a user's shell is set to
request is sent with a submitting command of -crush to indicate login. The user's login
shell is rewritten to
enables an additional level of audit to use with the Command Risk.
Rewrite: Specify the following:
/usr/bin/rush -o audit 1
Commands: Specify the following:
-crush
2e Click Finish.
3 Add a crush Account User Group:
3a Click Account Groups > User Groups, then click Add User Group in the task pane.
3b Specify a name, then click Finish.
3c Select your crush user group, then click Modify User Group.
3d Fill in the following fields:
Description: Explain the purpose of this user group. Specify something similar to the
following:
Defines the user accounts that can use the crush command.
68
Novell Privileged User Manager 2.2.1 Administration guide
Section 5.9, "Scripts," on page 98
103.
crush shell
/usr/bin/crush
. The Command Control Audit level is set to 1, which
/usr/bin/rush
and
"Rush Illegal
/etc/profile.rush.
), then click Finish.
and the user logs in, a Command Control
When the
Advertisement
Chapters
Table of Contents
