This document (7017938) is provided subject to the disclaimer at the end of this document.
Privileged User Manager
How to approach capturing direct ssh connections where users can use the default shell
How to capture / audit direct ssh similar to the Direct-RDP feature for Windows
Note: This approach is only possible if there are Agents running on the target Linux servers.
- Change the user(s) default shell to /usr/bin/cpcksh. Please refer to appropriate documentation in the UNIX or Linux environment to properly configure the user(s) login shell.
Please refer to man usermod. An example would be:
sudo usermod -s /usr/bin/cpcksh user1
- If the user prefers an alternate shell, please configure a cpcksh command to rewrite to the appropriate or preferred shell (i.e. /bin/bash, /usr/bin/pcksh, etc.). For more details about command rewriting, please refer to Modifying a Command.
- Create a new command, see Commands.
Name: <command name>
Rewrite: <path to preferred shell, i.e. /bin/bash>
Begin Rule :cpcksh
IF ((command IN cpcksh))
Set Authorize : yes
Set Session Capture : yes
Stop if authorized
END RULE :cpcksh
Note: The command configured in Step 2 has been applied to the conditions of this rule.
To determine what shell a user is currently using:
ps -p $$
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.