Creating an SSH filter
To create an SSH filter profile:
- Go to Secrets > SSH Filter Profiles.
- In SSH Filter Profiles, select Create.
The New SSH Filter Profile window opens.
- Enter the following information:
Name
Name of the SSH filter.
Shell Commands
Shell commands can be created to block a command in the SSH terminal.
Select a shell command from the list and then select Edit to edit the command.
When editing a shell command the options are same as when creating one.
Select shell commands from the list then select Delete to delete the commands.
Default Command Log
Enable/disable logging unmatched shell commands.
Note: The option is disabled by default
Other Channels
Use this tab for advanced settings.
Note: Settings in the tab require setting up a custom launcher.
Block Channel
Select from the SSH blocking options (multiple options may be selected):
X11: X server forwarding
SSH execution
Port forwarding
Tunnel forwarding
SFTP
SCP
Unknown channel: Unknown channel (any channel other than the six listed here and the shell channel.)
Log Activity
SSH logging options.
These are log activities related to selected channels regardless of the blocking status (multiple options may be selected):
X11: X server forwarding
SSH execution
Port forwarding
Tunnel forwarding
SFTP
SCP
Unknown channel
- Click Submit.
To create a shell command:
- In the New SSH Filter Profile window, select Create in the Shell Commands pane.
- In the New Shell Command window, enter the following information:
Type
Select the matching type:
Regex: Match command line using regular expression.
Choosing the option blocks any command matching Regex in Pattern.
Simple: Match single command (default). Choosing the option matches any command fitting the one in Pattern.
Pattern
SSH shell command pattern.
For example:
When the Type is Regex, pattern
.*
stands for all the commands and patternsh.*
stands for all the commands beginning withsh
including show and shutdown.When the Type is Simple, pattern
rm
stands for the rm command on Linux, e.g.,'rm -rf /*'
,'rm test.py'
.
Action
Action to take for URL filter matches:
Allow: Allow the SSH shell command on the target server.
Block: Block the SSH shell command on the target server (default).
For example when the Type is Regex, the Pattern is
conf.*
, and the Action is Block. This blocks all the configuration actions on the target server.Log
Enable/disable logging.
When enabled, the action logs are available in Log & Report > SSH.
Alert
Enable/disable alert.
When enabled, the alert message is sent based on the configurations in Log & Report > Email Alert Settings.
Severity
The severity of the actions reported in Log & Report > SSH and alert messages:
Critical
High
Medium
Low (default)
- Click OK.