ssh-filter profile
Use this command to configure shell commands and either block or log various actions, including X server forwarding, SSH shell, SSH execution, port forwarding, tunnel forwarding, SFTP, and any unknown channels
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config ssh-filter profile |
New Configure shell commands and either block or log various actions. |
config ssh-filter profile edit {name} # SSH filter profile. set name {string} SSH filter profile name. size[35] set block {option} SSH blocking options. x11 X server forwarding. shell SSH shell. exec SSH execution. port-forward Port forwarding. tun-forward Tunnel forwarding. sftp SFTP. unknown Unknown channel. set log {option} SSH logging options. x11 X server forwarding. shell SSH shell. exec SSH execution. port-forward Port forwarding. tun-forward Tunnel forwarding. sftp SFTP. unknown Unknown channel. set default-command-log {enable | disable} Enable/disable logging unmatched shell commands. config shell-commands edit {id} # SSH command filter. set id {integer} Id. range[0-4294967295] set type {simple | regex} Matching type. simple Match single command. regex Match command line using regular expression. set pattern {string} SSH shell command pattern. size[128] set action {block | allow} Action to take for URL filter matches. block Block the SSH shell command. allow Allow the SSH shell command. set log {enable | disable} Enable/disable logging. set alert {enable | disable} Enable/disable alert. set severity {low | medium | high | critical} Log severity. low Severity low. medium Severity medium. high Severity high. critical Severity critical. next next end