Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Example SSH filter profiles example

Example SSH filter profiles example

To configure an SSH filter profile that only allows show command on the target server (FortiGate or Cisco routers):
  1. Go to Secrets > SSH Filter Profiles.
  2. In SSH Filter Profiles, select Create.

    The New SSH Filter Profile window opens.

  3. Enter a name for the SSH filter profile. In this example, the SSH filter profile is named show only.
  4. In Shell Commands, select Create:
    1. In Type, select Regex.
    2. In Pattern, enter show.*.
    3. In Action, select Allow.
    4. In Log, select Enable.
    5. In Alert, select Disable.
    6. In Severity, select Low.
    7. Click OK.
  5. In Shell Commands, select Create again:
    1. In Type, select Regex.
    2. In Pattern, enter .*.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Medium.
    7. Click OK.
  6. Click Submit.

To configure an SSH filter profile that blocks rm and sudo commands on the target Linux server:
  1. Go to Secrets > SSH Filter Profiles.
  2. In SSH Filter Profiles, select Create.

    The New SSH Filter Profile window opens.

  3. Enter a name for the SSH filter profile. In this example, the SSH filter profile is named block rm+sudo.
  4. In Shell Commands, select Create:
    1. In Type, select Simple.
    2. In Pattern, enter rm.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Critical.
    7. Click OK.
  5. In Shell Commands, select Create again:
    1. In Type, select Simple.
    2. In Pattern, enter sudo.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Critical.
    7. Click OK.
  6. Click Submit.

Previous
Next

Example SSH filter profiles example

To configure an SSH filter profile that only allows show command on the target server (FortiGate or Cisco routers):
  1. Go to Secrets > SSH Filter Profiles.
  2. In SSH Filter Profiles, select Create.

    The New SSH Filter Profile window opens.

  3. Enter a name for the SSH filter profile. In this example, the SSH filter profile is named show only.
  4. In Shell Commands, select Create:
    1. In Type, select Regex.
    2. In Pattern, enter show.*.
    3. In Action, select Allow.
    4. In Log, select Enable.
    5. In Alert, select Disable.
    6. In Severity, select Low.
    7. Click OK.
  5. In Shell Commands, select Create again:
    1. In Type, select Regex.
    2. In Pattern, enter .*.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Medium.
    7. Click OK.
  6. Click Submit.

To configure an SSH filter profile that blocks rm and sudo commands on the target Linux server:
  1. Go to Secrets > SSH Filter Profiles.
  2. In SSH Filter Profiles, select Create.

    The New SSH Filter Profile window opens.

  3. Enter a name for the SSH filter profile. In this example, the SSH filter profile is named block rm+sudo.
  4. In Shell Commands, select Create:
    1. In Type, select Simple.
    2. In Pattern, enter rm.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Critical.
    7. Click OK.
  5. In Shell Commands, select Create again:
    1. In Type, select Simple.
    2. In Pattern, enter sudo.
    3. In Action, select Block.
    4. In Log, select Enable.
    5. In Alert, select Enable.
    6. In Severity, select Critical.
    7. Click OK.
  6. Click Submit.

Previous
Next