Example SSH filter profiles example
To configure an SSH filter profile that only allows show
command on the target server (FortiGate or Cisco routers):
- Go to Secret Settings > SSH Filter Profiles.
- In SSH Filter Profiles, select Create.
The New SSH Filter Profile window opens.
- Enter a name for the SSH filter profile. In this example, the SSH filter profile is named
show only
. - In Shell Commands, select Create:
- In Type, select Regex.
- In Pattern, enter
show.*
. - In Action, select Allow.
- In Log, select Enable.
- In Alert, select Disable.
- In Severity, select Low.
- Click OK.
- In Shell Commands, select Create again:
- In Type, select Regex.
- In Pattern, enter
.*
. - In Action, select Block.
- In Log, select Enable.
- In Alert, select Enable.
- In Severity, select Medium.
- Click OK.
- Enable Default Command Log.
- Click Submit.
To configure an SSH filter profile that blocks rm
and sudo
commands on the target Linux server:
- Go to Secret Settings > SSH Filter Profiles.
- In SSH Filter Profiles, select Create.
The New SSH Filter Profile window opens.
- Enter a name for the SSH filter profile. In this example, the SSH filter profile is named
block rm+sudo
. - In Shell Commands, select Create:
- In Type, select Simple.
- In Pattern, enter
rm
. - In Action, select Block.
- In Log, select Enable.
- In Alert, select Enable.
- In Severity, select Critical.
- Click OK.
- In Shell Commands, select Create again:
- In Type, select Simple.
- In Pattern, enter
sudo
. - In Action, select Block.
- In Log, select Enable.
- In Alert, select Enable.
- In Severity, select Critical.
- Click OK.
- Enable Default Command Log.
- Click Submit.