How do I use PIM to block SSH connections for a clean room setup?
search cancel

How do I use PIM to block SSH connections for a clean room setup?

book

Article ID: 10150

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

These are basic steps to configure a PIM endpoint to block ssh connections from a specific host using the TCP and HOST Classes.

Environment

Linux / Unix Based OSPIM Endpoint

Resolution

  1. Turn on the TCP and HOST classes from selang
    so class+(TCP)
    so class+(HOST)

  2. Make sure that our LADB has the host listed. If not then add it to the local hosts file or configure sebuildla for DNS. Once done rebuild the host LADB via sebuildla -h.
    # sebuildla -H | grep example
    Result: example.com           <IP Address of the host>

  3. Create a host rule that case matches the server name listed in sebuildla -H output
    nr host example.com owner(nobody)

  4. Create an auth rule to remove access to the SSH service
    auth HOST example.com service(ssh) access(none)

  5. Test an ssh connection from the host that is now blocked.

  6. [root@example bin]# ssh example

  7. ssh_exchange_identification: Connection closed by the remote host

  8. Review the audit log for the denial.

  9. # seaudit -a -st now-1 | grep D
    CA ControlMinder seaudit  v12.91.0.301 - Audit log lister
    Copyright (c) 2013 CA. All rights reserved.
    21 Apr 2017 11:28:40 D HOST         ssh                  156  3 example.com /usr/sbin/sshd