Access to /pfs for a non-root user on Security Analytics

book

Article ID: 168862

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Resolution

WARNING:  Be cautious when making this change.  Whichever user you designate in this file will have FULL access to read all capture traffic on the Security Analytics appliance.  

The instructions to add the solera-dsfs file are as follows:
 
1. Edit the solera-dsfs file and change the user ‘cliuser1’ to your desired user name.
 
2. Make a copy of the solera-dsfs file
# cp /etc/sudoers.d/solera-dsfs /etc/sudoers.d/solera-dsfs.original
 
3. SCP the new file to the SA appliance.
# scp solera-dsfs [email protected][appliance_ip]:/etc/sudoers.d
 
Note: The change will be immediate. 

This provides access to perform ls, cat, grep, and egrep commands on the /pfs file system. You can add additional commands as long as you follow the syntax within the code block. The only command that will not work is the ‘cd’ command since ‘cd’ is a built-in Linux command and not accessible to a sudo user.  


cliuser1  ALL = NOPASSWD: /usr/local/bin/csr.sh,\
                         /sbin/reboot,\
                         /etc/utils/dell-mat.sh,\
                        /bin/ls /pfs/flows/*,\
                        /bin/cat /pfs/flows/*,\
                        /bin/grep * /pfs/flows/*,\
                        /bin/egrep * /pfs/flows/*



Please see the attached file solera-dsfs for reference.

 

Attachments

solera-dsfs get_app