Policies

Policies are patterns definitions facilitating proactive session monitoring. In case a defined pattern is detected, Wheel Fudo PAM can automatically pause or terminate given connection, block the user and send notification to Wheel Fudo PAM administrator.

Defining patterns

1. Select Management > Policies.
2. Select Regular expressions tab.
3. Click Add regular expression.

4. Enter pattern name.
5. Define the pattern itself.

Note

Patterns can be defined as regular expressions.

Wheel Fudo PAM does not recognize expressions which use backslash character, e.g. \d, \D, \w, \W.

6. Repeat steps 3-5 to define additional patterns.
7. Click Save.

Note

Regular expressions examples

Command rm

(^|[^a-zA-Z])rm[[:space:]]

Command rm -rf (also -fr; -Rf; -fR)

(^|[^a-zA-Z])rm[[:space:]]+-([rR]f|f[rR])

Command rm file (^|[^a-zA-Z])rm[[:space:]]+([^[:space:]]+[[:space:]]*)?/full/path/to/a/file([[:space:]]|\;|$) (^|[^a-zA-Z])rm[[:space:]]+.*justafilename

Defining policies

1. Select Management > Policies.

2. Click Add policy.

3. Enter policy name.
4. Select actions.

	Send email notification to system administrator.
	Pause connection.
	Terminate connection.
	Block user.

Note

Note that terminating connection also blocks the user account and vice versa - blocking user automatically terminates user’s connections.

5. Select monitored patterns.
6. Click Save.

Note

After defining a policy, you can assign it to a particular server configured in connection.

Deleting patterns

1. Select Management > Policies.
2. Select the Regular expressions tab.
3. Find desired pattern definition and select the Delete option.
4. Click Save.

Deleting policies

To delete policy definition, proceed as follows.

1. Select Management > Policies.

2. Find desired policy definition and select corresponding Delete option.
3. Click Save.

Related topics:

• Terminating connection
• Notifications
• Accounts
• Security