Policies

Policies are patterns definitions facilitating proactive session monitoring. In case a defined pattern is detected, Fudo PAM can automatically pause or terminate given connection, block the user and send notification to Fudo PAM administrator.


Defining patterns

Note

Fudo PAM supports POSIX extended regular expression.

  1. Select Management > Policies.
  2. Select Regular expressions tab.
  3. Click Add regular expression.
../../_images/policies_add_pattern.png
  1. Enter pattern name.
  2. Define the pattern itself.

Note

  • Patterns can be defined as regular expressions.
  • Fudo PAM does not recognize expressions which use backslash character, e.g. \d, \D, \w, \W.
  1. Repeat steps 3-5 to define additional patterns.
  2. Click Save.
../../_images/policies_define_pattern.png

Note

Regular expressions examples

Command rm

(^|[^a-zA-Z])rm[[:space:]]

Command rm -rf (also -fr; -Rf; -fR)

(^|[^a-zA-Z])rm[[:space:]]+-([rR]f|f[rR])

Command rm file

(^|[^a-zA-Z])rm[[:space:]]+([^[:space:]]+[[:space:]]*)?/full/path/to/a/file([[:space:]]|\;|$) (^|[^a-zA-Z])rm[[:space:]]+.*justafilename

Defining policies

  1. Select Management > Policies.
  1. Click Add policy.
../../_images/policies_add_policy.png
  1. Enter policy name.
  2. Select actions.
  • - send email notification to system administrator.
  • - pause connection.
  • - terminate connection.
  • - block user.

Note

  • Sending email notifications requires configuring and enabling notification service as well as Session policy match notification enabled in safe configuration.
  • Note that blocking the user automatically terminates the connection.
  1. Select monitored patterns.
  2. Select policy severity.

Note

Severity parameter value is included in the email notification message.

  1. Select the Match input only option to process input stream only.

Note

In RDP, VNC and MySQL protocols only input data is processed.

  1. Click Save.
../../_images/policies_define_policy.png

Note

After defining a policy, you can assign it to a safe that is used to establish connections to servers.

../../_images/policies_assign_to_safe.png

Deleting patterns

  1. Select Management > Policies.
  2. Select the Regular expressions tab.
  3. Find desired pattern definition and select the Delete option.
  4. Click Save.
../../_images/policies_delete_pattern.png

Deleting policies

To delete policy definition, proceed as follows.

  1. Select Management > Policies.
  1. Find desired policy definition and select corresponding Delete option.
  2. Click Save.
../../_images/policies_delete_policy.png

Related topics: