Scenario Description
In modern IT environments, controlling high-risk commands is essential for ensuring system security and business continuity. Many high-risk commands, such as user management, network configuration, and data deletion, can lead to severe security vulnerabilities, data loss, or service disruptions if misused or abused. JumpServer provides the <Command filter> feature, which effectively prevents misoperations and malicious attacks by restricting the execution permissions of specific high-risk commands. This helps protect the core assets and user data of the enterprise, maintaining system integrity and reliability. Additionally, it supports auditing and tracking for post-event review and issue tracing, aiding in the identification of potential security incidents.
Operation Instructions
We need to create <Command group> and <Command filter> rules in the JumpServer system to implement high-risk command control.
Command group
Switch to the JumpServer Console page, click on <ACLs>, then click on <Command filter>. You will see the <Command group> page, where we can click <Create> to create a new command group.
Here, we can configure high-risk commands in the <Content>. We support writing <Command> directly as well as using <Regex> for command matching.
In the example below, I have written high-risk commands related to databases, matched using <Regex>.
Command filter
On the Command filter page, we click <Create> to establish a Command filter rule.
Here, we can bind the Command group to limit actions based on three dimensions: User, Asset, and Account. Actions include Reject, Review, Warn, and other restrictions.
Function Verification
When our connection information (User, Asset, Account) matches the rules, the effect will be as follows.
Command Reject
Command Review
You need to go to the ticket page for command approval. Once approved, the command will continue to execute.
Click the <Tickets> button in the upper right corner of the JumpServer page to approve tickets here.
High-Risk Command Records
Switch to the JumpServer Audits page, click on <Session commands> to view the command records and their risk levels on this page.
