Fortefi Command Control: Technology

HOW DOES IT WORK?
UNIX/Linux commands passed to Command Control are validated against configured rule criteria such as the submit user, the submit host, the run host requested, the date/time and the command name itself.

If authorized to run, the command is executed on the requested run host together with any optional rule components e.g., scripts to force additional authentication, or the user account to run the command as, such as root.

For example, a company might permit only certain users the right to run system commands such as kill or shutdown, or provide whole administrative groups the right to change passwords.

Fortefi Command Control Dataflow

	1.	Submit request is made by the user using the usrun command, or captured via the Command Control replacement shells, and sent via the Command Control Agent to the Manager.
	2.	The command, submit user, host, and date/time are correlated against the rule database to determine authorization. If validated, the Manager adds parameters such as the run user, host and scripts before signing the data.
	3.	The result of the authorization is sent to the event log.
	4.	The signed data with its authorization is sent back to the Agent
	5.	If authorized, the Agent forwards the data to the Run Daemon on the remote host which executes the command with the relevant permissions.
	6.	If session capture is enabled, all data transferred between the application and user terminal is logged to the audit system.

INTEGRATION
Command Control sits unobtrusively on top of the UNIX/Linux operating system, providing three levels of interaction for the end-user; the usrun command; or two replacement shells, rush and crush, (based around the ksh or csh shells).

		usrun - The user request is submitted by prefixing with usrun, e.g., usrun passwd user might allow an authorized person to change a user's password without the need to login as root.
		rush - By changing the users logon shell to the 'rush' client, it is possible to force any command not built into the user's shell to be passed for authentication without intervention.
		crush - The crush client provides the highest level of integration with the capability of passing the entire user session transparently through Command Control for authorization and audit capture.

PLATFORM SUPPORT
Command Control is built upon the Fortefi Framework, a scalable base that provides platform independence for all solutions in the Fortefi product suite.

Fortefi Framework - Platforms Supported

The entire product suite is securely administered from a central web console using a hierarchical domain management structure that allows online deployment and update of any Fortefi solution to any host with a couple of clicks.

Overview | Features | Technology | Downloads