Symantec Privileged Access Management

  • 1.  BlackList CLI in CA PAM

    Posted Jun 05, 2018 12:16 PM

    Good day. Can you support me with an indicator like putting some commands in the CA PAM console on a blacklist, since I do what I say in the documentation, but at the beginning it still allows me, so I ask for your support?

    This is how I have the words to deny.


  • 2.  Re: BlackList CLI in CA PAM
    Best Answer

    Broadcom Employee
    Posted Jun 06, 2018 11:31 AM

    Hi Alan, Can you clarify what you are trying to say with "but at the beginning it still allows me"? Also, I am not clear about your syntax. The dollar sign is not a valid parameter to those commands, so it looks like you are trying to use a regular expression. But you have not checked the Regexp boxes. Without those checked, the strings will be interpreted literally, i.e. we will only block "who -a$", not "who -a". To block the latter you have to drop the dollar sign, or check the Regexp box. If you use it as a regex with dollar sign, we will block "who -a", but not "who -al". A regular expression "who -.*" would block the who command with any parameter added.