检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Logging The CBH system records audit logs for all operations on users' personal data, including adding, modifying, querying, and deleting data. The logs can be backed up to a remote server or local computer.
Keyboard audit: You can enable this function to let the bastion host record all keyboard input information. Enable or disable watermarks on the web operation background. The watermark content is the login name of the current system user.
You need to verify system configurations in the department, user, resource, policy, ticket, audit, operation, and system modules.
Database audit allows you to audit database logs and operation commands. To this end, add databases to your bastion host and install local database tools for the bastion host to access databases.
Users in lower-level departments cannot view superior department information, including the organization structure, users, host resources, application resources, application publish servers, resource accounts, and policies and operation audit data configured by superior departments
Choose Audit > History Session. Figure 1 History Session The More operation in the Details column is removed from version 3.3.42.0 or later versions. (Optional) Select one or more history session logs. If no log is selected, all historical session logs are exported by default.
In the host operation module, you can audit database operations, such as adding, deleting, modifying, and querying database operations. In the application operation module, you can audit operation sessions through videos.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a CBH system, which is preset for each system user.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a system, which is preset for each system user.
To enable efficient audit operations on database resources, CBH records the entire database operation process, parses operation instructions, and reproduces all operation instructions.
This topic walks you through how to buy a standard single-node instance with 50 assets, as well as how to quickly perform operations and audit on Linux host resources.
The system configuration data contains all configuration data of the department, user, resource, policy, ticket, operation, audit, and system modules. Log in to the CBH system. Choose System > System Maintain > Backup&Restore.
Constraints The database operation audit is available only in professional editions. A bastion host can intercept sensitive operation commands and generate tickets only for MySQL and Oracle databases. A database approval ticket cannot be manually created.
Keyboard Audit: This function records the information entered through the keyboard. Kiosk: For applications that can be managed through a browser, you can use this function to hide the address bar and disable F12, right-click, and the browser toolbar.
Web browsers are recommended for system administrator admin or other administrators to manage the system and audit authorization. First-time login users are required to bind a mobile number for password resetting.
Constraints The database operation audit is available only in professional editions. The client tool can be invoked only through SsoDBSettings. Only SecureCRT and XShell host resource operation clients can be used.
Constraints The database operation audit is available only in professional editions. Database rules apply only to MySQL, Oracle, PostgreSQL, and GaussDB databases for fine-grained permission control. Prerequisites You have the operation permissions for the DB Rules module.
A bastion host uses the guacd proxy to audit and filter the commands executed during operations based on the rule configured by the administrator.
Through SSH client, the command rules and operation audit function are still available. This topic uses Xshell as an example to describe how to use an SSH client to log in to a resource for O&M and how to download the configuration file of the resource.
The Windows host resource account must be a resource account that has been added to CBH and the login mode must be automatic login, or the resource account cannot be identified and O&M audit files cannot be generated. Real-time session O&M is not supported.
