检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Keyboard audit: You can enable this function to let the bastion host record all keyboard input information. Enable or disable watermarks on the web operation background. The watermark content is the login name of the current system user.
In the host operation module, you can audit database operations, such as adding, deleting, modifying, and querying database operations. In the application operation module, you can audit operation sessions through videos.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a CBH system, which is preset for each system user.
This topic walks you through how to buy a standard single-node instance with 50 assets, as well as how to quickly perform operations and audit on Linux host resources.
To enable efficient audit operations on database resources, CBH records the entire database operation process, parses operation instructions, and reproduces all operation instructions.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a system, which is preset for each system user.
The system configuration data contains all configuration data of the department, user, resource, policy, ticket, operation, audit, and system modules. Log in to the CBH system. Choose System > System Maintain > Backup&Restore.
Constraints The database operation audit is available only in professional editions. A bastion host can intercept sensitive operation commands and generate tickets only for MySQL and Oracle databases. A database approval ticket cannot be manually created.
Web browsers are recommended for system administrator admin or other administrators to manage the system and audit authorization. Browser-based logins can be authenticated by password, SMS message, mobile OTP, USB key, email, or OTP token.
You can modify configurations of Rule Name, Period of validity, File Transmission, File Manage, Uplink clipboard, Downlink clipboard, Logon Time Limit, Keyboard Audit, and IP Limit. Figure 1 Viewing the basic information View and edit users related to the rule.
There are four options for the single sign-on (SSO) tool: Mysql cmd MySQL Administrator Navicat DBeaver (supported by bastion host V3.3.48.0 and later versions) Constraints The database operation audit is available only in professional editions.
Constraints The database operation audit is available only in professional editions. Database rules apply only to MySQL, Oracle, PostgreSQL, and GaussDB databases for fine-grained permission control. Prerequisites You have the operation permissions for the DB Rules module.
A bastion host uses the guacd proxy to audit and filter the commands executed during operations based on the rule configured by the administrator.
Through SSH client, the command rules and operation audit function are still available. This topic uses Xshell as an example to describe how to use an SSH client to log in to a resource for O&M and how to download the configuration file of the resource.
The Windows host resource account must be a resource account that has been added to CBH and the login mode must be automatic login, or the resource account cannot be identified and O&M audit files cannot be generated. Real-time session O&M is not supported.
Options (Optional) Select File Manage, X11 forward, Uplink Clipboard, Keyboard Audit, and/or Downlink Clipboard. File Manage: This option is supported only by SSH, RDP, and VNC hosts. Clipboard: This option is supported only by SSH, RDP, and Telnet hosts.
Options (Optional) Select File Manage, Uplink Clipboard, Keyboard Audit, and/or Downlink Clipboard. Label (Optional) You can customize a label or select an existing one. Remarks (Optional) Provides the description of the application resource. Click Next.