检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
AuditManager Specifies the O&M result audit administrator. This role queries and manages system audit data. This role has the configuration permissions for real-time session, historical session, and system logs modules.
Resource Access Control CBH System Access Control O&M Audit In a CBH system, each system user has a unique identifier.
In the host operation module, you can audit database operations, such as adding, deleting, modifying, and querying database operations. In the application operation module, you can audit operation sessions through videos.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a CBH system, which is preset for each system user.
This topic walks you through how to buy a standard single-node instance with 50 assets, as well as how to quickly perform operations and audit on Linux host resources.
To enable efficient audit operations on database resources, CBH records the entire database operation process, parses operation instructions, and reproduces all operation instructions.
The CBH system records the entire file transfer process in detail, making it easier to audit file upload and download operations. Netdisk is a personal net disk in a system, which is preset for each system user.
The system configuration data contains all configuration data of the department, user, resource, policy, ticket, operation, audit, and system modules. Log in to the CBH system. Choose System > System Maintain > Backup&Restore.
Keyboard Audit: This function records the information entered through the keyboard. Kiosk: For applications that can be managed through a browser, you can use this function to hide the address bar and disable F12, right-click, and the browser toolbar.
Constraints The database operation audit is available only in professional editions. A bastion host can intercept sensitive operation commands and generate tickets only for MySQL and Oracle databases. A database approval ticket cannot be manually created.
Web browsers are recommended for system administrator admin or other administrators to manage the system and audit authorization. Browser-based logins can be authenticated by password, SMS message, mobile OTP, USB key, email, or OTP token.
There are four options for the single sign-on (SSO) tool: Mysql cmd MySQL Administrator Navicat DBeaver (supported by bastion host V3.3.48.0 and later versions) Constraints The database operation audit is available only in professional editions.
Constraints The database operation audit is available only in professional editions. Database rules apply only to MySQL, Oracle, PostgreSQL, and GaussDB databases for fine-grained permission control. Prerequisites You have the operation permissions for the DB Rules module.
A bastion host uses the guacd proxy to audit and filter the commands executed during operations based on the rule configured by the administrator.
Through SSH client, the command rules and operation audit function are still available. This topic uses Xshell as an example to describe how to use an SSH client to log in to a resource for O&M and how to download the configuration file of the resource.
The Windows host resource account must be a resource account that has been added to CBH and the login mode must be automatic login, or the resource account cannot be identified and O&M audit files cannot be generated. Real-time session O&M is not supported.
Options (Optional) Select File Manage, X11 forward, Uplink Clipboard, Keyboard Audit, and/or Downlink Clipboard. File Manage: This option is supported only by SSH, RDP, and VNC hosts. Clipboard: This option is supported only by SSH, RDP, and Telnet hosts.
Keyboard Audit: This function records the information entered through the keyboard. Kiosk: For applications that can be managed through a browser, you can use this function to hide the address bar and disable F12, right-click, and the browser toolbar.
