- Turn on the TCP and HOST classes from selang
- Make sure that our LADB has the host listed. If not then add it to the local hosts file or configure sebuildla for DNS. Once done rebuild the host LADB via sebuildla -h.
# sebuildla -H | grep u191597
- Create a host rule that case matches the server name listed in sebuildla -H output
nr host u191597.ca.com owner(nobody)
- Create a auth rule to remove access to the SSH service
auth HOST u191597.ca.com service(ssh) access(none)
- Test an ssh connection from the host that is now blocked.
[root@U191597 bin]# ssh U193882
ssh_exchange_identification: Connection closed by remote host
- Review the audit log for the denial.
# seaudit -a -st now-1 | grep D
CA ControlMinder seaudit v18.104.22.1681 - Audit log lister
Copyright (c) 2013 CA. All rights reserved.
21 Apr 2017 11:28:40 D HOST ssh 156 3 u191597.ca.com /usr/sbin/sshd