- This topic has 4 replies, 2 voices, and was last updated 2 weeks, 5 days ago by
.
-
Posts
-
Hello,
On “Enterprise Cloud Server”, is it possible with only one command line to deny all rights to all nodes ?
It’ a good practice in cyber security to deny all and then add only well identified required rights.
Instead of having a command for each rule (about 33) that can be propagated, we would type something like:
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all –value no
or, even more precise, for each type family :
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-session –value no
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-service –value no
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-feature –value no
If not, please could you take this as an FR ?
Thanks!
Regards,
Steve.
Denying rules across the board is planned. In the meantime you can do it using following script:
#!/bin/bash # # CLASS can be one of: all|feature|service|session CLASS=all; if [[ $CLASS = "all" ]]; then CLASS=" -E feature|service|session"; fi; TYPES=$(sudo /etc/NX/nxserver --resourcelist --class $CLASS | grep $CLASS | awk '{print $2}'); for i in $(echo $TYPES); do sudo /etc/NX/nxserver --ruleadd --class propagation --type $i --value no; doneThis script will systematically deny all propagated rules for the specified session class. After which, you can then add the specific, individual rules.
Hello,
Good job !
It seems to show much more (52) types of rights than in the ECS documentation (chap. 4.5 lists 33 types).
NoMachine Enterprise Cloud Server – Installation And Configuration Guide
All these types of rules can be propagated from the ECS to the nodes ?
Thanks!
Steve.
Indeed the rules that can be propagated from the Cloud Server to its nodes are those listed in the guide. We will make sure it’s updated.
The command ‘
nxserver --resourcelist‘ lists all the resources of the host where command is run (not necessarily that can be associated to a rule). Those resources with value yes, are available on that machine. If a profile rule denies a resource, its value will become no.Hi!
In fact, I’ve run the script, it seems to update 38 rules supporting propagation, instead of 33 as described in the documentation.
So there seem to be 5 news rules… yes, if you confirm this figure, the document should be updated.
Thanks !
——————
1 unix-console
2 nxvfb
3 unix-gnome
4 vms unix-remote-custom
5 unix-xsession-default
6 vnc
7 windows
8 unix-remote
9 unix-desktop
10 nx-console
11 unix-cde
12 shadow
13 unix-kde
14 connection-only
15 unix-application
16 nx-console- shadow
17 unix-default
18 unix-xdm
19 physical-desktop
20 virtual-desktops-limit
21 connections-limit
22 unix-script
23 server-printer-sharing
24 client-network-sharing
25 audio
26 server-network-sharing
27 client-usb-sharing
28 interactive-mode
29 server-disk-sharing
30 local- recording
31 client-smartcard-sharing
32 microphone
33 client-printer-sharing
34 client-disk-sharing
35 server-file-transfer
36 client-file-transfer
37 session-recording
38 server-usb-sharing
——————
You must be logged in to reply to this topic. Please login here.