Forum / NoMachine Cloud Server Products / Profiles management : “deny all” propagation to all nodes
Tagged: right propagation profile
- This topic has 4 replies, 2 voices, and was last updated 3 weeks, 2 days ago by Steve92.
-
AuthorPosts
-
November 28, 2024 at 14:04 #50907Steve92Participant
Hello,
On “Enterprise Cloud Server”, is it possible with only one command line to deny all rights to all nodes ?
It’ a good practice in cyber security to deny all and then add only well identified required rights.
Instead of having a command for each rule (about 33) that can be propagated, we would type something like:
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all –value no
or, even more precise, for each type family :
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-session –value no
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-service –value no
$ sudo /etc/NX/nxserver –ruleadd –class propagation –type all-feature –value no
If not, please could you take this as an FR ?
Thanks!
Regards,
Steve.
November 29, 2024 at 09:34 #50915BritgirlKeymasterDenying rules across the board is planned. In the meantime you can do it using following script:
#!/bin/bash # # CLASS can be one of: all|feature|service|session CLASS=all; if [[ $CLASS = "all" ]]; then CLASS=" -E feature|service|session"; fi; TYPES=$(sudo /etc/NX/nxserver --resourcelist --class $CLASS | grep $CLASS | awk '{print $2}'); for i in $(echo $TYPES); do sudo /etc/NX/nxserver --ruleadd --class propagation --type $i --value no; done
This script will systematically deny all propagated rules for the specified session class. After which, you can then add the specific, individual rules.
December 3, 2024 at 09:25 #50930Steve92ParticipantHello,
Good job !
It seems to show much more (52) types of rights than in the ECS documentation (chap. 4.5 lists 33 types).
NoMachine Enterprise Cloud Server – Installation And Configuration Guide
All these types of rules can be propagated from the ECS to the nodes ?
Thanks!
Steve.
December 5, 2024 at 10:45 #50968BritgirlKeymasterIndeed the rules that can be propagated from the Cloud Server to its nodes are those listed in the guide. We will make sure it’s updated.
The command ‘
nxserver --resourcelist
‘ lists all the resources of the host where command is run (not necessarily that can be associated to a rule). Those resources with value yes, are available on that machine. If a profile rule denies a resource, its value will become no.December 6, 2024 at 19:25 #51018Steve92ParticipantHi!
In fact, I’ve run the script, it seems to update 38 rules supporting propagation, instead of 33 as described in the documentation.
So there seem to be 5 news rules… yes, if you confirm this figure, the document should be updated.
Thanks !
——————
1 unix-console
2 nxvfb
3 unix-gnome
4 vms unix-remote-custom
5 unix-xsession-default
6 vnc
7 windows
8 unix-remote
9 unix-desktop
10 nx-console
11 unix-cde
12 shadow
13 unix-kde
14 connection-only
15 unix-application
16 nx-console- shadow
17 unix-default
18 unix-xdm
19 physical-desktop
20 virtual-desktops-limit
21 connections-limit
22 unix-script
23 server-printer-sharing
24 client-network-sharing
25 audio
26 server-network-sharing
27 client-usb-sharing
28 interactive-mode
29 server-disk-sharing
30 local- recording
31 client-smartcard-sharing
32 microphone
33 client-printer-sharing
34 client-disk-sharing
35 server-file-transfer
36 client-file-transfer
37 session-recording
38 server-usb-sharing
——————
-
AuthorPosts
You must be logged in to reply to this topic. Please login here.