By default, CAFT allows any command to be executed from an authorized host. As the UNIX Connector only needs to run the uxsautil command, the CAFT caftexec script can be customized to filter commands and to allow only the uxsautil binary.
An example of such a script and its configuration file are provided in the
`cat /etc/catngdmopath.tng`/scripts folder, and can be copied to the `cat /etc/catngcampath` folder:
# cd `cat /etc/catngcampath`
# mv caftexec caftexec.back
# cp -p `cat /etc/catngdmopath.tng`/scripts/caftexec* .
|
Copyright © 2013 CA.
All rights reserved.
|
|