[tac_plus] restrict by time of the day
Aaron Wasserott
Aaron.Wasserott at viawest.com
Mon Apr 10 21:36:23 UTC 2017
Many firewall vendors support schedules in their firewall rules. That might be an option, if you capture their traffic separately from everyone else.
-----Original Message-----
From: tac_plus [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Asif Iqbal
Sent: Monday, April 10, 2017 3:00 PM
To: Daniel Schmidt
Cc: tac_plus at shrubbery.net
Subject: Re: [tac_plus] restrict by time of the day
On Mon, Apr 10, 2017 at 4:14 PM, Daniel Schmidt <daniel.schmidt at wyo.gov>
wrote:
> I've considered added it to do_auth before, but this is the first time
> anybody expressed interest.
>
We have a requirement to deny any config change for certain group during trading hours
>
> On Mon, Apr 10, 2017 at 11:43 AM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> On Mon, Apr 10, 2017 at 1:38 PM, heasley <heas at shrubbery.net> wrote:
>>
>> > Sat, Apr 08, 2017 at 06:29:46PM -0400, Asif Iqbal:
>> > > I meant like below per tac_plus.conf man page
>> > >
>> > > cmd-match
>> > > Specify a command argument match.
>> > >
>> > > <permission> <regex>
>> > > <permission> <regex>
>> > >
>> > > In the regex may be some expression that become NUL based on
>> timestamp? I
>> > > do not have any example.
>> >
>> > the regex does not match a timestamp; there is in fact no timestamp
>> > involved at all.
>> >
>> > You can use do_auth.py or enforce the ToD via PAM.
>> >
>>
>> I will take a look if it can provide option to allow/deny certain cmd.
>>
>> Thanks
>>
>> > [..]
>>
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> -------------- next part -------------- An HTML attachment was
>> scrubbed...
>> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/
>> 20170410/31fb6bb1/attachment.html>
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
>
>
> E-Mail to and from me, in connection with the transaction of public
> business, is subject to the Wyoming Public Records Act and may be
> disclosed to third parties.
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20170410/9d9c42bd/attachment.html>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.
More information about the tac_plus
mailing list