There is a need to monitor / audit ftp, sftp, scp activity.
Also known as Bugzilla Enhancement ID 999986.
by: Tyler H. | over a year ago | Other
Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.
Planned
11
Monitor ftp, sftp, scp sessions
by: Tyler H. | over a year ago | Other
Comments
Just pasting this comment from bugzilla to add more context. This is indeed a very good idea. Although there is overlap with simply selling Change Guardian to customer, monitoring what files are transferred through SFTP can be very valuable from auditing perspective and is not as intrusive as installing CG agents all over the place.
Comment from Tyler in Bugzilla 999986:
The documented steps (for using SFTP with PAM) work; however, cusomter needs a better method of using SFTP through the relay for two reasons:
-The supported method of using winscp is a bit cumbersome to setup by users. It requires users to know where sftp-server is running on the host node they are targeting, etc.
-PAM reporting also does not capture what file was transferred, as it only shows an entry for user login. Actual auditing of the session is something that is desired.
We have users which are heavy users of SCP and being able to use SCP through the PAM relay would be a big win for us. Agree with comments on how having to setup where sftp-server is running on winscp is difficult for users. Other privileged access tools will record what file was transferred and the size, which is very helpful in an audit.