To find out a brief description of a setting, bring the mouse pointer above the ? towards the right of the setting.
- Password minimum length: Set the minimum length of the root or SSH User passwords auto-generated by Ezeelogin for the servers managed by it.
- Password maximum length: Set the maximum length of the root or SSH User passwords auto-generated by Ezeelogin for the servers managed by it.
- Password Minimum Block Letters Enforce the minimum number of block letters in the users password and server password.
- Password Minimum Small Letters Enforce the minimum number of block letters in the users password and server password.
- Password Minimum Special Characters Enforce the minimum number of special characters in the users password and server password
- Password Minimum Digits Enforce the minimum number of digits in the users password and server password
- Auto create user Enable this if you are using Ldap authentication and do not plan to use pam_ldap for authenticationThis would auto create a system user when a user logs in into the web
- Command guard: Enable / disable command filtering for Ezeelogin shell. The possible options for this are:
- Disable: No command filtering
- Enable: Enable command filtering.
- SSH Session Logging: Set the level of logging for SSH sessions via Ezeelogin shell. The possible options for this are:
- None: No logging.
- Input: Logs every character that goes to the STDIN file descriptor. All key strokes in the SSH session are logged including user password.
- Output: Logs every character that goes to the STDOUT file descriptor. In output logging, all the screens that the user see in his SSH terminal are logged.
- Both: This includes both input logs and output logs
- Shell access notification It would send an email to superadmin user whenever any user access ezsh.
- Automated password change: If this is enabled, passwords on all the servers will be automatically changed once in a week. Typically at 01:01 AM (time on the server where Ezeelogin is installed) every Sunday. Note that servers with Keep my password enabled and servers with SSH disabled will be excluded from the password change. To change the frequency, day or time of execution of Automated password change, login to the ezeelogin ssh gateway server server as root and execute the following command:
crontab -e -u ezadmin
Now you can configure it just like you would configure any cron job.
- RDP Recording Enable RDP session recording of the browser based rdp session initiated.
- Web Proxy Logging Enable Recording of Requests and Responses via Web Proxy
- Request: Record webproxy requests.
- Response Enable: record webproxy responses
- Both: Record both.
- Proxy Allow All Allow access to webproxy from all ip addresses.
- Tunnel Allow All Allow access to ssh tunnels from all ip addresses
- Four Eyes Authorization If enabled,then a user would have to be authorized by a user with four eyes authorization privilege in access control to view the recordings of the ssh sessions of any user.
- Hide server details: If this is enabled, Ezeelogin shell will display server details such as password, kvm info, reboot info etc to member belongine to the “Admins” UserGroup only. Other users can use Ezeelogin shell to login to the servers, but cannot view the server password and other details. If this is enabled, overrides the “View server details” ACL setting in user group - features and/or user - features. Even if this is disabled, important viewable info can be controlled on per user group or per user basis via the ACLs user group - features and/or user - features.
- Consider Server Activity If enabled, then the shell activity would include non interactive command outputs being displayed. For example, command top can run for infinite time without any user interaction.
- Shell Activity Timeout Disconnect from ezsh shell if there is no activity in ezsh shell. A value of 0 means no timeout.
- Encrypt ssh logs It would encrypt the logs that are generated on enabling SSH Logging. With this disabled , logs would be stored in plain text. Enable this for best security. Note that enabling this would cause the user sshlog live streaming feature to stop working.
- Recursive delete protection: If this is enabled, user will be prevented from executing most common rm -rf / errors. For deleting directory recursively, user has to change to the parent directory and then issue the command as rm -rf directory_to_remove. Thus most common mistakes such as rm -rf / home/username/temp (accidental typing of a space after the ”/”) can be prevented.
- Pass through environment variables Add the environment variables that should be allowed to be passed through to the remote servers when logging in via Ezeelogin SSH jump host. These would also need to be allowed using AcceptEnv setting in /etc/ssh/sshd_config on the SSH jump host as well as all the remote servers.
- Change Notifications Email alerts are send to the super admin users whenever server add ,server edit,user add, user edit , user delete operations are performed.
- Detailed Audit Logs Include change detail in webactivity log. Detailed log of actions performed on the gui are recorded. Note, this would consume more database space.