Skip to main content

Targeting the OpenBSD system

For each OpenBSD system, add a target system in Bravura Security Fabric (Manage the system > Resources > Target systems):

  • Type is OpenBSD Server with 'sudo' (SSH) (Legacy).

  • Address uses options described in the table below.

The full list of target parameters is explained in Target system options .

Table 1. OpenBSD Server with 'sudo' (SSH) (Legacy) address configuration

Option

Description

Options marked with a redstar.png are required.

Script file redstar.png

Must be set to agtopenbsd.psl

(key: script)

Server redstar.png

The IP address/domain name of the OpenBSD server.

(key: server)

Target system’s internal hostname redstar.png

This is the internally-defined host name that, along with the logged in user’s name, comprises the OpenBSD prompt. The script generates the expected prompt using this value, then uses the generated prompt to know when commands have completed.

(key: name)

Privilege escalation type

Select:

Use ’sudo’ as privileged escalation When this option is selected, the credentials of the target administrator will be used to run the sudo command. Ensure that this user is defined in the /etc/sudoers file.

If the sudo password is configured to be different than the log-in password, add another set of credentials for sudo and select the System password option. The Administrator ID can be arbitrary. This is the default setting.

Use ’su’ as privileged escalation When this option is selected, along with the credentials of the target administrator, you must also specify another set of credentials for the built-in "root" account and select the System password option for this account. This will be used to run the su command.

Use ’dzdo’ as privileged escalation You can use this escalation type if a dzdo package exists for your target operating system and this package has been installed. When this option is selected for a Centrify system, the credentials of the target administrator will be used to run the ’dzdo’ command in a similar manner as the ’sudo’ command. Ensure that this user has role-based access rights for zones stored in Active Directory.

No privileged escalation Operations will be done without elevated privileges.

(key: privEscType)

Advanced

Port

TCP Port number. Default is 22.

(key: port)

Compression

Select to enable data compression for SSH connections. Default is false.

(key: compression)

Action for host keys

Select DenyUnmatch (default) or AllowAppend. For new targets, AllowAppend is recommended.

DenyUnmatch only connects to SSH hosts whose public host keys have been previously recorded and have not been changed. It will reject SSH hosts whose keys have not been previously recorded or were previously recorded but have changed.

AllowAppend connects to SSH hosts whose public host keys have been previously recorded and have not been changed, and to SSH hosts whose keys have not been previously recorded. It will reject SSH hosts whose keys were previously recorded but have changed.

(key: hostkeys)

Host keys file

Specify the name of the public host key file. It must be located in the \<instance>\script\ directory.

(key: file)

Authentication key file

This is a generic SSH target field that is ignored for OpenBSD target systems. Login must be done with username and password.

Timeout for connection

Amount of time the connector will wait for a response.

(key: timeout)

Enable SSH v1?

To enable SSH connection via SSH protocol version 1.

(key: enable_ssh_1)

Trace Logging

Provides detailed multiline logging for connectors. Default is None. Other options include Low, Medium, and High.

(key: trace)



In this section: