HomeHome
Guides
HomeHomeLog In
Guides
Start typing to search…

Installing & Configuring Command Control Server

Prerequisites

  • Linux kernel version 5.1.0 or higher
  • Root SSH access to the target server during installation
  • Supported Linux distributions:
    • Ubuntu (tested on 24.04)
    • Debian (tested on 12)
    • Red Hat Enterprise Linux (tested on RHEL 9)
    • Fedora
  • Supported architectures: amd64 or arm64
  • All applications on the same server must use the same vault credentials for root access

Installation Procedure

Installation is performed through the IDAC interface:

  1. Navigate to the Command Control installation section in the IDAC UI.
  2. Ensure root SSH access is enabled on the target server.
  3. The system will automatically detect your distribution and install the appropriate package (RPM or DEB).
  4. Root credentials are required for the installation process.

Management via API

Uninstalling the Service

https://<base-url>/manage_command_controlled_server/uninstall/<ip:port>

Reinstalling the Service

https://<base-url>/manage_command_controlled_server/install/<ip:port>

Both operations require root SSH connection to the target server.

Configuration

Creating a Command Control Policy

  1. Choose Operation Mode:

    • Allow List: Only commands in the list are permitted
    • Block List: Commands in the list are blocked

  2. Important Note for Allow List Mode: When using Allow List mode, the system blocks ALL commands not explicitly listed, including:

    • Implicit system commands
    • Essential system commands
    • Library calls

    You must include essential system components for the server to function properly:

    Required Allow List Entries by Distribution:

    RHEL (amd64):

    /usr/bin/bash
/usr/lib64/ld-linux-x86-64.so.2

    RHEL (arm64):

    /usr/bin/bash
/usr/lib/ld-linux-aarch64.so.1

    Debian (amd64):

    /usr/bin/bash
/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

    Debian (arm64):

    /usr/bin/bash
/usr/lib/aarch64-linux-gnu/ld-linux-aarch64.so.1

Applying Policies

  1. Create a Command Control policy with your desired settings
  2. Create an Action policy and attach the Command Control policy to it
  3. Attach the policy to your SSH application
  4. Important: Check the "Enable Command Control" checkbox for every application on the same server, even if the service is already installed

This ensures the Command Control policy takes effect across all applications on that server.

Updated 1 day ago