Command Control

Command Control in the System offers Administrators the ability to restrict commands that can be executed via a whitelist or blacklist in both Windows and Unix remote sessions.

In addition to the command restrictions themselves, Command Control can also place restrictions on command Arguments and what can, cannot or is required to be “piped” to commands.


The following use cases and scenarios are covered when Command Control is implemented in the System.

  1. Restrict the types of commands that can be executed in both Windows and Unix based remote sessions. Forbid users from executing a shutdown command or only permit users to execute service restart commands.
  2. Restrict command arguments and what can be piped into commands to provide further flexibility. This allows users to execute a wide range of commands while restricting their use to a limited set of arguments (allow, deny or require).
  3. Prevent specific applications from being launched through the use of whitelist and blacklist catalogs. A common need is to prevent server jumping.
  4. Inhibit the ability of users to view, extract or modify critical or sensitive content. Prevent your sensitive systems from (un)intentional abuse and your sensitive content from being distributed.

Please review the following articles to learn how to implement Command Control in PAM.

To configure Command Control in PAM (Getting Start Guide)