The main benefit of creating access policies is to ensure that when you register a rule on the Segura platform, it will be applied to the following executions:
- Shell.
- Software.
- Scripts.
- Parent and child process controls.
This means that even if a user tries to use a shell escape, circumvent or abuse privileges, they won't be able to. This module allows the system administrator to:
- Create policies.
- Check and control files and folders.
- Set permissions.
- Create an alias.
- Register new environment variables.
- Control directories and files.
- Perform other actions, all based on access policies.
Register policies
Policies are segregated into three levels:
- General: policies that apply to all devices where EPM Linux is active and approved.
- Devices: policies applied to specific devices.
- Users: policies can only be registered by General and Devices.
Kernel-level policies control Linux access control lists (ACLs). This feature essentially restricts or allows access at the kernel level. ACLs enable the system administrator to apply a more specific set of permissions to users or groups and to define which operations are allowed.
The order of access policies is very important. Policies added first have priority. If a first policy allows access and a later policy denies access to the same user, the first policy will take precedence. Administrators should plan the order of policies, starting with general policies, followed by more specific policies.
Prohibitive policies can cause great damage to the device, even leading to the total blocking of interactivity.