Sep 23 · 4 min read
New Features In Cmd Make Access Control on Linux Easier, Faster, and More Compliant
By: Jennifer Ellard
Centralizing security controls over decentralized Linux farms is not easy, especially when trying to still allow DevOps the freedom they need to troubleshoot, upgrade and maintain the environment without having to relearn any tools or processes. That is where Cmd can help — putting access guardrails on Linux that ensure control while leaving DevOps with the flexibility they need to do their jobs. And the good news is that recent improvements in Cmd have made Linux security even easier to uphold while simultaneously adding features for advanced security. Here’s what’s new!
Faster and Cleaner Alert Management
The Cmd home page and alerts are where security administrators spend most of their time, so we set out to make important information more visible and actionable. Alerts are now more accessible and easier to discern with alert bars instead of numbers.
Alerts and notices can now also be grouped by IP, user, trigger, city, server or server group. Additionally, we’ve added more information to help you resolve alerts including session ID and made the total number of alerts from that session more prominent. All of this adds up to faster prioritization and cleaner alert management.
Another advancement in alerts is more information about users. Purple icons now represent users who have authenticated their identities with Cmd, allowing us to attribute those sessions to the appropriate users. Stars indicate users who executed a command as root when the alert fired. This additional information helps you to quickly assess user involvement in the issue.
We’ve also added a capability that lets you quickly dismiss related alerts in the same session, so you don’t have to click through and resolve each alert individually.
Customizable Server Names for All Servers
No one likes deciphering server names. That’s why we now support customizable, human-readable names for all your servers. You can assign your servers names that your team can understand without a reference sheet. And while server names are limited to 128 characters, you can go wild with a-z, A-Z, 0–9, spaces, underscores, colons, periods and dashes.
We’ve also improved the automation process for naming servers. Previously the server’s config file was only checked during installation and the name could not be changed unless in the Cmd interface. This unfortunately led to unnamed servers. Now, each time a server without a name connects to Cmd, we check its config file and set the server name accordingly.
More Efficient and Flexible Data Scrubbers for Compliance
We value data privacy, and we know that protecting your PII and customer data is a key concern. To make sure that sensitive information doesn’t leave your network, we redesigned our data scrubbers — little routines that identify and redact data deemed to be sensitive — to be more efficient, more flexible, simpler to test and manage.
Here’s what we did:
- Improved performance — We started by reducing the amount of data each scrubber processes by limiting each scrubber to one of three data types: commands, file diffs or terminal outputs.
- Standardized behavior — Scrubbers now apply to the entire project in which they are defined and apply to lines instead of buffers. Both of these changes help standardize scrubber behavior.
- Configurable length — Since scrubbers now apply to lines, we’ve added a way to change the line length to set an upper bound on how much data from a single line gets scrubbed at one time.
- Logical redaction — Redaction is necessary for security, but it is also important to understand how much content is redacted. This is why there is now a 1:1 relationship between the number of characters under redaction and the number of asterisks that will appear.
Increased Version Control
Security admins love control. So we’ve added two new features to increase control of installed software versions.
- Administrators can now toggle automatic updates of the Cmd agent on a per-project basis.
- Administrators can now download different versions of the agent directly from the Cmd app, instead of just the latest version.
Security Doesn’t Have to Be Laborious
As more critical data is stored and accessed via your Linux environment, being able to monitor administrative root access activity has never been more important. We get it and we want to help Cmd users quickly respond. Whether it be a simple mistake or a true threat, you’ve got to react quickly. Luckily, these improvements will help you to be more efficient all while keeping your Linux systems secure.