What is a one sentence summary of your feature request?
Ability to monitor, alert and block actions or commands on Linux
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Need the ability to monitor, alert and block for set of prohibited actions or commands like shutdown a linux. For example, if a user tries to shut down a machine, the NPS administrator should get an alert, and the action should be blocked.
How do you currently solve the challenges you have by not having this feature?
We monitor the SIEM for events after the fact but cannot detect or alert in real-time.
This feature has been released and is found in Policy --> Access Policy --> Command Restriction in v25.08.04003 and later.
Command Restrictions for SSH
Specific commands can be restricted during SSH sessions using regular expressions. The system evaluates commands in order from top to bottom, applying the first matching rule. Available actions include logging the command, blocking it, locking the session, or terminating the session. Custom lock messages can be configured per command when using the lock action. Email notifications can be sent to NPS administrators whenever a restricted command is triggered. Restrictions are configured in the new Command Restrictions section within the Policy tab.
This is a common question that our customer asks so wanted to set this up on our end with some guide if there is any.
Can i check if this restricted commands works for Windows CMD and PS?
This feature is only for SSH sessions provisioned via NPS. It has no effect on Windows RDP sessions, even if the user opens a command line such as CMD or PS. It’s strictly for SSH.
Documentation updates will begin very soon - I don’t have a firm timeline for completion, but within the next month seems reasonable.
