Case Study #014.01

Scenario

A malicious user, who has authorization to run the RSBDCOS0 program, attempts to delete files by executing the rm -rf command on a Linux-based application server in order to damage the system.

Impact

The RSBDCOS0 program is dangerous because it allows direct execution of operating system commands. Activities like file deletion and modification can be performed through this program, making it a critical security risk. Its usage should be strictly restricted.

DefenceMore OCA Capabilities

Defencemore OCA's S012 control monitors the use of the RSBDCOS0 program and triggers alerts to system administrators via email whenever the program is executed.

Related Checks

• S012 RSBDCOS0 Report Execution Logs