Bastionhost is a system O&M and security audit platform provided by Alibaba Cloud. It allows you to centrally manage O&M permissions and operations, and play back recordings of O&M operations. This way, you can identify the users who perform specific O&M operations, manage permissions, and audit O&M operations. Bastionhost makes asset management efficient, O&M responsibilities clear, and O&M events traceable, helping enterprises meet the requirements for classified protection.
Benefits
- Unified portal for O&M
Bastionhost provides a unified portal for you to manage different accounts. You can use single sign-on (SSO) to access a large number of server resources in the backend. This improves O&M efficiency and prevents risks, for example, passwords are forgotten or leaked.
- Two-factor authentication
Bastionhost provides the two-factor authentication feature. You can use a verification code in a multi-factor authentication (MFA) device or a verification code sent in a text message for identity authentication. This prevents unauthorized access to assets by using leaked accounts and passwords.
- Fine-grained permission assignment
Bastionhost allows you to group users and assign permissions to the users at a fine granularity. You can control permissions such as file upload, download, and creation permissions. This helps implement flexible access control based on the principle of least privilege.
- Automatic blocking of high-risk commands
Bastionhost automatically blocks the running of high-risk commands, such as rm -rf /* (the command to delete data), and commands to format system disks. This helps prevent accidental deletion operations that may cause serious consequences.
- Visualized audit for event tracing
Bastionhost visualizes audit records. It records O&M sessions and allows you to play back the recordings. This way, you can collect evidence and trace security events in an efficient manner.
Editions
Bastionhost is available in the following editions to meet the needs of different users: Basic,and Enterprise. For more information, see Functions and features.