Chat now with support
Chat mit Support

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

year

Description

Type integer READONLY

year contains the year in which the request was submitted in the format YY.

Related Topics

dayname

minute

hour

day

month

date

time

Global output variables

The following predefined global variables are initialized from the submit user's environment.They can be affected by the policy file.

Table 11: Global output variables
Variable Data Type Description

disable_exec

integer

Specifies whether to prevent the runcommand process from executing new processes.

eventlog

string

Pathname of the audit log.

iolog

string

Pathname of the keystroke log.

logstderr

integer

Specifies whether to keystroke log stderr messages.

logstdin

integer

Specifies whether to keystroke log stdin messages.

logstdout

integer

Specifies whether to keystroke log stdout messages.

runargv

list

List of arguments for the request.

runchroot

string

Requests the command to run with a specified root directory.

runcksum

string

Identifies a checksum to use to verify against the runcommand.

runclienthost

string

A modifiable copy of the clienhost input variable.

runcommand

string

Full pathname of the request.

runconfirmuser

string

Specifies whether the agent should request the runuser to authenticate before executing the runcommand.

runcwd

string

Working directory to set for the request.

runenablerlimits

boolean

Lets you use runrlimit variables on the run host.

runenv

list

List of environment variables to set for the request.

rungroup

string

Primary group to set for the request.

rungroups

list

List of secondary groups to set for the request.

runhost

string

Host on which to run the request.

runnice

integer

Nice value to apply for the request.

runpaths

list

A list of permitted paths for commands.

runptyflags

string

Pty flags to apply for the request.

runrlimit_as

string

Controls the maximum memory that is available to a process.

runrlimit_core

string

Controls the maximum size of a core file.

runrlimit_cpu

string

Controls the maximum size CPU time of a process.

runrlimit_data

string

Controls the maximum size of data segment of a process.

runrlimit_fsize

string

Controls the maximum size of a file.

runrlimit_locks

string

Control the maximum number of file locks for a process.

runrlimit_memlock

string

Controls the maximum number of bytes of virtual memory that can be locked.

runrlimit_nofile

string

Controls the maximum number of files a user may have open at a given time.

runrlimit_nproc

string

Controls the maximum number of processes a user may run at a given time.

runrlimit_rss

string

Controls the maximum size of the resident set (number of virtual pages resident at a given time) of a process.

runrlimit_stack

string

Controls the maximum size of the process stack.

runtimeout

integer

Specifies the number of seconds of idle time before ending the session.

runumask

integer

Umask value to apply for the request.

runuser

string

User to run the request.

runutmpuser

string

Utmp user to use when logging to utmp.

subprocuser

string

User name to run subprocesses of the policy server master daemon.

tmplogdir

string

Directory used for temporary storage of I/O log files if a remote log host is specified in iologhost.

disable_exec

Description

Type integer READ/WRITE

Use disable_exec to prevent the runcommand process from executing new UNIX processes. For example, you can prevent a vi session from executing shell commands. This variable is only supported if the underlying operating system supports the noexec feature; that is, Linux, Solaris, HP-UX, and AIX. If set to true(1), Safeguard for Sudo sets the LD_PRELOAD environment variable, which causes the runcommand to be loaded with a Safeguard for Sudo library that overrides the system exec functions, and thus prevents the runcommand from using exec to create a new process.

eventlog

Description

Type string READ/WRITE

eventlog contains the full pathname of the file in which audit events are logged. The default pathname is /var/opt/quest/qpm4u/pmevents.db.

Related Topics

event

Event logging

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen