Chatee ahora con Soporte
Chat con el soporte

Privilege Manager for Unix 7.2.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

pmshell_script

Description

Type integer READONLY

pmshell_script is a constant value that identifies a shell script. Use it for comparison with the value of the pmshell_cmdtype variable.

Example
if (defined pmshell_cmd && (pmshell_cmdtype == pmshell_script)) 
{ 
   #forbid any shell scripts unless interpreter is a program in /opt/quest/bin 
   if (dirname (pmshell_interpreter) != "/opt/quest/bin")) 
   { 
      reject "You cannot run this script"; 
   } 
}

pmshell_uniqueid

Description

Type string READONLY

pmshell_uniqueid is only defined if the command is a shell subcommand running from a Privilege Manager for Unix shell (pmsh, pmcsh, pmksh, and pmbash). It contains the uniqueid of the session running the shell program. It allows the individual commands running within the shell to be identified as part of the same shell session when viewing the audit log entries.

Example
#shell script example to print out all shell commands for each shell run on 
#15 january 2009 

#constraint to select pmshell programs running on selected date 
constraint="(date=\"2009/01/15\") && (pmshell==1) && (pmshell_cmd==0))" 

#format to display user and shell program name 
userformat="sprintf(\"User:%s, shell:%s\", user, pmshell_prog)" 

#format to display shell subcommand name and time 
shellformat="sprintf(\" Time:%s, ShellCommand:%s\n", time, runcommand)" 

#find the unique IDs for all shell sessions 
allids=`/bin/sh -c "pmlog -p 'sprintf(\"%s\", uniqueid)' -c '${constraint}'"` 

#for each shell session, print out the username and shell program name, 
#and display each shell command run from the shell, with the time it was 
#executed for one in $allids 
do 
   cmd="pmlog -p '${userformat}' -c 'uniqueid==\"${one}\"'" 
   /bin/sh -c "${cmd}" 
   cmd="pmlog -p '${shellformat}' -c 'pmshell_uniqueid==\"${one}\"'" 
   /bin/sh -c "$cmd" 
done

pmversion

Description

Type string READONLY

pmversion contains the Privilege Manager for Unix version and build number.

Example
print("The current Privilege Manager for Unix version is %s", pmversion);

ptyflags

Description

Type string READONLY

ptyflags contains a bitmask indicating the ptyflags set from the submit user's environment. If set, the following bits indicate:

Bit 0: stdin is open 
Bit 1: stdout is open
Bit 2: stderr is open
Bit 3: command was run in pipe mode
Bit 4: stdin is from a socket
Bit 5: command to be run using nohup
Example
PTY_IN=0x1; 
if (ptyflags & PTY_IN) 
{ 
   #only authenticate if stdin is open and password can be entered 
   if (!authenticate_pam(user, "sshd")) 
   { 
      reject "Failed to authenticate user"; 
   } 
} 
else 
{ 
   reject "Cannot authenticate the user"; }
Related Topics

runptyflags

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación