Privilege Manager for Unix 7.1 - Administration Guide

Description

Type integer READONLY

pmshell_interpreter is only defined if the command is running from within a Privilege Manager for Unix shell program. If the shell subcommand is an interpreted script (that is, the first line of the file contains a directive in the format #!<path>) then this variable contains the pathname of the interpreter identified by this directive. Use this variable to detect and reject a user from running an unrestricted shell script from within a restricted shell program.

Example

if (defined pmshell) 
{ 
   printf("Starting %s shell\n", pmshell_prog); 
   accept; 
} 
if ((defined pmshell_cmd) && (pmshell_cmd == true)) 
{ 
   # if running a restricted shell, then don't allow the user to run a shell 
   # script unless it's a Privilege Manager for Unix shell 
   if (pmshell_restricted && (pmshell_cmdtype == pmshell_script)) 
   { 
      if (dirname(pmshell_interpreter) != "/opt/quest/bin") 
      { 
         reject "Restricted shell only permits you to run a shell in the 
					/opt/quest/bin directory"; 
      } 
   }

Description

Type string READONLY

pmshell_prog is only defined if a Privilege Manager for Unix shell program is running. If a shell is running, it is set to the name of the shell program (pmsh, pmcsh, pmksh, pmloginshell, or pmbash).

Example

if (defined pmshell) 
{ 
   printf("Starting %s shell\n", pmshell_prog); 
   accept; 
}

Description

Type integer READONLY

pmshell_script is a constant value that identifies a shell script. Use it for comparison with the value of the pmshell_cmdtype variable.

Example

if (defined pmshell_cmd && (pmshell_cmdtype == pmshell_script)) 
{ 
   #forbid any shell scripts unless interpreter is a program in /opt/quest/bin 
   if (dirname (pmshell_interpreter) != "/opt/quest/bin")) 
   { 
      reject "You cannot run this script"; 
   } 
}

Description

Type string READONLY

pmshell_uniqueid is only defined if the command is a shell subcommand running from a Privilege Manager for Unix shell (pmsh, pmcsh, pmksh, and pmbash). It contains the uniqueid of the session running the shell program. It allows the individual commands running within the shell to be identified as part of the same shell session when viewing the audit log entries.

Example

#shell script example to print out all shell commands for each shell run on 
#15 january 2009 

#constraint to select pmshell programs running on selected date 
constraint="(date=\"2009/01/15\") && (pmshell==1) && (pmshell_cmd==0))" 

#format to display user and shell program name 
userformat="sprintf(\"User:%s, shell:%s\", user, pmshell_prog)" 

#format to display shell subcommand name and time 
shellformat="sprintf(\" Time:%s, ShellCommand:%s\n", time, runcommand)" 

#find the unique IDs for all shell sessions 
allids=`/bin/sh –c "pmlog –p 'sprintf(\"%s\", uniqueid)' –c '${constraint}'"` 

#for each shell session, print out the username and shell program name, 
#and display each shell command run from the shell, with the time it was 
#executed for one in $allids 
do 
   cmd="pmlog –p '${userformat}' –c 'uniqueid==\"${one}\"'" 
   /bin/sh –c "${cmd}" 
   cmd="pmlog –p '${shellformat}' -c 'pmshell_uniqueid==\"${one}\"'" 
   /bin/sh –c "$cmd" 
done

Privilege Manager for Unix 7.1 - Administration Guide

pmshell_interpreter

Description

Example

Related Topics

pmshell_prog

Description

Example

Related Topics

pmshell_script

Description

Example

Related Topics

pmshell_uniqueid

Description

Example

Related Topics

Seleziona il prodotto:

Per una maggiore efficacia, compilare l'Obiettivo della chat:

Soluzioni consigliate per il problema

Privilege Manager for Unix 7.1 - Administration Guide

pmshell_interpreter

Description

Example

Related Topics

pmshell_prog

Description

Example

Related Topics

pmshell_script

Description

Example

Related Topics

pmshell_uniqueid

Description

Example

Related Topics