Description
Type integer READONLY
pmshell_script is a constant value that identifies a shell script. Use it for comparison with the value of the pmshell_cmdtype variable.
Example
if (defined pmshell_cmd && (pmshell_cmdtype == pmshell_script))
{
#forbid any shell scripts unless interpreter is a program in /opt/quest/bin
if (dirname (pmshell_interpreter) != "/opt/quest/bin"))
{
reject "You cannot run this script";
}
}
Description
Type string READONLY
pmshell_uniqueid is only defined if the command is a shell subcommand running from a Privilege Manager for Unix shell (pmsh, pmcsh, pmksh, and pmbash). It contains the uniqueid of the session running the shell program. It allows the individual commands running within the shell to be identified as part of the same shell session when viewing the audit log entries.
Example
#shell script example to print out all shell commands for each shell run on
#15 january 2009
#constraint to select pmshell programs running on selected date
constraint="(date=\"2009/01/15\") && (pmshell==1) && (pmshell_cmd==0))"
#format to display user and shell program name
userformat="sprintf(\"User:%s, shell:%s\", user, pmshell_prog)"
#format to display shell subcommand name and time
shellformat="sprintf(\" Time:%s, ShellCommand:%s\n", time, runcommand)"
#find the unique IDs for all shell sessions
allids=`/bin/sh -c "pmlog -p 'sprintf(\"%s\", uniqueid)' -c '${constraint}'"`
#for each shell session, print out the username and shell program name,
#and display each shell command run from the shell, with the time it was
#executed for one in $allids
do
cmd="pmlog -p '${userformat}' -c 'uniqueid==\"${one}\"'"
/bin/sh -c "${cmd}"
cmd="pmlog -p '${shellformat}' -c 'pmshell_uniqueid==\"${one}\"'"
/bin/sh -c "$cmd"
done
Description
Type string READONLY
pmversion contains the Privilege Manager for Unix version and build number.
Example
print("The current Privilege Manager for Unix version is %s", pmversion);
Description
Type string READONLY
ptyflags contains a bitmask indicating the ptyflags set from the submit user's environment. If set, the following bits indicate:
Bit 0: stdin is open
Bit 1: stdout is open
Bit 2: stderr is open
Bit 3: command was run in pipe mode
Bit 4: stdin is from a socket
Bit 5: command to be run using nohup
Example
PTY_IN=0x1;
if (ptyflags & PTY_IN)
{
#only authenticate if stdin is open and password can be entered
if (!authenticate_pam(user, "sshd"))
{
reject "Failed to authenticate user";
}
}
else
{
reject "Cannot authenticate the user"; }