Description
Type list READ/WRITE
alertkeysequence contains a list of regular expressions, against which pmlocald checks the standard input commands entered by the user during a session. If a match is found, then an alert is raised in the event log.
Example
Switch (user) {
case "root": alertkeysequence={"passwd"};
alertkeyaction="log";
break;
default : alertkeysequence={"passwd", "shutdown"};
alertkeyaction="reject";
break;
}
Description
Type integer READ/WRITE
Use disable_exec to prevent the runcommand process from executing new UNIX processes. For example, you can prevent a vi session from executing shell commands. This variable is only supported if the underlying operating system supports the noexec feature; that is, Linux, Solaris, HP-UX, and AIX. If set to true(1), Privilege Manager for Unix sets the LD_PRELOAD environment variable, which causes the runcommand to be loaded with a Privilege Manager for Unix library that overrides the system exec functions, and thus prevents the runcommand from using exec to create a new process.
Example
if (basename(runcommand) in editor_program_list)
{
disable_exec=true;
}
Description
Type string READ/WRITE
eventlog contains the full pathname of the file in which audit events are logged. The default pathname is /var/opt/quest/qpm4u/pmevents.db.
Example
adminusers = {"dan","robyn","cory"}
if (user in adminusers)
eventlog = "/var/log/pm+admin_eventlog_" + user + ".log";
else
eventlog = "/var/opt/quest/qpm4u/pmevents.db";
Description
Type string READ/WRITE
eventloghost is a string that defines the host that acts as a centralized event log server.
Example
eventloghost="sol32.test.com";