サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

alertkeysequence

Description

Type list READ/WRITE

alertkeysequence contains a list of regular expressions, against which pmlocald checks the standard input commands entered by the user during a session. If a match is found, then an alert is raised in the event log.

Example
Switch (user) { 
   case "root": alertkeysequence={"passwd"}; 
      alertkeyaction="log"; 
      break; 
   default : alertkeysequence={"passwd", "shutdown"}; 
      alertkeyaction="reject"; 
      break; 
}
Related Topics

alertdate

alertkeymatch

alertkeyaction

alerttime

disable_exec

Description

Type integer READ/WRITE

Use disable_exec to prevent the runcommand process from executing new UNIX processes. For example, you can prevent a vi session from executing shell commands. This variable is only supported if the underlying operating system supports the noexec feature; that is, Linux, Solaris, HP-UX, and AIX. If set to true(1), Privilege Manager for Unix sets the LD_PRELOAD environment variable, which causes the runcommand to be loaded with a Privilege Manager for Unix library that overrides the system exec functions, and thus prevents the runcommand from using exec to create a new process.

Example
if (basename(runcommand) in editor_program_list) 
{ 
   disable_exec=true; 
}

eventlog

Description

Type string READ/WRITE

eventlog contains the full pathname of the file in which audit events are logged. The default pathname is /var/opt/quest/qpm4u/pmevents.db.

Example
adminusers = {"dan","robyn","cory"} 
if (user in adminusers) 
   eventlog = "/var/log/pm+admin_eventlog_" + user + ".log"; 
else 
   eventlog = "/var/opt/quest/qpm4u/pmevents.db";
Related Topics

eventloghost

event

Event logging

eventloghost

Description

Type string READ/WRITE

eventloghost is a string that defines the host that acts as a centralized event log server.

Example
eventloghost="sol32.test.com";
Related Topics

eventlog

event

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択