지금 지원 담당자와 채팅
지원 담당자와 채팅

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

pmshell_script

Description

Type integer READONLY

pmshell_script is a constant value that identifies a shell script. Use it for comparison with the value of the pmshell_cmdtype variable.

Example
if (defined pmshell_cmd && (pmshell_cmdtype == pmshell_script)) 
{ 
   #forbid any shell scripts unless interpreter is a program in /opt/quest/bin 
   if (dirname (pmshell_interpreter) != "/opt/quest/bin")) 
   { 
      reject "You cannot run this script"; 
   } 
}
Related Topics

pmshell

pmshell_restricted

pmshell_checkbuiltins

pmshell_prog

pmshell_reject

pmshell_allow

pmshell_forbid

pmshell_restricted

pmshell_uniqueid

Description

Type string READONLY

pmshell_uniqueid is only defined if the command is a shell subcommand running from a Privilege Manager shell (pmsh, pmcsh, pmksh, and pmbash). It contains the uniqueid of the session running the shell program. It allows the individual commands running within the shell to be identified as part of the same shell session when viewing the audit log entries.

Example
#shell script example to print out all shell commands for each shell run on 
#15 january 2009 

#constraint to select pmshell programs running on selected date 
constraint="(date=\"2009/01/15\") && (pmshell==1) && (pmshell_cmd==0))" 

#format to display user and shell program name 
userformat="sprintf(\"User:%s, shell:%s\", user, pmshell_prog)" 

#format to display shell subcommand name and time 
shellformat="sprintf(\" Time:%s, ShellCommand:%s\n", time, runcommand)" 

#find the unique IDs for all shell sessions 
allids=`/bin/sh –c "pmlog –p 'sprintf(\"%s\", uniqueid)' –c '${constraint}'"` 

#for each shell session, print out the username and shell program name, 
#and display each shell command run from the shell, with the time it was 
#executed for one in $allids 
do 
   cmd="pmlog –p '${userformat}' –c 'uniqueid==\"${one}\"'" 
   /bin/sh –c "${cmd}" 
   cmd="pmlog –p '${shellformat}' -c 'pmshell_uniqueid==\"${one}\"'" 
   /bin/sh –c "$cmd" 
done
Related Topics

pmshell

pmshell_restricted

pmshell_checkbuiltins

pmshell_prog

pmshell_reject

pmshell_allow

pmshell_forbid

pmshell_restricted

pmversion

Description

Type string READONLY

pmversion contains the Privilege Manager version and build number.

Example
print("The current Privilege Manager version is %s", pmversion);

ptyflags

Description

Type string READONLY

ptyflags contains a bitmask indicating the ptyflags set from the submit user's environment. If set, the following bits indicate:

Bit 0: stdin is open 
Bit 1: stdout is open 
Bit 2: stderr is open 
Bit 3: command was run in pipe mode 
Bit 4: stdin is from a socket 
Bit 5: command to be run using nohup
Example
PTY_IN=0x1; 
if (ptyflags & PTY_IN) 
{ 
   #only authenticate if stdin is open and password can be entered 
   if (!authenticate_pam(user, "sshd")) 
   { 
      reject "Failed to authenticate user"; 
   } 
} 
else 
{ 
   reject "Cannot authenticate the user"; }
Related Topics

runptyflags

관련 문서