Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

eventlog

Description

Type string READ/WRITE

eventlog contains the full pathname of the file in which audit events are logged. The default pathname is /var/opt/quest/qpm4u/pmevents.db on Linux® hosts or /var/adm/pmevents.db (all other Unix platforms)

Example
adminusers = {"dan","robyn","cory"} 
if (user in adminusers) 
   eventlog = "/var/log/pm+admin_eventlog_" + user + ".log"; 
else 
   eventlog = "/var/opt/quest/qpm4u/pmevents.db";

eventloghost

Description

Type string READ/WRITE

eventloghost is a string that defines the host that acts as a centralized event log server.

Example
eventloghost="sol32.test.com";
Related Topics

eventlog

event

execfailedmsg

Description

Type string READ/WRITE

If execfailedmsg is defined, this string sets the error message that displays if pmlocald fails to execute runcommand for any reason other than the file not being found.

Example
if (user != "root") 
{ 
   execfailedmsg = "This command is not available to you at this time"; 
}
Related Topics

notfoundmsg

runcommand

iolog

Description

Type string READ/WRITE

iolog is the full path name of the keystroke log file in which input, output, and error output is logged.

Example
if (command in {"csh","ksh"}) 
{ 
   iolog_encrypt = true; 
   log_passwords = false; 
   iolog_errmax = 10000; 
   iolog_opmax = 10000; 
   iolog = mktemp("/usr/adm/shells/pm." + user + "." + basename(runcommand) + ".XXXXXX"); 
   accept; 
} 
   else 
{ 
   iolog=mktemp("/usr/adm/pm." + user + "." + basename(runcommand) + ".XXXXXX");
}
Related Documents