Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

log_passwords

Description

Type integer READ/WRITE

Set log_passwords to false to disable the keystroke logging of any password entry commands detected during the session. The default value is true.

Example
if (command in {"csh","ksh"}) 
{ 
   iolog_encrypt = true; 
   log_passwords = false; 
   iolog_errmax = 10000; 
   iolog_opmax = 10000; 
   loggroup = "admin"; 
   logstderr = true; 
   logstdout = false; 
   logstdin = true; 
   iolog = mktemp("/usr/adm/pm." + user + "." + command + ".XXXXXX"); 
accept; 
}
Related Topics

Keystroke (I/O) Logging

logomit

Description

Type list READ/WRITE

logomit specifies a list of variable names to omit when logging to the keystroke and event log which can be useful if space is at a premium. For example, the administrator could choose to log only the runenv variable, and omit the submit env variable. The default is an empty list.

Example
logomit={ "nice" };
Related Topics

iolog

eventlog

Event Logging

logstderr

Description

Type integer READ/WRITE

Set logstderr to true to enable keystroke logging of stderr output produced during the session. The default value is true.

Example
if (command in {"csh","ksh"}) 
{ 
   iolog_encrypt = true; 
   log_passwords = false; 
   iolog_errmax = 10000; 
   iolog_opmax = 10000; 
   loggroup = "admin"; logstderr = true; logstdout = false; 
      logstdin = true; 
      iolog = mktemp("/usr/adm/pm." + user + "." + command + ".XXXXXX"); 
   accept; 
}

logstdin

Description

Type integer READ/WRITE

Set logstdin to true to enable keystroke logging of stdin input produced during the session. The default value is true.

Example
if (command in {"csh","ksh"}) 
{ 
   iolog_encrypt = true; 
   log_passwords = false; 
   iolog_errmax = 10000; 
   iolog_opmax = 10000; 
   loggroup = "admin"; 
   logstderr = true; 
   logstdout = false; 
   logstdin = true; 
   iolog = mktemp("/usr/adm/pm." + user + "." + command + ".XXXXXX"); 
   accept; 
}
Related Documents