key_filter.4 (2010 09)
k
key_filter(4) key_filter(4)
NAME
key_filter - configuration file for keystroke logging module for RBAC
SYNOPSIS
/etc/rbac/key_filter
DESCRIPTION
The /etc/rbac/key_filter
file is the configuration file for the keystroke logging module for RBAC.
It lets an authorized user customize a keystroke logging policy to capture only known text for particular
users, roles, and groups. The keystroke logging module generates keystroke records only for users, roles
and groups found in the
/etc/rbac/key_filter
file.
If the
/etc/rbac/key_filter
file exists and if it is empty, the keytroke logging module will not gen-
erate any keystroke records for any user, role, and group.
The
/etc/rbac/key_filter
file can contain any number of entries. Each entry is specified on a sin-
gle line and follows the format described in the syntax section below.
CONFIGURATION FILE SYNTAX
The
/etc/rbac/key_filter
file consists of one or more entries in the following format:
Name
:Text :Number of chars before :Number of chars after
:filestream
The fields are as follows.
Name Name can be one of the following:
user_name A user name.
&group_name A UNIX group name, which must be preceded by an ampersand (&).
$rolename A valid role name defined in the /etc/rbac/roles
file and must be pre-
ceded by a dollar sign (
$).
Text An authorized user can specify a text to be filtered in a session for a particular user, role, and
group. During a session, the text will be logged into the keystroke logfile when it is encoun-
tered in the standard input. During a session, the keystroke logging module creates the keys-
troke log file only when it encounters the first occurance of any text defined in the
/etc/rbac/key_filter
file for a particular user, role, and group.
Number of characters before
An authorized user can specify the number of characters of standard input preceding the
appearance of the text that needs to be logged into the keystroke logfile.
If a value of
dflt is specified, the keystroke module logs only the 1024 characters preceding
the appearance of the text.
Number of characters after
An authorized user can specify the number of characters of standard input following the
appearance of the text that needs to be logged into the keystroke logfile.
If a value of
dflt is specified, the keystroke module logs everything following the appearance
of the text until the session ends.
Filestream
An authorized user can specify which stream should be logged into the keystroke logfile.
The valid values for this field are:
ks_stdin Specify a keystroke policy such that only stdin is logged into the keystroke
logfile.
ks_all Specify a keystroke policy that captures all the streams, stdin, stdout, and
stderr.
EXAMPLES
In the following example, the administrator configures the keystroke policy for
user1. The keystroke
policy will capture the /usr/sbin/mount command and the 100 stdin characters preceding the
appearance of the /usr/sbin/mount command. It will also capture the 190 stdin characters (and only
the standard input keystrokes) that follow the appearance of the /usr/sbin/moun command.
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1