key_filter.4 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

key_ﬁlter(4) key_ﬁlter(4)

NAME

key_ﬁlter - conﬁguration ﬁle for RBAC keystroke logging feature

SYNOPSIS

/etc/rbac/key_filter

DESCRIPTION

The /etc/rbac/key_filter

ﬁle is the conﬁguration ﬁle for the keystroke logging feature described

in keystroke (5). For a login session, standard input (stdin) and the corresponding standard output

(stdout) and standard error (stderr) can be logged into a session speciﬁc keystroke logﬁle, depending on

how

/etc/rbac/key_filter

is conﬁgured. For details on how an authorized user can modify the

/etc/rbac/key_filter

ﬁle to create a customized keystroke logging policy, see keystroke (5)

CONFIGURATION FILE SYNTAX

Lines whose ﬁrst non-whitespace character is a hash sign (#) are treated as comments and are ignored.

The

/etc/rbac/key_filter

ﬁle can include any number of entries, including none. Each entry is

speciﬁed on a single line and can contain the strings

ks_all or ks_stdin, or can be a valid user,

group, or role entry in the format described below.

If a single line with the string

ks_all is speciﬁed, then all terminal input and output for all users are

logged. If the string

ks_stdin is speciﬁed instead, then all terminal input for all users is logged but not

the corresponding output. In both cases, any subsequent lines in

/etc/rbac/key_filter are

ignored.

The

ks_all or ks_stdin string must be speciﬁed on the ﬁrst non-commented line in

/etc/rbac/key_filter

in order to take effect. Otherwise, those lines are considered invalid and are

ignored. Only lines with the following syntax are considered valid:

Name:PatternTrigger:BackwardCount:ForwardCount:Filestream

where each ﬁeld is as follows:

Name Name can be one of the following:

user_name The name of a user.

&group_name A UNIX group name that corresponds to the name of a user’s primary group.

The name must be preceded by an ampersand (&) to distinguish it from a user

and role name. The group name is not interpreted as a secondary group name,

only as a primary group name.

$rolename A role name deﬁned in the /etc/rbac/roles

ﬁle. The name must be pre-

ceded by a dollar sign (

$) to distinguish it from a user and group name.

PatternTrigger

An extended regular expression (ERE) as described in regexp (5). Keystroke logging is trig-

gered for the user(s) associated with this entry when this ERE matches a line of user input in a

Note: If the ﬁeld is set to a single star (*) character, then the star character is not treated as a

regular expression, but instead indicates that a user’s entire session will be logged. Keystroke

logging is triggered immediately if this ﬁeld is only set to the star (*) character. For all other

cases, the star character is interpreted as a special regular expression character as described

in regexp (5).

BackwardCount

The maximum number of characters of standard input that are logged and appear immediately

before the line of input that triggered keystroke logging.

If a value of

dflt is speciﬁed, the keystroke module logs up to 1024 characters preceding the

line of input that triggered keystroke logging. The maximum value supported is 10K.

Note: The

KEY_STROKE_MAX_OUTPUT_SAVED parameter in /etc/rbac/rbac.conf,

not the BackwardCount ﬁeld, restricts how many standard output and standard error char-

acters can be logged per line of input that preceded the line of input that triggered keystroke

logging.

ForwardCount

The maximum number of characters of standard input that are logged and appear immediately

HP-UX 11i Version 3: March 2012 − 1 − Hewlett-Packard Company 1

Summary of content (4 pages)

PAGE 1
key_filter(4) key_filter(4) NAME key_filter - configuration file for RBAC keystroke logging feature SYNOPSIS /etc/rbac/key_filter DESCRIPTION The /etc/rbac/key_filter file is the configuration file for the keystroke logging feature described in keystroke (5). For a login session, standard input (stdin) and the corresponding standard output (stdout) and standard error (stderr) can be logged into a session specific keystroke logfile, depending on how /etc/rbac/key_filter is configured.
PAGE 2
key_filter(4) key_filter(4) after the line of input that triggered keystroke logging. If a value of dflt is specified, the keystroke module logs all standard input following the line of input that triggered keystroke logging until the session ends. Note: Other than the limit imposed by the KEY_STROKE_LOGSIZE parameter in /etc/rbac/rbac.
PAGE 3
key_filter(4) key_filter(4) userdel string are logged, as well as all standard input characters entered until the session ends. The corresponding standard output is also logged. &adm:useradd|usermod|userdel:dflt:dflt:ks_all The following entry sets the keystroke policy to log a line of input entered by any user who is assigned to the backup role and that contains the bdf string, as well as the corresponding standard output or standard error.
PAGE 4
(Notes) A (Notes) kA 4 Hewlett-Packard Company −1− HP-UX 11i Version 3: March 2012