key_filter.4 (2012 03)
k
key_filter(4) key_filter(4)
userdel string are logged, as well as all standard input characters entered until the session ends. The
corresponding standard output is also logged.
&adm:useradd|usermod|userdel:dflt:dflt:ks_all
The following entry sets the keystroke policy to log a line of input entered by any user who is assigned to
the backup role and that contains the
bdf string, as well as the corresponding standard output or
standard error. In addition, up to 30 standard input characters preceding the appearance of the bdf
string and up to 40 standard input characters entered immediately after are also logged, as well as the
corresponding standard output or standard error.
$backup:bdf:30:40:ks_all
LIMITATIONS
The colon (:) character cannot be used as part of the string value in the PatternTrigger field.
Also see LIMITATIONS described in keystroke (5).
WARNINGS
See WARNINGS described in keystroke (5).
FILES
/etc/rbac/key_filter
The keystroke logging configuration file.
/etc/rbac/rbac.conf
RBAC configuration file that contains global keystroke logging
parameters. For details, see rbac.conf (4).
/etc/pam.conf PAM configuration file where keystroke logging session module
(libpam_keystroke.so
) can be specified.
/var/adm/rbac The default directory where keystroke logs are kept. For how to
override the default directory, see rbac.conf (4).
/var/adm/rbac/klog-
<username>-<service>-<date>-<unique_id>
The pathname of a keystroke log for a user session, where <user-
name> is the name of the user whose session is being logged, <ser-
vice> is the name of the remote service (for example,
ssh, login,
ftp), <date> is a formatted string of the local date and time when
the user started the session, and <unique_id> is a unique identifier
to avoid file name collisions.
SEE ALSO
rbac.conf(4), keystroke(5), pam_keystroke(5), rbac(5), regexp(5)
HP-UX 11i Version 3: March 2012 − 3 − Hewlett-Packard Company 3