keystroke.5 (2012 03)

k

keystroke(5) keystroke(5)

specifies a forward count set to

dflt. If the entry instead specifies a positive numeric value for the for-

ward count, then the configuration settings are no longer in effect when the specified number of stdin

characters are logged; subsequent user input can then trigger additional keystroke logging according to

that entry or any of the other entries that apply to that user.

The following are example keystroke log file entries when only standard input is logged and the

KEY_STROKE_DATE_FORMAT

parameter in /etc/rbac/rbac.conf

is set to ks_short:

(15:53:39) pwd

(15:54:11) mycmd

(15:54:19) uname -a

(15:54:24) who

The following are example keystroke log file entries when both standard input and output are logged and

when the KEY_STROKE_DATE_FORMAT

parameter in

[3] % (Mon May 02 15:54:19 2011) uname -a

HP-UX myserver B.11.31 U ia64 2330573148 unlimited-user license

[4] % (Mon May 02 15:54:24 2011) who

root pts/ta May 2 08:34

forrest pts/0 May 2 15:53

The following are example keystroke log file entries from an ftp session to illustrate the limitations

regarding the logging of ftp sessions that are mentioned in the LIMITATIONS section below.

# cat klog-forrest-ftp-Sat_May_14_2011_16:26:44-29213

230-No directory! Logging in with home=/

230 User forrest logged in.

(Sat May 14 16:26:52 2011) PORT 16,212,114,153,254,84

200 PORT command successful.

(Sat May 14 16:26:52 2011) LIST

150 Opening ASCII mode data connection for /usr/bin/ls.

226 Transfer complete.

(Sat May 14 16:26:58 2011) TYPE I

200 Type set to I.

(Sat May 14 16:26:58 2011) PORT 16,212,114,153,254,85

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: March 2012