Manualshelf

keystroke.5 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages
123456
k
keystroke(5) keystroke(5)
NOTES
Records in /var/adm/sulog
appear differently when keystroke logging is enabled for a session and
two or more su(1) commands are run in the same login session. For example, the following entries in
/var/adm/sulog
are generated for a login session under keystroke logging for user forrest who
switches to user ciera and then switches to root:
SU 05/17 17:32 + ttyp1 forrest-ciera
SU 05/17 17:32 + ttyp1 ciera-root
On the other hand, the following entries in
/var/adm/sulog are generated for a login session that is
not under keystroke logging for user forrest who switches to user ciera and then switches to root:
SU 05/17 17:32 + tb forrest-ciera
SU 05/17 17:33 + tb forrest-root
Timestamps in the keystroke log file specify the time when the
first character of a line was entered,
not when the user enters a carriage return to signify the end of the line.
Non-printable characters that are logged and output by commands such as ttytype (1) can alter how a
keystroke log files contents are displayed with commands such as cat (1).
WARNINGS
Be sure that sufcient disk space is allocated to store all logged keystrokes and output, especially when
logging all users.
FILES
/etc/rbac/key_filter
The keystroke logging configuration file for defining system-wide or
user-specific keystroke logging policies. For details, see
key_filter (4).
/etc/rbac/rbac.conf
RBAC configuration file that contains global keystroke logging
parameters. For details, see rbac.conf (4).
/etc/pam.conf PAM configuration file where keystroke logging session module
(libpam_keystroke.so.1
) can be specified. For details, see
pam_keystroke (5).
/var/adm/rbac The default directory where keystroke logs are kept. For details on
how to override the default directory, see rbac.conf (4).
/var/adm/rbac/klog-
<username>-<service>-<date>-<unique_id>
The pathname of a keystroke log for a user session, where <user-
name> is the name of the user whose session is being logged, <ser-
vice> is the name of the remote service (for example,
ssh, login,
ftp), <date> is a formatted string of the local date and time when
the user started the session, and <unique_id> is a unique identifier
to avoid file name collisions.
SEE ALSO
key_filter(4), pam.conf(4), rbac.conf(4), pam_keystroke(5), rbac(5), regexp(5), sshd_config(5)
HP-UX 11i Version 3: March 2012 5 Hewlett-Packard Company 5