rbac.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

rbac.conf(4) rbac.conf(4)

NAME

rbac.conf - conﬁguration ﬁle for Role Based Access Control

SYNOPSIS

/etc/rbac/rbac.conf

DESCRIPTION

The rbac.conf ﬁle is a conﬁguration ﬁle for the Role Based Access Control (RBAC) module that pro-

vides functionality for alternate logging and keystroke logging features.

Each line in the

rbac.conf ﬁle is treated either as a comment or as conﬁguration information for the

alternate logging and keystroke logging features. Lines that begin with an

# are comment lines. All

other lines have the syntax:

parameter

=value

Parameters

The

rbac.conf ﬁle can have the following parameters, valid values, and defaults:

KEY_STROKE_LOGGING

This parameter enable or disables the keystroke logging feature on the system.

KEY_STROKE_LOGGING=0

Keystroke logging feature is disabled on the system and the RBAC module will not generate

any keystroke records in the keystroke logﬁle.

KEY_STROKE_LOGGING=1

Keystroke logging feature is enabled on the system and the RBAC module will generate keys-

troke logging records in the keystroke logﬁle. The keystroke logﬁle resides on the system at

KEY_STROKE_LOCATION

Default value:

KEY_STROKE_LOGGING=0

KEY_STROKE_LOCATION

This parameter speciﬁes the location of the keystroke logging records on the system. A privileged

user can specify where the keystroke logﬁles should reside on the system using this parameter.

Default value:

KEY_STROKE_LOCATION=/var/adm/rbac

KEY_STROKE_LOGSIZE

This parameter controls the size of keystroke logs on the system in mega bytes. A privileged user

can specify using this parameter the total size of each keystroke logs per session. If the size exceeds

this value, the keystroke logging module stops logging keystrokes in the keystroke logﬁle.

Default value:

KEY_STROKE_LOGSIZE=1

KEY_STROKE_BANNER_LOG_ENABLE

This parameter controls logging banner page into the keystroke logﬁle. A Privileged user can

specify using this parameter to log banner page into the keystroke logﬁle.

KEY_STROKE_BANNER_LOG_ENABLE=0

The banner page is not logged in the keystroke logﬁle.

KEY_STROKE_BANNER_LOG_ENABLE=1

The banner page is logged in the keystroke logﬁle.

Default value:

KEY_STROKE_BANNER_LOG_ENABLE=0

KEY_STROKE_DATE_FORMAT

This parameter speciﬁes the timestamp format to be used on the keystroke logﬁles. A privileged

user can specify using this parameter which date format to be used in the keystroke logﬁle. There

are 2 supported formats: ks_short and ks_long.

ks_short is of type 18:43:58, which speciﬁes the time only.

ks_long speciﬁes the day, month, date and time such as Wed Jan 12 18:43:58 2008.

KEY_STROKE_DATE_FORMAT=ks_short

Logs only the timestamp into the keystroke logﬁle.

KEY_STROKE_DATE_FORMAT=ks_long

Logs day, month, date and time stamp into the keystroke logﬁle.

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
rbac.conf(4) rbac.conf(4) NAME rbac.conf - configuration file for Role Based Access Control SYNOPSIS /etc/rbac/rbac.conf DESCRIPTION The rbac.conf file is a configuration file for the Role Based Access Control (RBAC) module that provides functionality for alternate logging and keystroke logging features. Each line in the rbac.conf file is treated either as a comment or as configuration information for the alternate logging and keystroke logging features. Lines that begin with an # are comment lines.
PAGE 2
rbac.conf(4) rbac.conf(4) Default value: KEY_STROKE_DATE_FORMAT=ks_long ALTERNATE_LOG_ENABLE This parameter enables or disables the alternate logging feature on the system. ALTERNATE_LOG_ENABLE=0 The alternate logging feature is disabled on the system; therefore, no alternate logs are generated. ALTERNATE_LOG_ENABLE=1 The alternate logging feature is enabled on the system. Alternate logs are generated and reside on the system based on the parameter ALTERNATE_LOG_LOCATION.