rbac.conf.4 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

rbac.conf(4) rbac.conf(4)

NAME

rbac.conf - conﬁguration ﬁle for Role Based Access Control

SYNOPSIS

/etc/rbac/rbac.conf

DESCRIPTION

The rbac.conf ﬁle is a conﬁguration ﬁle for the Role Based Access Control (RBAC) module that pro-

vides functionality for alternate logging and keystroke logging features.

Each line in the

rbac.conf ﬁle is treated either as a comment or as conﬁguration information for the

alternate logging and keystroke logging features. Lines that begin with a

# are comment lines. All other

lines have the syntax:

parameter

=value

Parameters

The

rbac.conf ﬁle can have the following parameters, valid values, and defaults:

KEY_STROKE_LOGGING

This parameter enables or disables the keystroke logging feature on the system.

KEY_STROKE_LOGGING=0

Keystroke logging feature is disabled on the system and the RBAC module does not generate

any keystroke records in the keystroke logﬁle.

KEY_STROKE_LOGGING=1

Keystroke logging feature is enabled on the system and the RBAC module generates keystroke

logging records in the keystroke logﬁle according to the policy speciﬁed in /etc/rbac/key_ﬁlter.

For details, see key_ﬁlter (4) and keystroke (5).

The keystroke logﬁle resides on the system at KEY_STROKE_LOCATION

Default value:

KEY_STROKE_LOGGING=0

KEY_STROKE_LOCATION

This parameter speciﬁes the location of the keystroke logging records on the system. Using this

parameter, a privileged user can specify where the keystroke logﬁles reside on the system.

Default value:

KEY_STROKE_LOCATION=/var/adm/rbac

KEY_STROKE_LOGSIZE

This parameter controls the size of keystroke logs on the system in mega bytes. Using this parame-

ter, a privileged user can specify the total size of each keystroke log per session. If the size exceeds

this value, the keystroke logging module stops logging keystrokes in the keystroke logﬁle. The

ﬁlesystem on which the log ﬁles reside imposes an upper limit on the maximum size of a ﬁle.

Default value:

KEY_STROKE_LOGSIZE=1

KEY_STROKE_BANNER_LOG_ENABLE

This parameter controls logging the banner page in the keystroke logﬁle. Using this parameter, a

privileged user can log the banner page in the keystroke logﬁle.

KEY_STROKE_BANNER_LOG_ENABLE=0

The banner page is not logged in the keystroke logﬁle.

KEY_STROKE_BANNER_LOG_ENABLE=1

The banner page is logged in the keystroke logﬁle.

Default value:

KEY_STROKE_BANNER_LOG_ENABLE=0

KEY_STROKE_DATE_FORMAT

This parameter speciﬁes the timestamp format used on the keystroke logﬁles. Using this parame-

ter, a privileged user can specify which date format to use in the keystroke logﬁle. There are 2 sup-

ported formats: ks_short and ks_long.

ks_short speciﬁes the time only, such as 18:43:58.

ks_long speciﬁes the day, month, date, time, and year, such as Wed Jan 12 18:43:58 2008.

HP-UX 11i Version 3: March 2012 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
rbac.conf(4) rbac.conf(4) NAME rbac.conf - configuration file for Role Based Access Control SYNOPSIS /etc/rbac/rbac.conf DESCRIPTION The rbac.conf file is a configuration file for the Role Based Access Control (RBAC) module that provides functionality for alternate logging and keystroke logging features. Each line in the rbac.conf file is treated either as a comment or as configuration information for the alternate logging and keystroke logging features. Lines that begin with a # are comment lines.
PAGE 2
rbac.conf(4) rbac.conf(4) KEY_STROKE_DATE_FORMAT=ks_short Logs only the time stamp in the keystroke logfile. KEY_STROKE_DATE_FORMAT=ks_long Logs day, month, date, time, and year stamp in the keystroke logfile. Default value: KEY_STROKE_DATE_FORMAT=ks_long KEY_STROKE_DEBUG_FILE This parameter specifies the location of the keystroke debug log file where debug trace output is logged if the debug option is specified in a /etc/pam.conf session entry for libpam_keystroke.