rbac.conf.4 (2012 03)
r
rbac.conf(4) rbac.conf(4)
KEY_STROKE_DATE_FORMAT=ks_short
Logs only the time stamp in the keystroke logfile.
KEY_STROKE_DATE_FORMAT=ks_long
Logs day, month, date, time, and year stamp in the keystroke logfile.
Default value:
KEY_STROKE_DATE_FORMAT=ks_long
KEY_STROKE_DEBUG_FILE
This parameter specifies the location of the keystroke debug log file where debug trace output is
logged if the debug option is specified in a /etc/pam.conf session entry for libpam_keystroke.
Using this parameter, a privileged user can specify where the keystroke debug file resides on the
system. The level of debug trace output is set using the
KEY_STROKE_DEBUG_LVL
parameter.
Default value:
KEY_STROKE_DEBUG_FILE=/var/adm/rbac/keystroke.debug
KEY_STROKE_DEBUG_LVL
This parameter controls the verbosity level of keystroke debug trace output if the
debug option is
specified in a /etc/pam.conf session entry for libpam_keystroke. For details, see pam_keystroke(5).
KEY_STROKE_DEBUG_LVL=1
Terse debug trace output is generated.
KEY_STROKE_DEBUG_LVL=2
Verbose debug trace output is generated.
Default value:
KEY_STROKE_DEBUG_LVL=1
KEY_STROKE_MAX_OUTPUT_SAVED
This parameter controls the maximum number of output characters (stdout and stderr) saved in
memory for each line of input entered by the user but not logged (because keystroke logging is not
active at the time the input was entered). Both the input and the corresponding output are saved in
memory in the event that a subsequent line of command input triggers keystroke logging and the
value of the BackwardCount field (see key_filter (4)) for that session is set to log previously entered
lines of input and their corresponding output. The upper limit value for this parameter is con-
strained by memory resource limits imposed on a process.
Note: There is no limit to the number of output characters logged for each line of command input
entered after keystroke logging becomes active.
Default value:
KEY_STROKE_MAX_OUTPUT_SAVED=1024
ALTERNATE_LOG_ENABLE
This parameter enables or disables the alternate logging feature on the system.
ALTERNATE_LOG_ENABLE=0
The alternate logging feature is disabled on the system. No alternate logs are generated.
ALTERNATE_LOG_ENABLE=1
The alternate logging feature is enabled on the system. Alternate logs are generated and reside
on the system based on the parameter ALTERNATE_LOG_LOCATION.
Default value:
ALTERNATE_LOG_ENABLE=0
ALTERNATE_LOG_LOCATION
This parameter specifies the location of the alternate logging records on the system. With this
parameter, a privileged user can specify where the alternate logs reside on the system.
Default value:
ALTERNATE_LOG_LOCATION=/var/adm/rbac
SEE ALSO
key_filter(4), rbac(5), keystroke(5), pam_keystroke(5)
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: March 2012