setkeystrokeaction

The setkeystrokeaction procedure looks for a keystroke pattern in the input stream and performs the specified action. It extends the functionality of the forbidkeypatterns list and forbiddenkeyaction string. If used in a policy, setkeystrokeaction overrides forbidkeypatterns and forbidkeyaction, which will be discontinued at a future date.

setkeystrokeaction(pattern, patterntype, action);
pattern Required. The pattern to match. This can be a shell-type template or regular expression.
patterntype Required. The type of search, specified by the pattern argument. Valid values are shell for shell-style pattern matching or re for regular expression matching.
action Required. The action to take if the pattern is found. If set to reject, the program aborts and the action is logged in the Privilege Management for Unix and Linux event log and syslog (if in use). A value of ignore results in no action being taken when the pattern is encountered. Any other value is used to tag the keystroke event in the event log.

None

setkeystrokeaction("*rm*","shell","reject");

In this example, setkeystrokeaction is set to terminate the current job if the pattern rm is found anywhere in the input stream. This would react to rm, /bin/rm, disarm, and alarm.

setkeystrokeaction("*rm*","shell","warn");

In this example, if rm is found anywhere in the input stream, setkeystrokeaction is configured to record the keystroke event with a warn tag in the event log.

setkeystrokeaction("rm","re","reject");

In this example, the job is terminated if the pattern rm is seen anywhere in the input.

setkeystrokeaction("[[:boundary:]]rm[[:boundary:]]", "re","user ran rm");

In this example, the setkeystrokeaction procedure logs a keystroke event and tags it with user ran rm if rm is seen as an entire word. It ignores words that contain the letters rm (for example, disarm or alarm) but would react to rm and /bin/rm.

For more information, please see the following: