setkeystrokeaction
Description
The setkeystrokeaction procedure looks for a keystroke pattern in the input stream and performs the specified action. It extends the functionality of the forbidkeypatterns list and forbiddenkeyaction string. If used in a policy, setkeystrokeaction overrides forbidkeypatterns and forbidkeyaction, which will be discontinued at a future date.
The setkeystrokeaction function is not supported in local mode.
Syntax
setkeystrokeaction(pattern, patterntype, action [, message]);
Arguments
| pattern | Required. The pattern to match. This can be a shell-type template or regular expression. |
| patterntype | Required. The type of search, specified by the pattern argument. Valid values are shell for shell-style pattern matching or re for regular expression matching. |
| action | Required. The action to take if the pattern is found. If set to reject, the program aborts and the action is logged in the Endpoint Privilege Management for Unix and Linux event log and syslog (if in use). A value of ignore results in no action being taken when the pattern is encountered. Any other value is used to tag the keystroke event in the event log. |
| message |
Optional. Add an optional message to display when keystrokes are rejected. The policy server, submithost, and runhost components must be at version 22.3 for the message feature to work. In EPM-UL 22.2 and earlier, the secured task is terrninated but the user sees: “3005 Request ended unexpectedly” followed by the normal shell prompt, but not aligned. When the optional message is used, the message replaces the “3005 Request ended unexpectedly” and the output is aligned. |
Return Values
None
setkeystrokeaction("*rm*","shell","reject");
In this example, setkeystrokeaction is set to terminate the current job if the pattern rm is found anywhere in the input stream. This would react to rm, /bin/rm, disarm, and alarm.
setkeystrokeaction("*rm*","shell","warn");
In this example, if rm is found anywhere in the input stream, setkeystrokeaction is configured to record the keystroke event with a warn tag in the event log.
setkeystrokeaction("rm","re","reject");
In this example, the job is terminated if the pattern rm is seen anywhere in the input.
setkeystrokeaction("[[:boundary:]]rm[[:boundary:]]", "re","user ran rm");
In this example, the setkeystrokeaction procedure logs a keystroke event and tags it with user ran rm if rm is seen as an entire word. It ignores words that contain the letters rm (for example, disarm or alarm) but would react to rm and /bin/rm.
setkeystrokeaction("*fdisk*",“shell”,“reject”,“Illegal command has been reported”);
In this example, the setkeystrokeaction logs a reject event and displays an error using the message option.
For more information, see the following:
