The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.
Specifies the name of the Keyboard Logger backup audit log file.
Default: ACInstallDir/log/kbl.audit.bak
Specifies the group that can read the audit logs. If you set this token to none, only root can read the audit logs. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the audit log files.
To change the group ownership of an existing audit log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the Keyboard Logger audit log file.
Default: ACInstallDir/log/kbl.audit
Specifies the maximum number of audit log files to keep in backup mode. When reached, CA ControlMinder deletes the earliest backup file when the latest file is created.
Limits: a positive integer.
Default: 0
Note: When set to 0, CA ControlMinder accumulates backup files and does not delete earlier files.
Specifies the maximum size, in KB, of the audit log file.
Minimum value: 50 KB.
Default: 24000
Note: CA ControlMinder stops writing audit records to the audit file when the audit file size exceeds 2 GB.
Specifies the criterion by which CA ControlMinder backs up the audit log file, and if CA ControlMinder adds a timestamp to the backup file name.
CA ControlMinder always backs up the audit log file when it reaches the size specified in the audit_size configuration setting.
Values: none, yes, daily, weekly, monthly
Note: CA ControlMinder counts the specified interval from the time that it creates the first audit log file, and backs up the file at midnight on the appropriate day.
Example: The configuration setting has a value of weekly and CA ControlMinder creates the audit log file at 9:00 a.m. Friday 1 April. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. CA ControlMinder backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, CA ControlMinder again backs up the audit log file and adds a timestamp to the backup file name.
Default: NONE
Specifies the link to the Keyboard Logger cmdlog binary file.
Default: /etc/AC
Specifies the name of the Keyboard Logger error log backup file.
Default: ACInstallDir/log/kbl.error.bak
Specifies the group that can read the error log files. If you set this token to none, only root can read the error log files. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the error log files.
To change the group ownership of an existing error log file, complete the following steps:
Use the selang command chgrp to set the group ownership of the files.
Change the UNIX permissions by entering the following command:
chmod 640 ACInstallDir/log/seos.audit
Default: none
Specifies the name of the Keyboard Logger error log file.
Default: ACInstallDir/log/kbl.error
Defines the maximum size, in KB, of the error log file.
Limits: A minimum value of 50 KB.
Default: 500
Specifies whether the Keyboard Logger is enabled.
Values: yes, no
Default: no
Specifies the user session inactivity interval, in seconds, after which the printable logged data is stored in the kbl audit file. Set the token to 0 to disable.
Default: 30
Specifies whether seosd activates trace on session and sends user activity data to the Keyboard Logger.
Values: yes, no
Default: yes
Specifies the name of the operating system shells file.
Default: /etc/shells
Specifies the socket name for the Keyboard Logger audit manager.
Default: ACInstallDir/kblserver
Copyright © 2013 CA Technologies.
All rights reserved.
|
|