Previous Topic: devcalcNext Topic: lang


kblaudit

The tokens in the [kblaudit] section control the behavior of the Keyboard Logger session tracking program.

audit_back

Specifies the name of the Keyboard Logger backup audit log file.

Default: ACInstallDir/log/kbl.audit.bak

audit_group

Specifies the group that can read the audit logs. If you set this token to none, only root can read the audit logs. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the audit log files.

To change the group ownership of an existing audit log file, complete the following steps:

Use the selang command chgrp to set the group ownership of the files.

Change the UNIX permissions by entering the following command:

chmod 640 ACInstallDir/log/seos.audit

Default: none

audit_log

Specifies the name of the Keyboard Logger audit log file.

Default: ACInstallDir/log/kbl.audit

audit_max_files

Specifies the maximum number of audit log files to keep in backup mode. When reached, CA ControlMinder deletes the earliest backup file when the latest file is created.

Limits: a positive integer.

Default: 0

Note: When set to 0, CA ControlMinder accumulates backup files and does not delete earlier files.

audit_size

Specifies the maximum size, in KB, of the audit log file.

Minimum value: 50 KB.

Default: 24000

Note: CA ControlMinder stops writing audit records to the audit file when the audit file size exceeds 2 GB.

BackUp_Date

Specifies the criterion by which CA ControlMinder backs up the audit log file, and if CA ControlMinder adds a timestamp to the backup file name.

CA ControlMinder always backs up the audit log file when it reaches the size specified in the audit_size configuration setting.

Values: none, yes, daily, weekly, monthly

Example: The configuration setting has a value of weekly and CA ControlMinder creates the audit log file at 9:00 a.m. Friday 1 April. Many audit events occur this week and the audit log file exceeds the audit_size configuration setting on Monday 4 April. CA ControlMinder backs up the audit log file on 4 April and adds a timestamp to the backup file name. A week after the audit log file was first created, at midnight Friday 8 April, CA ControlMinder again backs up the audit log file and adds a timestamp to the backup file name.

Default: NONE

cmd_log

Specifies the link to the Keyboard Logger cmdlog binary file.

Default: /etc/AC

error_back

Specifies the name of the Keyboard Logger error log backup file.

Default: ACInstallDir/log/kbl.error.bak

error_group

Specifies the group that can read the error log files. If you set this token to none, only root can read the error log files. CA ControlMinder does not verify the value of this token, so if you enter an invalid group name, CA ControlMinder does not assign any group permissions to the error log files.

To change the group ownership of an existing error log file, complete the following steps:

Use the selang command chgrp to set the group ownership of the files.

Change the UNIX permissions by entering the following command:

chmod 640 ACInstallDir/log/seos.audit

Default: none

error_log

Specifies the name of the Keyboard Logger error log file.

Default: ACInstallDir/log/kbl.error

error_size

Defines the maximum size, in KB, of the error log file.

Limits: A minimum value of 50 KB.

Default: 500

kbl_enabled

Specifies whether the Keyboard Logger is enabled.

Values: yes, no

Default: no

kbl_flush_timeout

Specifies the user session inactivity interval, in seconds, after which the printable logged data is stored in the kbl audit file. Set the token to 0 to disable.

Default: 30

Kbl_seos_trace

Specifies whether seosd activates trace on session and sends user activity data to the Keyboard Logger.

Values: yes, no

Default: yes

OS_etc_shells

Specifies the name of the operating system shells file.

Default: /etc/shells

socket_name

Specifies the socket name for the Keyboard Logger audit manager.

Default: ACInstallDir/kblserver