Documentation

Task control

Suggest Edits

The task control procedures are used to control the execution of the secured task.

setkeystrokeaction

Description

The setkeystrokeaction procedure looks for a keystroke pattern in the input stream and performs the specified action. It extends the functionality of the forbidkeypatterns list and forbiddenkeyaction string. If used in a policy, setkeystrokeaction overrides forbidkeypatterns and forbidkeyaction, which will be discontinued at a future date.

ℹ️

Note

The setkeystrokeaction function is not supported in local mode.

Syntax

setkeystrokeaction(pattern, patterntype, action [, message]);

Arguments

patternRequired. The pattern to match. This can be a shell-type template or regular
expression.
patterntypeRequired. The type of search, specified by the pattern argument. Valid values are shell for shell-style pattern matching or re for regular expression matching.
actionRequired. The action to take if the pattern is found. If set to reject, the program aborts and the action is logged in the EPM event log and syslog (if in use).
A value of ignore results in no action being taken when the pattern is encountered. Any other value is used to tag the keystroke event in the event log.
messageOptional. Add an optional message to display when keystrokes are rejected.

Return values

None

Example

In this example, setkeystrokeaction is set to terminate the current job if the pattern rm is found anywhere in the input stream. This would react to rm, /bin/rm, disarm, and alarm.

setkeystrokeaction("*rm*","shell","reject");

Example

In this example, if rm is found anywhere in the input stream, setkeystrokeaction is configured to record the keystroke event with a warn tag in the event log.

setkeystrokeaction("*rm*","shell","warn");

Example

In this example, the job is terminated if the pattern rm is seen anywhere in the input.

setkeystrokeaction("rm","re","reject");

Example

In this example, the setkeystrokeaction procedure logs a keystroke event and tags it with user ran rm if rm is seen as an entire word. It ignores words that contain the letters rm (for example, disarm or alarm) but would react to rm and /bin/rm.

setkeystrokeaction("[[:boundary:]]rm[[:boundary:]]", "re","user ran rm");

Example

In this example, the setkeystrokeaction logs a reject event and displays an error using the message option.

setkeystrokeaction("*fdisk*",“shell”,“reject”,“Illegal command has been reported”);

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.