consent to monitoring banner for ssh
Coleman, Kelley (HAC)
Kelley.Coleman at va.gov
Tue Dec 4 21:29:40 UTC 2007
I am not a programmer, but couldn't there be a script that you could set
to run with the banner that accepted user input? If the answer was No,
log them out... It seems like a simple concept...like herding cats -
actual implementation maybe impossible.
Kelley Coleman
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Joey Prestia
Sent: Tuesday, December 04, 2007 2:16 PM
To: General Red Hat Linux discussion list
Subject: Re: consent to monitoring banner for ssh
Bill Tangren wrote:
>> Bill Tangren wrote:
>>
>>> A new policy has been implemented here at work. The old policy
>>> stated that, when someone logs in to a system via ssh, I had to
>>> display a consent to monitor banner, which is easy to implement.
>>>
>>> The new policy, however, requires that the user has to somehow
>>> signify that they have read and will abide by the policy. In
>>> essence, I have to get a yes or no input from the user, possibly
>>> just after they log on, and if they say no, log them off. If they
>>> say yes, they get to proceed.
>>>
>>> My question: what is the best way to implement this? I have to make
>>> sure the user cannot remove this functionality for future logins, so
>>> I can't put it in any of their login scripts. This is easy to
>>> implement for GUI logins, but I don't know the best way to proceed
for ssh. Any ideas?
>>>
>>>
>>>
>>>
>> Put it in the sshd.conf the option to use a login banner and create
>> the banner file with what you want it to say and then restart sshd
>> they will see it before the login and acceptance of it by logging in.
>>
>>
>
> So, put in a blurb that says in effect "if you log in, you consent to
> this." Something like that? The directive I got was pretty clear. I
> had to have some kind of button or something for them to press to
> accept (or not).
>
>
>
>
>
>
>
Bill,
That is what I would do. I am not aware of any other way to accomplish
the task. Your logs would indicate users logging in that accepted the
agreement through sshd in your logwatch report. You could write a script
to scan the logwatch file and report users that had logged in in this
manner and send it to whom ever it needed to go to.
--Joey
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list