consent to monitoring banner for ssh
Bill Tangren
bjt at usno.navy.mil
Wed Dec 5 15:08:18 UTC 2007
> Well, you *could* do the "acceptance by logging in" thing... or you can
> force them to type [yes|no]. Here's how I accomplish that.
>
Is this to all be used for an ssh login?
This appears to be using the GUI to display dialog boxes. Will this work
for ssh or sftp?
Where do I put this code? Within /etc/issue?
>
> #Set the /etc/issue file to the login banner. This one has no linefeeds,
> #so it will wrap accordingly.
> cat <<EOF >/etc/issue
> YOUR WELCOME BANNER.
> EOF
>
> #This part creates the same login banner once your username and password
> has
> #been entered. This has linefeeds in it.
> cat <<EOF >/etc/X11/gdm/PreSession/Default
> #!/bin/sh
> #
> # Note that any setup should come before the sessreg command as
> # that must be 'exec'ed for the pid to be correct (sessreg uses the parent
> # pid)
> #
> # Note that output goes into the .xsession-errors file for easy debugging
> #
> PATH="/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH:/bin:/usr/bin"
>
> /usr/bin/gdialog --yesno "YOUR WELCOME BANNER"
> if ( test 1 -eq \$? ); then
> gdialog --infobox "Logging out in 10 Seconds" 1 20 &
> sleep 10
> exit 1
> fi
>
> gdmwhich () {
> COMMAND="$1"
> OUTPUT=
> IFS=:
> for dir in $PATH
> do
> if test -x "$dir/$COMMAND" ; then
> if test "x$OUTPUT" = "x" ; then
> OUTPUT="$dir/$COMMAND"
> fi
> fi
> done
> unset IFS
> echo "$OUTPUT"
> }
>
> XSETROOT=\`gdmwhich xsetroot\`
> if [ "x$XSETROOT" != "x" ] ; then
> # Try to snarf the BackgroundColor from the config file
> BACKCOLOR=`grep '^BackgroundColor' /etc/X11/gdm/gdm.conf | sed
> 's/^.*=\(.*\)$/\1/'`
> if [ "x$BACKCOLOR" = "x" ]; then
> BACKCOLOR="#76848F"
> fi
> "$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
> fi
>
> SESSREG=\`gdmwhich sessreg\`
> if [ "x$SESSREG" != "x" ] ; then
> # some output for easy debugging
> echo "$0: Registering your session with wtmp and utmp"
> echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x
> \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
>
> exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS"
> -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
> # this is not reached
> fi
> #Some output for easy debugging.
> echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
> exit 0
> EOF
>
> #/etc/ssh/sshd_config banner settings.
> perl -npe 's/^#Banner \/some\/path/Banner \/etc\/issue/g' -i
> /etc/ssh/sshd_config
>
>
> --
> Shawn D. Wells
> Solutions Architect, Federal Team
> swells at redhat.com
> C: 443-534-0130
>
>
>
>
--
Bill Tangren
U.S. Naval Observatory
Ad eundum quo nemo ante iit
More information about the redhat-list
mailing list