[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: consent to monitoring banner for ssh



Bill Tangren wrote:
Bill Tangren wrote:
A new policy has been implemented here at work. The old policy stated
that, when someone logs in to a system via ssh, I had to display a
consent
to monitor banner, which is easy to implement.

The new policy, however, requires that the user has to somehow signify
that they have read and will abide by the policy. In essence, I have to
get a yes or no input from the user, possibly just after they log on,
and
if they say no, log them off. If they say yes, they get to proceed.

My question: what is the best way to implement this? I have to make sure
the user cannot remove this functionality for future logins, so I can't
put it in any of their login scripts. This is easy to implement for GUI
logins, but I don't know the best way to proceed for ssh. Any ideas?



Put it in the sshd.conf the option to use a login banner and create the
banner file with what you want it to say and then restart sshd they will
see it before the login and acceptance of it by logging in.


So, put in a blurb that says in effect "if you log in, you consent to
this." Something like that? The directive I got was pretty clear. I had to
have some kind of button or something for them to press to accept (or
not).






Bill,
That is what I would do. I am not aware of any other way to accomplish the task. Your logs would indicate users logging in that accepted the agreement through sshd in your logwatch report. You could write a script to scan the logwatch file and report users that had logged in in this manner and send it to whom ever it needed to go to.

--Joey



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]