consent to monitoring banner for ssh

Coleman, Kelley (HAC) Kelley.Coleman at va.gov
Tue Dec 4 21:29:40 UTC 2007 

I am not a programmer, but couldn't there be a script that you could set
to run with the banner that accepted user input?  If the answer was No,
log them out...  It seems like a simple concept...like herding cats -
actual implementation maybe impossible.

Kelley Coleman



-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Joey Prestia
Sent: Tuesday, December 04, 2007 2:16 PM
To: General Red Hat Linux discussion list
Subject: Re: consent to monitoring banner for ssh

Bill Tangren wrote:
>> Bill Tangren wrote:
>>     
>>> A new policy has been implemented here at work. The old policy 
>>> stated that, when someone logs in to a system via ssh, I had to 
>>> display a consent to monitor banner, which is easy to implement.
>>>
>>> The new policy, however, requires that the user has to somehow 
>>> signify that they have read and will abide by the policy. In 
>>> essence, I have to get a yes or no input from the user, possibly 
>>> just after they log on, and if they say no, log them off. If they 
>>> say yes, they get to proceed.
>>>
>>> My question: what is the best way to implement this? I have to make 
>>> sure the user cannot remove this functionality for future logins, so

>>> I can't put it in any of their login scripts. This is easy to 
>>> implement for GUI logins, but I don't know the best way to proceed
for ssh. Any ideas?
>>>
>>>
>>>
>>>       
>> Put it in the sshd.conf the option to use a login banner and create 
>> the banner file with what you want it to say and then restart sshd 
>> they will see it before the login and acceptance of it by logging in.
>>
>>     
>
> So, put in a blurb that says in effect "if you log in, you consent to 
> this." Something like that? The directive I got was pretty clear. I 
> had to have some kind of button or something for them to press to 
> accept (or not).
>
>
>
>
>
>
>   
Bill,
That is what I would do. I am not aware of any other way to accomplish
the task. Your logs would indicate users logging in that accepted the
agreement through sshd in your logwatch report. You could write a script
to scan the logwatch file and report users that had logged in in this
manner and send it to whom ever it needed to go to.

--Joey

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list