[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: consent to monitoring banner for ssh

On Tue, 4 Dec 2007, Bill Tangren wrote:

A new policy has been implemented here at work. The old policy stated
that, when someone logs in to a system via ssh, I had to display a consent
to monitor banner, which is easy to implement.

The new policy, however, requires that the user has to somehow signify
that they have read and will abide by the policy. In essence, I have to
get a yes or no input from the user, possibly just after they log on, and
if they say no, log them off. If they say yes, they get to proceed.

My question: what is the best way to implement this? I have to make sure
the user cannot remove this functionality for future logins, so I can't
put it in any of their login scripts. This is easy to implement for GUI
logins, but I don't know the best way to proceed for ssh. Any ideas?

We did a somewhat-similar task at a place where I used to work. We set everyone's login shell to a locally-written perl script. That perl script did things such as ensure that the user had permission to log in to the system, check the user's quota, print out a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to fit what you want to do. I don't have the code anymore, but this might give you an idea of what direction to go. (Would you need to record user's answers to your question in a database for future reference? This might give you that ability.)


Carl G. Riches
Software Engineer
Department of Biostatistics
Box 357232                      voice:     206-616-2725
University of Washington        fax:       206-543-3286
Seattle, WA  98195-7232         internet:  cgr u washington edu

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]