consent to monitoring banner for ssh
Carl G. Riches
cgr at u.washington.edu
Tue Dec 4 21:41:33 UTC 2007
On Tue, 4 Dec 2007, Bill Tangren wrote:
> A new policy has been implemented here at work. The old policy stated
> that, when someone logs in to a system via ssh, I had to display a consent
> to monitor banner, which is easy to implement.
>
> The new policy, however, requires that the user has to somehow signify
> that they have read and will abide by the policy. In essence, I have to
> get a yes or no input from the user, possibly just after they log on, and
> if they say no, log them off. If they say yes, they get to proceed.
>
> My question: what is the best way to implement this? I have to make sure
> the user cannot remove this functionality for future logins, so I can't
> put it in any of their login scripts. This is easy to implement for GUI
> logins, but I don't know the best way to proceed for ssh. Any ideas?
>
We did a somewhat-similar task at a place where I used to work. We set
everyone's login shell to a locally-written perl script. That perl script
did things such as ensure that the user had permission to log in to the
system, check the user's quota, print out a blurb, then exec( )'d tcsh.
It needed some interupt handling, though, to fit what you want to do. I
don't have the code anymore, but this might give you an idea of what
direction to go. (Would you need to record user's answers to your
question in a database for future reference? This might give you that
ability.)
HTH,
Carl
--
Carl G. Riches
Software Engineer
Department of Biostatistics
Box 357232 voice: 206-616-2725
University of Washington fax: 206-543-3286
Seattle, WA 98195-7232 internet: cgr at u.washington.edu
More information about the redhat-list
mailing list