consent to monitoring banner for ssh

Wed Dec 5 15:08:18 UTC 2007

> Well, you *could* do the "acceptance by logging in" thing... or you can
> force them to type [yes|no].  Here's how I accomplish that.
>

Is this to all be used for an ssh login?

This appears to be using the GUI to display dialog boxes. Will this work
for ssh or sftp?

Where do I put this code? Within /etc/issue?

>
> #Set the /etc/issue file to the login banner.  This one has no linefeeds,
> #so it will wrap accordingly.
> cat <<EOF >/etc/issue
> YOUR WELCOME BANNER.
> EOF
>
> #This part creates the same login banner once your username and password
> has
> #been entered.  This has linefeeds in it.
> cat <<EOF >/etc/X11/gdm/PreSession/Default
> #!/bin/sh
> #
> # Note that any setup should come before the sessreg command as
> # that must be 'exec'ed for the pid to be correct (sessreg uses the parent
> # pid)
> #
> # Note that output goes into the .xsession-errors file for easy debugging
> #
> PATH="/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH:/bin:/usr/bin"
>
> /usr/bin/gdialog --yesno "YOUR WELCOME BANNER"
> if ( test 1 -eq \$? ); then
>     gdialog --infobox "Logging out in 10 Seconds" 1 20 &
>     sleep 10
>     exit 1
> fi
>
> gdmwhich () {
>     COMMAND="$1"
>     OUTPUT=
>     IFS=:
>     for dir in $PATH
>     do
>         if test -x "$dir/$COMMAND" ; then
>             if test "x$OUTPUT" = "x" ; then
>                 OUTPUT="$dir/$COMMAND"
>             fi
>         fi
>     done
>     unset IFS
>     echo "$OUTPUT"
> }
>
> XSETROOT=\`gdmwhich xsetroot\`
> if [ "x$XSETROOT" != "x" ] ; then
>     # Try to snarf the BackgroundColor from the config file
>     BACKCOLOR=`grep '^BackgroundColor' /etc/X11/gdm/gdm.conf | sed
> 's/^.*=\(.*\)$/\1/'`
>     if [ "x$BACKCOLOR" = "x" ]; then
>         BACKCOLOR="#76848F"
>     fi
>     "$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
> fi
>
> SESSREG=\`gdmwhich sessreg\`
> if [ "x$SESSREG" != "x" ] ; then
>     # some output for easy debugging
>     echo "$0: Registering your session with wtmp and utmp"
>     echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x
> \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
>
>     exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS"
> -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
>     # this is not reached
> fi
> #Some output for easy debugging.
> echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
> exit 0
> EOF
>
> #/etc/ssh/sshd_config banner settings.
> perl -npe 's/^#Banner \/some\/path/Banner \/etc\/issue/g' -i
> /etc/ssh/sshd_config
>
>
> --
> Shawn D. Wells
> Solutions Architect, Federal Team
> swells at redhat.com
> C: 443-534-0130
>
>
>
>

-- 
Bill Tangren
U.S. Naval Observatory

Ad eundum quo nemo ante iit