[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: consent to monitoring banner for ssh



On Wed, 5 Dec 2007, Bill Tangren wrote:


Well, you *could* do the "acceptance by logging in" thing... or you can
force them to type [yes|no].  Here's how I accomplish that.

Firstly, thanks for the help.

I've done this on a test platform, and I end up with a dialog box when I
log into the GUI, but hitting the cancel button still lets me in.

I DO NOT get a prompt when I ssh, nor do I get one from the text console
or tty consoles (ctl+F1 through ctl+F6).

Any ideas on implement this in those circumstances?


Have you tried implementing this by replacing the user's shell (in /etc/passwd or equivalent) with your own wrapper script?

Carl
--
Carl G. Riches
Software Engineer
Department of Biostatistics
Box 357232                      voice:     206-616-2725
University of Washington        fax:       206-543-3286
Seattle, WA  98195-7232         internet:  cgr u washington edu



#Set the /etc/issue file to the login banner.  This one has no linefeeds,
#so it will wrap accordingly.
cat <<EOF >/etc/issue
YOUR WELCOME BANNER.
EOF

#This part creates the same login banner once your username and password
has
#been entered.  This has linefeeds in it.
cat <<EOF >/etc/X11/gdm/PreSession/Default
#!/bin/sh
#
# Note that any setup should come before the sessreg command as
# that must be 'exec'ed for the pid to be correct (sessreg uses the parent
# pid)
#
# Note that output goes into the .xsession-errors file for easy debugging
#
PATH="/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH:/bin:/usr/bin"

/usr/bin/gdialog --yesno "YOUR WELCOME BANNER"
if ( test 1 -eq \$? ); then
    gdialog --infobox "Logging out in 10 Seconds" 1 20 &
    sleep 10
    exit 1
fi

gdmwhich () {
    COMMAND="$1"
    OUTPUT=
    IFS=:
    for dir in $PATH
    do
        if test -x "$dir/$COMMAND" ; then
            if test "x$OUTPUT" = "x" ; then
                OUTPUT="$dir/$COMMAND"
            fi
        fi
    done
    unset IFS
    echo "$OUTPUT"
}

XSETROOT=\`gdmwhich xsetroot\`
if [ "x$XSETROOT" != "x" ] ; then
    # Try to snarf the BackgroundColor from the config file
    BACKCOLOR=`grep '^BackgroundColor' /etc/X11/gdm/gdm.conf | sed
's/^.*=\(.*\)$/\1/'`
    if [ "x$BACKCOLOR" = "x" ]; then
        BACKCOLOR="#76848F"
    fi
    "$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
fi

SESSREG=\`gdmwhich sessreg\`
if [ "x$SESSREG" != "x" ] ; then
    # some output for easy debugging
    echo "$0: Registering your session with wtmp and utmp"
    echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x
\"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""

    exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS"
-h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
    # this is not reached
fi
#Some output for easy debugging.
echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
exit 0
EOF

#/etc/ssh/sshd_config banner settings.
perl -npe 's/^#Banner \/some\/path/Banner \/etc\/issue/g' -i
/etc/ssh/sshd_config


--
Shawn D. Wells
Solutions Architect, Federal Team
swells redhat com
C: 443-534-0130






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]