consent to monitoring banner for ssh
Carl G. Riches
cgr at u.washington.edu
Wed Dec 5 19:58:47 UTC 2007
On Wed, 5 Dec 2007, Bill Tangren wrote:
>
>> Well, you *could* do the "acceptance by logging in" thing... or you can
>> force them to type [yes|no]. Here's how I accomplish that.
>
> Firstly, thanks for the help.
>
> I've done this on a test platform, and I end up with a dialog box when I
> log into the GUI, but hitting the cancel button still lets me in.
>
> I DO NOT get a prompt when I ssh, nor do I get one from the text console
> or tty consoles (ctl+F1 through ctl+F6).
>
> Any ideas on implement this in those circumstances?
>
Have you tried implementing this by replacing the user's shell (in
/etc/passwd or equivalent) with your own wrapper script?
Carl
--
Carl G. Riches
Software Engineer
Department of Biostatistics
Box 357232 voice: 206-616-2725
University of Washington fax: 206-543-3286
Seattle, WA 98195-7232 internet: cgr at u.washington.edu
>>
>>
>> #Set the /etc/issue file to the login banner. This one has no linefeeds,
>> #so it will wrap accordingly.
>> cat <<EOF >/etc/issue
>> YOUR WELCOME BANNER.
>> EOF
>>
>> #This part creates the same login banner once your username and password
>> has
>> #been entered. This has linefeeds in it.
>> cat <<EOF >/etc/X11/gdm/PreSession/Default
>> #!/bin/sh
>> #
>> # Note that any setup should come before the sessreg command as
>> # that must be 'exec'ed for the pid to be correct (sessreg uses the parent
>> # pid)
>> #
>> # Note that output goes into the .xsession-errors file for easy debugging
>> #
>> PATH="/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH:/bin:/usr/bin"
>>
>> /usr/bin/gdialog --yesno "YOUR WELCOME BANNER"
>> if ( test 1 -eq \$? ); then
>> gdialog --infobox "Logging out in 10 Seconds" 1 20 &
>> sleep 10
>> exit 1
>> fi
>>
>> gdmwhich () {
>> COMMAND="$1"
>> OUTPUT=
>> IFS=:
>> for dir in $PATH
>> do
>> if test -x "$dir/$COMMAND" ; then
>> if test "x$OUTPUT" = "x" ; then
>> OUTPUT="$dir/$COMMAND"
>> fi
>> fi
>> done
>> unset IFS
>> echo "$OUTPUT"
>> }
>>
>> XSETROOT=\`gdmwhich xsetroot\`
>> if [ "x$XSETROOT" != "x" ] ; then
>> # Try to snarf the BackgroundColor from the config file
>> BACKCOLOR=`grep '^BackgroundColor' /etc/X11/gdm/gdm.conf | sed
>> 's/^.*=\(.*\)$/\1/'`
>> if [ "x$BACKCOLOR" = "x" ]; then
>> BACKCOLOR="#76848F"
>> fi
>> "$XSETROOT" -cursor_name left_ptr -solid "$BACKCOLOR"
>> fi
>>
>> SESSREG=\`gdmwhich sessreg\`
>> if [ "x$SESSREG" != "x" ] ; then
>> # some output for easy debugging
>> echo "$0: Registering your session with wtmp and utmp"
>> echo "$0: running: $SESSREG -a -w /var/log/wtmp -u /var/run/utmp -x
>> \"$X_SERVERS\" -h \"$REMOTE_HOST\" -l \"$DISPLAY\" \"$USER\""
>>
>> exec "$SESSREG" -a -w /var/log/wtmp -u /var/run/utmp -x "$X_SERVERS"
>> -h "$REMOTE_HOST" -l "$DISPLAY" "$USER"
>> # this is not reached
>> fi
>> #Some output for easy debugging.
>> echo "$0: could not find the sessreg utility, cannot update wtmp and utmp"
>> exit 0
>> EOF
>>
>> #/etc/ssh/sshd_config banner settings.
>> perl -npe 's/^#Banner \/some\/path/Banner \/etc\/issue/g' -i
>> /etc/ssh/sshd_config
>>
>>
>> --
>> Shawn D. Wells
>> Solutions Architect, Federal Team
>> swells at redhat.com
>> C: 443-534-0130
>
>
>
More information about the redhat-list
mailing list