Consent Banner

Troy troya at u.washington.edu
Thu Jul 24 21:40:36 UTC 2008 

There was a similar email a little while ago. Here are the most useful  
ideas (bottom is most recent in the response).


>>>>>> Well, you *could* do the "acceptance by logging in" thing... or  
>>>>>> you
>>>>>> can
>>>>>> force them to type [yes|no].  Here's how I accomplish that.
>>>>>
>>>>> Firstly, thanks for the help.
>>>>>
>>>>> I've done this on a test platform, and I end up with a dialog  
>>>>> box when
>>>>> I
>>>>> log into the GUI, but hitting the cancel button still lets me in.
>>>>>
>>>>> I DO NOT get a prompt when I ssh, nor do I get one from the text
>>>>> console
>>>>> or tty consoles (ctl+F1 through ctl+F6).
>>>>>
>>>>> Any ideas on implement this in those circumstances?
>>>>>
>>>>
>>>> Have you tried implementing this by replacing the user's shell (in
>>>> /etc/passwd or equivalent) with your own wrapper script?
>>>
>>> Hmmm...replace bash (or leave bash alone and replace the login  
>>> shell in
>>> /etc/passwd) with a script that calls bash if they say OK? No, I  
>>> hadn't
>>> thought of that. I'll try it on my test platform, and report back.  
>>> It
>>> will
>>> be interesting to see how Windows programs like putty and winscp  
>>> handle
>>> it.
>>>
>>
>> We did a somewhat-similar task at a place where I used to work.  We  
>> set
>> everyone's login shell to a locally-written perl script.  That perl  
>> script
>> did things such as ensure that the user had permission to log in to  
>> the
>> system (checking against user database), check the user's quota,  
>> print out
>> a blurb, then exec( )'d tcsh. It needed some interupt handling,  
>> though, to
>> fit what you want to do.  I don't have the code anymore, but this  
>> might
>> give you an idea of what direction to go.  (Would you need to record
>> user's answers to your question in a database for future  
>> reference?  This
>> might give you that ability.)
>>
>> This worked with all of the SSH clients we had around (OpenSSH,  
>> Tectia,
>> TeraTerm, maybe PuTTY).




On Jul 24, 2008, at 1:52 PM, Paul Whitney wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello all,
>
> I have created a consent banner and wrote a script that I want  
> called after
> the banner has been displayed. The user is then forced to enter "y"  
> or "n"
> to the consent statement.
>
> How do I invoke the script after the banner has been displayed?
>
> For example, /etc/ssh/sshd.conf has /etc/banner defined. So when I  
> ssh into
> the local box, I see the banner. I want to take it a step further  
> and prompt
> a yes or no answer.
>
> I tried putting it in /etc/profile, that did not work because GDM  
> could not
> start. I tried /etc/bashrc, but that did not work well either.
>
> Thanks in advance,
>
> Paul W
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.8.3 (Build 4028)
> Charset: US-ASCII
>
> wsBVAwUBSIjrqbdVg+viRqgEAQjF8wf+IhLDqxSBArFqhhWijfrWYpvFTaVQUumW
> aSINuJfzpCFswnw0UekOB6E2ZgQXC0G7ElaVZz2jFvI+250HLQHsLQ5czrHtk3I3
> BT8cBosyD9KLON07fIREyPu7aqXweTxvIHTAx+EHBG2+8aKe2cdEtmAFtvNVgZiI
> ucPP+RJk3R//MaLzwJR9+H/HB02chdiXyAplWrJhENDrq0uZz/J6sfe1IAeDIjrL
> btNU5UQZ/y9++pOypX6dWvO0UHxy1T/+7q9j9DvOa1rcCUenxuahuEBXoDfRWOqI
> oAnP4zrPijWq8tuEAIyhc0IU0l1J62hCTBvojfkz32HlzbOQjkY0Fw==
> =0JEg
> -----END PGP SIGNATURE-----
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list