[Info-vax] SSH footprint
Wilm Boerhout
w6.boerhout at planet.nl
Mon Oct 26 15:59:41 EDT 2009
Marc Van Dyck mentioned on 26-10-2009 20:17:
> We are running a banking environment where high-level traceability
> is required. For OpenVMS systems, audit is the key to that. It is
> mostly ok, but we have discovered a serious flaw : when a user logs
> into an OpenVMS system using SSH (as we are all required to do, since
> telnet is considered unsecure), the corresponding audit entry says that
> the user SSH did a remote login, instead of displaying the real user.
>
> We want to correct that by writing a small program that will be called
> early in the sylogin.com of the system and create an audit entry (there
> is a system call to do that) with the name of the real user. Not
> difficult.
>
> The problem is to decide whether or not to run the program. It is
> useless to do it when telnet is used to enter the system, since in
> this case a proper audit record has already been created by OpenVMS
> itself. It is only when SSH is used to come in that the program must
> run. But how can I detect, with some DCL code, that the SSH protocol
> has been used rather than another one ? Any idea ?
>
> Thanks in advance,
This may depend on the version of VMS, but how 'bout this:
$ term = f$trnlnm("TT") ! gives you _FTA0: or _TNA0: or OPA0: or ...
$ term = term - "_" ! lose the underscore
$ if f$ext(0,2,term).eqs."FT" ! it's either DECwindows or SSH
$ then
$ if f$trnlnm("SYS$REM_ID").nes."" ! it must be SSH
$ then
$ ! do your SSH stuff here...
$ endif
$ endif
/Wilm
More information about the Info-vax
mailing list