[Info-vax] SSH footprint
JBloggs
JBloggs at acme.com
Mon Oct 26 17:20:26 EDT 2009
On Mon, 26 Oct 2009 20:17:00 +0100, Marc Van Dyck
<marc.vandyck at brutele.be> wrote:
>We are running a banking environment where high-level traceability
>is required. For OpenVMS systems, audit is the key to that. It is
>mostly ok, but we have discovered a serious flaw : when a user logs
>into an OpenVMS system using SSH (as we are all required to do, since
>telnet is considered unsecure), the corresponding audit entry says that
>the user SSH did a remote login, instead of displaying the real user.
>
>We want to correct that by writing a small program that will be called
>early in the sylogin.com of the system and create an audit entry (there
>is a system call to do that) with the name of the real user. Not
>difficult.
>
>The problem is to decide whether or not to run the program. It is
>useless to do it when telnet is used to enter the system, since in
>this case a proper audit record has already been created by OpenVMS
>itself. It is only when SSH is used to come in that the program must
>run. But how can I detect, with some DCL code, that the SSH protocol
>has been used rather than another one ? Any idea ?
>
>Thanks in advance,
looking for a FTAnnnn: terminal type *might*
be sufficient for your purposes.
$ tty = "''f$trnlnm( "SYS$OUTPUT" )'"
$ tty = "''f$getdvi( tty ,"TT_PHYDEVNAM" )'"
$ loc = f$locate( "_FTA" ,tty )
$ not_fta = (loc .ge. len)
$ if( not_fta )
$ then
$! ...
More information about the Info-vax
mailing list