consent to monitoring banner for ssh
Joey Prestia
joey at linuxamd.com
Tue Dec 4 21:16:28 UTC 2007
Bill Tangren wrote:
>> Bill Tangren wrote:
>>
>>> A new policy has been implemented here at work. The old policy stated
>>> that, when someone logs in to a system via ssh, I had to display a
>>> consent
>>> to monitor banner, which is easy to implement.
>>>
>>> The new policy, however, requires that the user has to somehow signify
>>> that they have read and will abide by the policy. In essence, I have to
>>> get a yes or no input from the user, possibly just after they log on,
>>> and
>>> if they say no, log them off. If they say yes, they get to proceed.
>>>
>>> My question: what is the best way to implement this? I have to make sure
>>> the user cannot remove this functionality for future logins, so I can't
>>> put it in any of their login scripts. This is easy to implement for GUI
>>> logins, but I don't know the best way to proceed for ssh. Any ideas?
>>>
>>>
>>>
>>>
>> Put it in the sshd.conf the option to use a login banner and create the
>> banner file with what you want it to say and then restart sshd they will
>> see it before the login and acceptance of it by logging in.
>>
>>
>
> So, put in a blurb that says in effect "if you log in, you consent to
> this." Something like that? The directive I got was pretty clear. I had to
> have some kind of button or something for them to press to accept (or
> not).
>
>
>
>
>
>
>
Bill,
That is what I would do. I am not aware of any other way to accomplish
the task. Your logs would indicate users logging in that accepted the
agreement through sshd in your logwatch report. You could write a script
to scan the logwatch file and report users that had logged in in this
manner and send it to whom ever it needed to go to.
--Joey
More information about the redhat-list
mailing list