Bill Tangren wrote:
Bill Tangren wrote:
A new policy has been implemented here at work. The old policy stated
that, when someone logs in to a system via ssh, I had to display a
consent
to monitor banner, which is easy to implement.
The new policy, however, requires that the user has to somehow signify
that they have read and will abide by the policy. In essence, I have to
get a yes or no input from the user, possibly just after they log on,
and
if they say no, log them off. If they say yes, they get to proceed.
My question: what is the best way to implement this? I have to make sure
the user cannot remove this functionality for future logins, so I can't
put it in any of their login scripts. This is easy to implement for GUI
logins, but I don't know the best way to proceed for ssh. Any ideas?
Put it in the sshd.conf the option to use a login banner and create the
banner file with what you want it to say and then restart sshd they will
see it before the login and acceptance of it by logging in.
So, put in a blurb that says in effect "if you log in, you consent to
this." Something like that? The directive I got was pretty clear. I had to
have some kind of button or something for them to press to accept (or
not).
Bill,
That is what I would do. I am not aware of any other way to accomplish
the task. Your logs would indicate users logging in that accepted the
agreement through sshd in your logwatch report. You could write a script
to scan the logwatch file and report users that had logged in in this
manner and send it to whom ever it needed to go to.
--Joey
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
