I am not a programmer, but couldn't there be a script that you could set to run with the banner that accepted user input? If the answer was No, log them out... It seems like a simple concept...like herding cats - actual implementation maybe impossible. Kelley Coleman -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Joey Prestia Sent: Tuesday, December 04, 2007 2:16 PM To: General Red Hat Linux discussion list Subject: Re: consent to monitoring banner for ssh Bill Tangren wrote: >> Bill Tangren wrote: >> >>> A new policy has been implemented here at work. The old policy >>> stated that, when someone logs in to a system via ssh, I had to >>> display a consent to monitor banner, which is easy to implement. >>> >>> The new policy, however, requires that the user has to somehow >>> signify that they have read and will abide by the policy. In >>> essence, I have to get a yes or no input from the user, possibly >>> just after they log on, and if they say no, log them off. If they >>> say yes, they get to proceed. >>> >>> My question: what is the best way to implement this? I have to make >>> sure the user cannot remove this functionality for future logins, so >>> I can't put it in any of their login scripts. This is easy to >>> implement for GUI logins, but I don't know the best way to proceed for ssh. Any ideas? >>> >>> >>> >>> >> Put it in the sshd.conf the option to use a login banner and create >> the banner file with what you want it to say and then restart sshd >> they will see it before the login and acceptance of it by logging in. >> >> > > So, put in a blurb that says in effect "if you log in, you consent to > this." Something like that? The directive I got was pretty clear. I > had to have some kind of button or something for them to press to > accept (or not). > > > > > > > Bill, That is what I would do. I am not aware of any other way to accomplish the task. Your logs would indicate users logging in that accepted the agreement through sshd in your logwatch report. You could write a script to scan the logwatch file and report users that had logged in in this manner and send it to whom ever it needed to go to. --Joey -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
