[SUMMARY] Security login banner- How ?

From: Levi Ashcol <leviashcol_at_hotpop.com>
Date: Wed Dec 04 2002 - 06:19:50 EST
My Original Posts are below.

Thanks to these Gurus:
 David B. Harrington, Patrick O'Reilly, Paul Fiengo, Carl Gobbo, Jon
Godfrey, Deborah Santomauro, Doug Floer, Ric Anderson, David Foster,
Gavin Brennan, DEWINTER Steven, Min Oo Tint, Angel Sevilla, Ozgur C.
Demir ,Matt Harris Thomas Jones, Simon Millard, Ken McKinlay, Jef
Elliott, Gary P Carr ,Mark Donaldson, 
Brooke King, getmeta@programmer.net, Eric Falen, dana@dtn.com, Mark
Deiss.

1- use the /etc/issue, /etc/motd to write any security warnings.

***Before Login
2- Change the "Dtlogin logo bitmapFile" and/or "Dtlogin greeting
labelString" in   
   /etc/dt/config/C/Xresources (copy it from
/usr/dt/config/C/Xresources)
   Method:  
     - Make a gif out of your message, convert it to an xpm
      (eg using /usr/dt/bin/sdtimage) then inserting that in Xresources
file
      Dtlogin*logo*bitmapFile:         /usr/local/images/mysite.pm

     - Make changes to Dtlogin*greeting.labelString in Xresources file
	Dtlogin*greeting.labelString:Welcome to %LocalHost%\n\n
	Access and use to this machine\n\
	is restricted to authorized users\n\

**** After Login
3- If you want the message to come after the cde login, try and get hold
of xmessage.  This will allow you to open a window with a message in it
and require a button-click to clear it.  Add xmessage to the global
xstartup scripts

4-Make a copy of /usr/dt/config/sessionetc into /etc/dt/sessionetc. 
  Example: 
  - Create a file /etc/motd.admin (Put the waning here)
  - Write this in sessionetc file          
	FILE=/etc/motd.admin
	if [ -s "${FILE}" ]; then
	# logname command is unreliable at this level
	case `id | cut -d"(" -f2 | cut -d")" -f1` in
		root|mcd)
			MOTD=`cat "${FILE}" | sed -e 's/$/\\\n/'`
			/usr/dt/bin/dterror.ds "${MOTD}" "Contents of
			${FILE}" \
				"Click here when finished viewing"
			;;
	esac
	fi	
  - General /usr/dt/dterrors usage:
   /usr/dt/bin/dterrors.ds "MESSAGE(use \n for multi lines)"  "Window
TITLE" "BUTTON NAME"
 
5- Check this out (I did not try this !) 
 
http://www.sunmanagers.org/pipermail/summaries/2001-August/001187.html

6- Link to CDE login manager configuration guide: 
   http://www-vms.gsi.de/vmsdoc/ndesk/SysAdmin/sysadmin_4.html#HEADING26


7- Alternatively, you could disallow logins via the CDE dialog and start
CDE in 
  the user's .xinitrc as openwin starts upon login. I put this in my
.xinitrc:
  ssh-agent /usr/dt/bin/Xsession
  or, if you don't want an ssh-agent parent process, simply
  /usr/dt/bin/Xsession
  The advantages are that you can use /etc/issue and avoid the possible 
  security  hole/sloppiness of allowing direct root logins, possibly
across the network.
  you need to disable the CDE login dialog, too.


Thanks all

Levi
-----Original Message-----
From: sunmanagers-admin@sunmanagers.org
[mailto:sunmanagers-admin@sunmanagers.org] On Behalf Of Levi Ashcol
Sent: Wednesday, November 20, 2002 9:58 PM
To: sunmanagers@sunmanagers.org
Subject: [Clarification] Security login banner- How ?


Hi all,
I received many flames for asking that question. All good guys advise me
to read the man pages of /etc/issue and /etc/motd.

My question was not clear at all. 
What I want to do is :
 - When the user login through the graphical interface(CDE/OpenWindows)
and authenticated correctly a "pop up message box" with an OK button
appears saying: "Access to this system is restricted....." 

Short version: I want to display a message box when the user logged into
the system.

Can I do that easily by playing with the X/DT configuration files ?

Please Help.

IWS

Levi

-----Original Message-----
From: sunmanagers-admin@sunmanagers.org
[mailto:sunmanagers-admin@sunmanagers.org] On Behalf Of Levi Ashcol
Sent: Monday, November 18, 2002 8:54 PM
To: sunmanagers@sunmanagers.org
Subject: Security login banner- How ?


Hi,
I want to display a security login banner(Access to this system is
restricted and monitored....bla bla bla )to my users while login through
CDE or Open Windows.

Anybody knew how to do this ?

IWS

Levi
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed Dec 4 06:22:56 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:59 EST