Re: OSR5: how to find out disabled terminals by authorization subsystem?
- From: Pepe <pepe@xxxxxxxxxx>
- Date: Sat, 14 Jul 2007 20:08:26 +0200
John DuBois wrote:
> In article <f6r57g$ut8$1@xxxxxxxxxxx>, Pepe <pepe@xxxxxxxxxx> wrote:
>> About the terminals locking issue, I have found the "ttylock" and
>> "ttyunlock" system commands, which work great. However, I have not found
>> any command to see which tty*'s have fallen under the security lock. I
>> see I can launch "scoadmin terminal" --> Unlock [Enter] ---> F3, but
>> that is not a scriptable solution and lacks any elegance (which is to be
>> expected from a real UNIX).
>>
>> So, how can I find out from a pure command line which terminals are locked?
>
> I had an awk function that reads the ttys database, so this was easy:
> ftp://ftp.armory.com/pub/user/spcecdt/lockedttys
I tried to make it work in my OSR-5.0.7 test system, but I guess the GNU gawk
is necessary, so I didn't succeed.
I have finally resorted to a home grown script that will output the TTYs which
are locked, so I can see at the command line the system status regarding locked
TTYs, or put it in a daily cron script to notify me by email or some such.
It is also possible to feed its output to "ttyunlock"(ADM) in the command line:
# ttyunlock `show-locked-ttys.sh` ---> This unlocks all locked TTYs.
This is my script: "show-locked-ttys.sh"
-------------------------SCRIPT BEGINS----------------------------
#!/bin/sh
#
# This script scans the TTY enhanced security database in SCO OpenServer 5.0.7
# and outputs the "tty's" which have been locked by the system security.
# This script takes no parameters.
#
# Created: 2007-07-14
# We can here choose a directory for the temporary files.
MY_TMP_DIR=$HOME
export MY_TMP_DIR
cd $MY_TMP_DIR
# Lets delete the temporary files.
clean() {
cd $MY_TMP_DIR
rm ttys-failed-logins_full.txt ttys-failed-logins_short.txt
}
doit() {
# We find out the maximum errors allowed in the system when logging in at a TTY.
MAX_ERROR_LOGINS=`/etc/userls -D -x maxLoginAttempts | sed -e 's/{//g' -e 's/}//g' | awk ' {print $3}'`
export MAX_ERROR_LOGINS
# Lets create a temporary file with the full details about any TTY where errors have happened at login.
sed -e :mylabel1 -e '/\\$/N; s/\\\n//; tmylabel1' -e 's/#/:/g' /etc/auth/system/ttys | grep t_failures | \
awk 'BEGIN { FS = ":" }; {gsub("\t","",$0); print $0}' > $MY_TMP_DIR/ttys-failed-logins_full.txt
# Lets create a temporary file with only the TTY names where errors have happened at login.
sed -e :mylabel1 -e '/\\$/N; s/\\\n//; tmylabel1' /etc/auth/system/ttys | grep t_failures | \
awk 'BEGIN { FS = ":" }; { print $1}' > $MY_TMP_DIR/ttys-failed-logins_short.txt
# Lets go in a loop to find out how many login errors has any affected TTY. We put it into a variable
# and then we compare it with the system maximum allowed in MAX_ERROR_LOGINS. If higher or equal to it,
# we output the TTY name, because it is a locked TTY.
for var in `cat $MY_TMP_DIR/ttys-failed-logins_short.txt` ; do
TTY_FAILED_LOGINS=`grep $var $MY_TMP_DIR/ttys-failed-logins_full.txt | \
awk -F":" '{for (a=10;a>0;a--) {if ($(NF-a) ~ /t_failures/) print $(NF-(a-1))}}'`
export TTY_FAILED_LOGINS
if [ $TTY_FAILED_LOGINS -ge $MAX_ERROR_LOGINS ] ; then echo $var ; fi
done
}
### MAIN ###
doit
clean
-------------------------SCRIPT ENDS------------------------------
No doubt some guru will come up with a one liner, but I couldn't make it any
better than what is shown above, the requisite being it should work in a stock
OpenServer 5.0.7 system.
Regards,
Pepe.
.
- References:
- Prev by Date: Re: BackupEDGE 2.2 Announcement
- Next by Date: OSR507: xm_vtcld : could not open libXm.so
- Previous by thread: Re: OSR5: how to find out disabled terminals by authorization subsystem?
- Next by thread: Re: OSR5: how to find out disabled terminals by authorization subsystem?
- Index(es):
Relevant Pages
|
