":showvar @;job=#S6224" may be an enhancement implemented in 7.0, as it
works for me and we are running 7.0 express 1 with patches. From the HELP
command:
:help showvar
SHOWVAR
Displays specific variable names and their current values.
SYNTAX
SHOWVAR [varid][,varid]...[,varid]
[job= jobID ]
[;USER | HP | ANY]
KEYWORDS: PARMS,OPERATION,EXAMPLE
:
A few years ago I developed a UDC file that logs IP address and other
information to a circular file as well as sending the information to the
console.
Features:
o Obtains IP address and other information, uses TELLOP to send that
information to the console, and thus, to the console log.
o Writes IP address information to a circular log file on disc for
quick and easy scanning (LOGIPADR.LOG.SYS).
o Validates IP addresses on sessions logging in by checking IP address
against those listed in a file (NSVTSEC.NET.SYS).
Below is a copy of the UDC file followed by a file named "NSVTSEC.NET.SYS"
that contains a list of the networks or specific IP addresses allowed
access to the system. The UDC should be set as a SYSTEM UDC so that it is
executed by users at login.
The UDCs need for there to be a LOG group in the SYS account, and if one
doesn't exist, will create a LOG group and a circular log file the next
time MANAGER.SYS logs in. Thus, after you create the NSVTSEC file
SETCATALOG you should log on as MANAGER.SYS. If you don't log in as
MANAGER.SYS, the UDC will send an informatory message to the console at
each login telling you that it isn't able to log the login information.
The log file created is named LOGIPADR.LOG.SYS. When the UDCs reject a
login because its IP address isn't allowed (doesn't exist in the
NSVTSEC.NET.SYS file), the record written to LOGIPADR contains the text
{IP_Rejected}. If you log in from the system console or another serial
device, the log record contains the text {No_IP_Addr}.
The console messages sent by the UDC contain IP address and other
information, as available. By examining the variables defined at login,
the UDC determines whether the network login was via NS-VT or Telnet.
Enjoy!
John
logoniptest
option logon,nobreak,nolist,nohelp
setvar HPsysName "Tron"
comment LogonIP 1.10.05 3/26/02 JPK
comment
comment Created 12/15/97 by John P. Korb
comment
comment This UDC checks the user's IP address against a list of
comment of trusted networks kept in the file NSVTSEC.NET.SYS.
comment The LogonIPTest UDC also sets the HPPATH variable.
comment
setvar SaveMsgFence HPMsgFence
setvar HPMsgFence 1
setvar true 1
setvar false 0
setvar validip false
if hpjobtype = "S" then
if hpremipaddr <> "" then
if finfo("nsvtsec.net.sys","Exists") then
if finfo("nsvtsec.net.sys","EOF") <> 0 then
tsetpinogol 10612 <nsvtsec.net.sys
continue
owttsetpinogol 10612
if bound(hpstdin_network_node)
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr &
!hpstdin_network_node > *sss
tellop *** NSVT Logon from !hpremipaddr device &
!hpstdin_network_node
else
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr > *sss
tellop *** Telnet Login from !hpremipaddr
endif
reset sss
setvar hpmsgfence savemsgfence
endif
else
continue
owttsetpinogol 10612
if bound(hpstdin_network_node)
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr &
!hpstdin_network_node {Unchecked}> *sss
tellop *** NSVT Logon from !hpremipaddr device &
!hpstdin_network_node
else
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr &
{Unchecked}> *sss
tellop *** Telnet Login from !hpremipaddr
endif
reset sss
tellop *** Warning: Logon IP address checks NOT in effect ***
endif
else
tellop *** Non-IP logon ***
owttsetpinogol 10612
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount {No_IP_Addr} > *sss
reset sss
endif
endif
deletevar validip,true,false
setvar HPMsgFence SaveMsgFence
comment
comment ------ Other Logon Code Follows This Line ------
setvar HPPath "!!hpgroup,pub,pub.sys,arpa.sys,hpbin.sys"
setvar HPMsgFence 2
continue
setvar HPMsgFence SaveMsgFence
setjcw CIERROR 0
setvar hpredosize 250
file dontprnt;dev=lp,1;env=lp3hole.env.sys
setvar tz "EST5EDT"
******
tsetpinogol pass
option nobreak,nolist,nohelp
comment
comment This UDC is called from LogonIPtest and is NOT to
comment be invoked independently!
comment
if !pass <> 10612 then
echo Smart people don't mess with this UDC.
bye
endif
comment Scan nsvtsec.net.sys to see if the user's IP is allowed.
comment If not allowed, reject the user and BYE them off the system.
comment
setvar record ""
setvar blankpos 1
setvar reclimit finfo ("nsvtsec.net.sys","EOF")
setvar reccount 0
while reccount < reclimit and validip = false do
input record
if str(record,1,1) <> "#" then
setvar blankpos pos(" ",record,1)
if blankpos <> 0 then
setvar record str(record,1,blankpos-1)
endif
if pos(record,hpremipaddr,1) = 1 then
setvar validip true
endif
endif
setvar reccount reccount+1
endwhile
if validip = false then
file sss=logipadr.log.sys,old;acc=append;save
if bound(hpstdin_network_node)
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr &
!hpstdin_network_node {IP_Rejected} > *sss
tellop *** Logon from !hpremipaddr device &
!hpstdin_network_node REJECTED
else
echo !hpintrodate !hpintrotime !hpjobtype!hpjobnum &
!hpldevin !hpuser.!hpaccount !hpremipaddr &
{IP_Rejected} > *sss
tellop *** Login from !hpremipaddr REJECTED
endif
reset sss
echo No access permitted from ip !hpremipaddr
bye
endif
deletevar reclimit,reccount,record,blankpos
******
owttsetpinogol pass
option nobreak,nolist,nohelp
comment
comment This UDC is called from LogonIPtest and is NOT to
comment be invoked independently!
comment
if !pass <> 10612 then
echo Smart people don't mess with this UDC.
bye
endif
comment Make sure the LOG group exists, then check for the log
comment file.
comment For errors, notify the console of errors, then set the file
comment equation for sss to $NULL.
comment
setvar groupexists false
setvar fileexists false
if not finfo("/SYS/LOG","exists") then
tellop *** Warning: Logon IP address info not logged ***
tellop *** The LOG.SYS group DOES NOT EXIST ***
file sss=$NULL
if hpuser="MANAGER" and hpaccount="SYS" then
setjcw cierror = 0
continue
newgroup log.sys;access=(r,w,l,x,s:AC;a:ANY)
if cierror <> 0 then
tellop *** Attempt at Creating LOG.SYS group FAILED ***
else
tellop *** LOG.SYS group created ***
setvar groupexists true
endif
endif
else
setvar groupexists true
endif
if groupexists = true then
if not finfo("logipadr.log.sys","exists") then
if hpuser="MANAGER" and hpaccount="SYS" then
setjcw cierror = 0
continue
build logipadr.log.sys;rec=-1276,1,v,ascii;cir;disc=500
if cierror <> 0 then
tellop *** Build of LOGIPADR.LOG.SYS FAILED ***
else
setjcw cierror = 0
continue
altsec logipadr.log.sys;newacd=(&
w,racd:$owner,$group,$group_mask,@.@;&
r,w,x,a,l:@.sys)
if cierror <> 0 then
tellop *** ALTSET of LOGIPADR.LOG.SYS FAILED ***
continue
purge logipadr.log.sys
else
tellop *** LOGIPADR.LOG.SYS created ***
setvar fileexists true
endif
endif
endif
else
setvar fileexists true
endif
if fileexists = false then
tellop *** Warning: Logon IP address info not logged ***
tellop *** The file LOGIPADR.LOG.SYS DOES NOT EXIST ***
file sss=$NULL
else
file sss=logipadr.log.sys,old;acc=append;save
endif
endif
deletevar groupexists, fileexists
******
# NSVTSEC.NET.SYS - Created by John P. Korb for use with the
# logoniptest UDC.
#
# This file contains (left justified) the ip addresses of those
# networks allowed to access the system through non-FTP sessions.
#
# JPK 03/26/02 - Updated for use on TRON.
# JPK 12/15/97 - Created by John P. Korb. Used by the logoniptest
# UDC to restrict session access to certain IP
# addresses or ranges of addresses.
#
10
127.0.0.1
At 2002-04-24 11:00 AM, John Clogg wrote:
>I tried Per's suggestion and it didn't work. I was not able to see any
>HP-defined variables, only the user-defined ones. In fact, the
>documentation confirms that this is the expected behavior. Has this changed
>on a later release (we're on 6.5 PP2)? Is there a patch available to enable
>this capability?
>
>-----Original Message-----
>From: Per Ostberg [mailto:[log in to unmask]]
>Sent: Wednesday, April 24, 2002 2:40 AM
>To: [log in to unmask]
>Subject: SV: Re: [HP3000-L] Hacker question
>
>
>as an addition to Wirts suggestion of using an "option logon"-udc
>(where you have acces to all session-info), there's an enhancement to
>the :SHOWVAR command, where you can specify a job/session number (as in:
>
>:showvar @;job=#S6224
>HPSTDIN_ACCESS_TYPE = NS/VT
>HPSTDIN_TERMINAL_TYPE = 0 (T_DATA_ENTRY(4))
>HPSTDIN_TRANSPORT_TYPE = TCP/IP
>HPSTDIN_NETWORK_NODE = MYPC.MYDOMAIN.SE
>HPSTDIN_NETWORK_ADDR = x.y.z.x
>HPSTDIN_LINK_ADDR = not set yet...
>HPVT_CLIENT_VENDOR = WRQ_CONNECTION_3000_FOR_WINDOWS
>HPVT_CLIENT_OPSYS = MS_DOS
>HPVT_CLIENT_MODE = STREAM_MODE
>HPVT_CLIENT_TCP_PORT = 3840
>HPVT_CLIENT_LDEV_NUM =
>HPVT_CLIENT_JOB_NUM =
>HPVT_CLIENT_JOB_NAME =
>TZ = MET-1METDST
>VSETNEXTCENTURY = 3
>)
>
>hth
>/per
>
>--------------------------------------------------
>Per Östberg / [log in to unmask]
>tel 08-585 812 13
>mob 070-484 02 53 / fax 08-585 877 10
>LabMedicin-IT, Huddinge Universitetssjukhus
>C1 51 / 141 86 HUDDINGE
>--------------------------------------------------
>
>
> > -----Ursprungligt meddelande-----
> > Från: Richard.Barker /internet [mailto:[log in to unmask]]
> > Skickat: den 24 april 2002 10:50
> > Till: HP3000-L /internet
> > Kopia: Richard.Barker /internet
> > Ämne: Re: [HP3000-L] Hacker question
> >
> >
> > Hi
> >
> > We've got someone logging on to our system as an unauthorised
> > user. Now I
> > can easily kick them off, but I would love to know if it is someone
> > internally logging on.
> >
> > Is there anyway I can narrow down the Reflection session or
> > the IP address.
> >
> > * To join/leave the list, search archives, change list settings, *
> > * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
> >
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|