Xref: utzoo comp.sys.dec:1358 comp.os.vms:15096 Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!csd4.milw.wisc.edu!marque!kcb From: kcb@marque.mu.edu (Kent Brodie) Newsgroups: comp.sys.dec,comp.os.vms Subject: "UNWELCOME.TXT" - a better WELCOME message (and dynamic!) Keywords: security, legal loopholes, WELCOME, UNWELCOME Message-ID: <452@marque.mu.edu> Date: 8 Jun 89 15:56:22 GMT Reply-To: kcb@marque.UUCP (Kent Brodie) Distribution: usa Organization: Marquette University - Milwaukee, Wisconsin Lines: 60 one of the largest security "holes", as it were, is the fact that the default "welcome" message on VAX/VMS systems is just that-- it WELCOMES the user to the system. In the case of an unauthorized access to your precious system, the existance of this message can cause ALL SORTS of legal headaches, depending on your state/local laws. The easy way around this, of course, is to just define a different message, or even refer to a text file contaning a few lines. I have found, however, that I really like the "default" mode of the SYS$WELCOME logical in that it dynamically knows what's going on, i.e., your NODE name and the system version number. Ina large cluster environment, this is one more stupid thing that then has to be changed (if you use a text file). I thought about this for a while, and immediately decided that the logicals F$GETSYI("NODENAME") and F$GETSYI("VERSION") were obviously appropriate, but how to use these on a MULTIPLE-LINE "unwelcome" message? Well, the following neat example is one that I figured out for my system using the handy (and selcom-used) F$FAO lexical function that allows you to both tell the user that only AUTHORIZED people are allowed, and at the same time do it via DCL so that the system's node name and version number are always included. The result is a nice **TWO-LINE** message that changes with each system used. In a cluster environment, this makes it even easier to use. Well, I've babbled enough on this, and all for a 4-line DCL segment that should go in SYSTARTUP. However, I feel that this issue is an IMPORTANT one, and should not be taken lightly. As always, just save (extract) this message, and edit out all of the garbage. Include the "executable" lines of the following DCL segment in your system-specific startup file for your vax, and you're off and running. Don't forget to execute this .COM file separately, right away, so you don't have to wait for a reboot for the message to take effect! I would appreciate any comments on this as well. Have fun. $!------------ cut here 8< ----------------------------------------- $! UNWELCOME.COM Create a better (dynamic) "welcome" message for a VAX. $! (C) 1989 Kent C. Brodie; Medical College of Wisconsin. $! $! These lines should go in the system-specific startup file for your $! VAX system. V4: SYSTARTUP.COM V5: SYSTARTUP_V5.COM $! $! The welcome message is automatically set up to include the node name $! and the system version number for your system, so any upgrades will $! automatically be reflected in the "welcome" message. The purpose of $! this message format is to both get rid of the word "WELCOME", and also $! to let users know that unauthorized access is not allowed. Both of these $! items are IMPORTANT when securing a VAX-- legal loopholes exist when the $! default "welcome" message is used. $!----------------------------------------------------------------------- $ lineone = " You are on node ''f$getsyi("NODENAME")' running " + - "VAX/VMS version ''f$edit(f$getsyi("VERSION"),"TRIM")'. " $ linetwo = " Unauthorized access to this system is prohibited." $ assign/system "''f$fao("!AS!/!AS",lineone,linetwo)'" sys$welcome -- Kent C. Brodie Normally: kcb@marque.mu.edu (System Manager OR: ..uwvax!uwmcsd1!marque!kcb at Large) Sometimes: 7113BRODIEK@MUCSD (different machine..) "Simon says.... 'DRY UP!'" -Simon Bar Sinister