(go to: table of contents, index, list of vms_sys, prev: REVOKID, next: SCHDWK)
SCAN_INTRUSION - Scan Intrusion Database
Format:
status = vms_sys.scan_intrusion
(logfail_status, failed_user, job_type,
[source_terminal], [source_node], [source_user],
[source_addr], [failed_password], [parent_user],
[parent_id], [flags])
Returns:
Arguments:
Examples:
1 - 32 alphanumeric character string.
>>> import vms_ciadef
>>> import vms_sys
>>>
>>> logfail_status = 0x2c # SS$_ABORT
>>> failed_user = 'PY_BREAKIN'
>>> job_type = vms_jpidef.JPI_K_NETWORK
>>> source_terminal = 'PYB0:'
>>> source_node = 'PYBRK' # leave off '::'
>>> source_user = 'PY_INTRUDER'
>>> source_addr = 'PY.BREAK.IN'
>>> failed_password = 'PY_PWD'
>>> parent_user = None # this is not a subprocess breakin
>>> parent_id = None
>>> flags = None
>>>
>>> status = vms_sys.scan_intrusion \
... (logfail_status, failed_user, job_type, \
... source_terminal, source_node, source_user, \
... source_addr, failed_password, parent_user, \
... parent_id, flags)
>>>
>>> print vms_sys.getmsg (status) [0]
'%SECSRV-I-SUSPECT, matching Suspect found'
>>>
$
%%%%%%%%%%% OPCOM 1-JUN-1999 19:04:21.03 %%%%%%%%%%%
Message from user AUDIT$SERVER on HERE
Security alarm (SECURITY) and security audit (SECURITY)
on HERE, system id: 52199
Auditable event: Network login failure
Event time: 1-JUN-1999 19:04:20.95
PID: 000000D7
Process name: ZESSIN_FTA11
Username: ZESSIN
Terminal name: FTA11:, PYB0:
Remote nodename: PYBRK
Remote node id: 50592E425245414B2E494E
Remote username: PY_INTRUDER
Status: %SYSTEM-F-ABORT, abort
$ show intrusion
Intrusion Type Count Expiration Source
NETWORK SUSPECT 1 19:09:20.95 PYBRK::PY_INTRUDER
$
@@ more SYS$SCAN_INTRUSION examples
(go to: table of contents,
index,
list of vms_sys,
prev: REVOKID,
next: SCHDWK)