              <<< VAXAXP::NOTES$:[NOTES$LIBRARY]VMSNOTES.NOTE;1 >>>
               -< VAX and Alpha VMS - Digital Internal Use Only >-
================================================================================
Note 954.2             Set host/log is there another way ?                2 of 6
GIDDAY::GILLINGS "a crucible of informative mistak" 102 lines  28-MAY-1996 17:11
                                -< sample code >-
--------------------------------------------------------------------------------
                
>    They currently have a series of modems connected to DECservers.  Once
>    you enter the correct server password you are transferred to nodeA.
>    They want to be able to record user activity without having to use the
>    set host command since it has to be trasparent to the user.
    
    Personally I don't believe this should be "transparent". I think it
    should be made perfectly clear that the recording is going on. First
    for privacy reasons, but, more importantly - the objective is to
    *prevent* bad things happening, rather than to catch people after the
    fact, yes? 
    
    I've included a simple command procedure which implements non-transparent
    keystroke logging. It can all be done on a single system, but for higher
    security, you can dedicate a system to logging and change the SET HOST 
    command to point to the work system. 
    
    If you insist on "transparency", you can accept the username on the
    logging system *without* a password and execute a LOGIN.COM which is
    a variant of the sample procedure. Use SET HOST/LOG to the work system,
    passing the username as data - for example
    
    $ ! Now connect to work system
    $ SET HOST/LOG=logfile WRKNOD
    GILLINGS
    $ ! Reach here after logging off
    
    The work node will then prompt for a password. With appropriate settings
    of DISWELCOME and SYS$ANNOUNCE, you can make this *almost* completely
    transparent. You still get "Username:" and "Password:" prompts, but they
    occur on different systems.
    
SECURE_CHECK.COM
$ user=F$EDIT(F$GETJPI("","USERNAME"),"COLLAPSE")
$ marker="     Security audit logging enabled for user "
$ snode="your-node"
$ suser="SECURE"
$ sident="SECURE_USER"
$ IF user.NES.suser
$ THEN
$   rights=","+F$GETJPI("","RIGHTSLIST")+","
$   IF F$LOCATE(",''sident',",rights).GE.F$LENGTH(rights) THEN EXIT
$   IF F$TRNLNM("SYS$REM_NODE")+F$TRNLNM("SYS$REM_ID").EQS."''snode'::''suser'"
$   THEN
$     WRITE SYS$OUTPUT "''marker'''user'"
$     EXIT
$   ENDIF
$   TYPE SYS$INPUT

  **SECURITY BREACH** You are not authorized to login in this manner
  Please login with primary username SECURE

$
$   subj="Attempted illegal login at "+F$CVTIME(,"ABSOLUTE")
$   MAIL/NOSELF/SUBJ="''subj'" NL: SYSTEM
$ ELSE
$   TYPE SYS$INPUT

  **WARNING** - All actions will be logged for security auditing
  Please enter your real username and password now

$   now=F$CVTIME(,,"DATE")+"-"+F$CVTIME(,,"TIME")-" "-":"-":"-"."
$   lfile=F$GETJPI("","PID")+now+".LOG"
$   SET HOST/LOG='lfile' 0
$   OPEN/READ log 'lfile'
$   loop: READ/END=endloop log line
$     IF F$LOCATE(marker,line).GE.F$LENGTH(line) THEN GOTO loop
$     user=F$EDIT(line-marker,"UNCOMMENT,COLLAPSE,UPCASE")
$     RENAME 'lfile' 'user'_'now'.LOG
$   endloop:
$   CLOSE log
$ ENDIF
$ STOP/ID=0     ! exit with no logout message
$!
$! Command procedure to enforce logging of all activity for designated users
$!
$! Requires one UAF record (SECURE) and one identifier (SECURE_USER).
$! Users holding the SECURE_USER identifier must login with username SECURE
$! which will use the SET HOST/LOG command to keep an audit log of all
$! activity. Username SECURE should be defined with the following
$! characteristics:
$!
$!  UIC - unique, preferably in own group or in a system owned group
$!  default directory - owned by SECURE, protected (G,W) with plenty of
$!                      disk space and quota
$!  LGICMD - NL:
$!  flags - DisWelcome,DisNewMail,DisMail,DisReport,Captive
$!  no password
$!  privileges - NETMBX,TMPMBX
$!  quotas - nothing special
$!
$! Execute this command procedure early in SYLOGIN.COM if F$MODE is INTERACTIVE
$!
$! Log files containing transcripts of user sessions will be written to the
$! default directory of SECURE. Upon normal exit, the file name will become
$! <username>_<date and time>.LOG. While being written or after an abnormal
$! exit file name will be <PID>_<date and time>.LOG, where PID is the PID of
$! the "parent" SECURE process.
$!
$! Login attempts without going through SECURE by designated users will
$! result in a MAIL message being sent to SYSTEM indicating the date of
$! the illegal attempt.