From: SPAMSINK2001@YAHOO.COM Sent: Thursday, May 23, 2002 6:40 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: Deleting intrusion records... contracer11@uol.com.br (Shiva MahaDeva) wrote in message news:... > How can I delete intrusion records in OpenVMS V5.5-2 ? The command: > > $ Delete/intru DRVAX5::telnet_acs0542 > > It doesn´t work ! > > Which SYSGEN parameter can I modify to disable intrusion records ? > ( I forgot this command... LGI_BRK_TMO ???) > Thanks in advance... Try INTR.COM. It will list all intrustion records and allow you to delete them by number. Cut and paste the VMS SHARE file below to a file on your VAX or Alpha and run it with @. Ignore the error about "blocks" not being a verb. You should get INTR.COM as a result. INTR.COM contains 65 records. Then just run @INTR.COM!. Disclaimer: JMHO Alan E. Feldman afeldman atski gfigroup dotski com $! ------------------ CUT HERE ----------------------- $ v='f$verify(f$trnlnm("SHARE_UNPACK_VERIFY"))' $! $! This archive created: $! Name : INTR $! By : feldman $! Date : 23-MAY-2002 22:31:17.65 $! Using: VMS_SHARE 8.5-1, (C) 1993 Andy Harper, Kings College $! London UK $! $! Credit is due to these people for their original ideas: $! James Gray, Michael Bednarek $! $! To unpack this archive: $! Minimum of VMS 4.4 (VAX) / OpenVMS 1.0 (Alpha) is required. $! Remove the headers of the first part, up to `cut here' line. $! Execute file as a command procedure. $! $! The following file(s) will be created after unpacking: $! 1. INTR.COM;1 $! $ set="set" $ set symbol/scope=(nolocal,noglobal) $ f="SYS$SCRATCH:."+f$getjpi("","PID")+";" $ if f$trnlnm("SHARE_UNPACK") .nes. "" then $ - f=f$parse("SHARE_UNPACK_TEMP",f) $ e="write sys$error ""%UNPACK"", " $ w="write sys$output ""%UNPACK"", " $ if .not. f$trnlnm("SHARE_UNPACK_LOG") then $ w = "!" $ if f$getsyi("CPU") .gt. 127 then $ goto start $ ve=f$getsyi("version") $ if ve-f$extract(0,1,ve) .ges. "4.4" then $ goto start $ e "-E-OLDVER, Must run at least VMS 4.4" $ v=f$verify(v) $ exit 44 $unpack:subroutine!P1=file,P2=chksum,P3=attrib,P4=size,P5=fileno,P6=filetotal $ if f$parse(P1) .nes. "" then $ goto dirok $ dn=f$parse(P1,,,"DIRECTORY") $ w "-I-CREDIR, Creating directory ''dn'" $ create/dir 'dn' $ if $status then $ goto dirok $ e "-E-CREDIRFAIL, Unable to create ''dn' File skipped" $ delete 'f'* $ exit $dirok: $ x=f$search(P1) $ if x .eqs. "" then $ goto file_absent $ e "-W-EXISTS, File ''P1' exists. Skipped" $ delete 'f'* $ exit $file_absent: $ w "-I-UNPACK, Unpacking ", P5, " of ", P6, " - ", P1, " - ", P4, " Blocks" $ n=P1 $ if P3 .nes. "" then $ n=f $ if .not. f$verify() then $ define/user sys$output nl: $ EDIT/TPU/NOSEC/NODIS/COM=SYS$INPUT/NOJOURNAL 'f'/OUT='n' PROCEDURE GetHex(s,p)LOCAL x1,x2;x1:=INDEX(t,SUBSTR(s,p,1))-1;x2:=INDEX(t, SUBSTR(s,p+1,1))-1;RETURN 16*x1+x2;ENDPROCEDURE;PROCEDURE SkipPartsep LOCAL m; LOOP m:=MARK(NONE);EXITIF m=END_OF(CURRENT_BUFFER);DELETE(m);EXITIF INDEX( ERASE_LINE,"-+-+-+-+-+-+-+-+")=1;ENDLOOP;ENDPROCEDURE; PROCEDURE ProcessLine LOCAL c,s,l,b,n,p;s := ERASE_LINE;c := SUBSTR(s,1,1);s := s-c;IF c = "X" THEN SPLIT_LINE; ENDIF;MOVE_HORIZONTAL(-1);l := LENGTH(s);p := 1;LOOP EXITIF p > l;c := SUBSTR(s,p,1);p := p+1;CASE c FROM ' ' TO '`' ['`'] : COPY_TEXT(ASCII(GetHex(s,p))); p:=p+2;[' ']: p:=p+1;[INRANGE,OUTRANGE] : COPY_TEXT(c);ENDCASE;ENDLOOP;ENDPROCEDURE;PROCEDURE Decode(b)LOCAL m; POSITION(BEGINNING_OF(b));LOOP m:=MARK(NONE);EXITIF m=END_OF(b);DELETE(m); IF INDEX(CURRENT_LINE,"+-+-+-+-+-+-+-+-")=1 THEN SkipPartSep;ELSE ProcessLine; MOVE_HORIZONTAL(1);ENDIF;ENDLOOP;ENDPROCEDURE;SET(FACILITY_NAME,"UNPACK");SET( SUCCESS,OFF);SET(INFORMATIONAL,OFF);t:="0123456789ABCDEF";f:=GET_INFO( COMMAND_LINE,"file_name");o:=CREATE_BUFFER(f,f);Decode(o);WRITE_FILE(o, GET_INFO(COMMAND_LINE,"output_file"));QUIT; $ if p3 .eqs. "" then $ goto dl $ open/write fdl &f $ write fdl "RECORD" $ write fdl P3 $ close fdl $ w "-I-CONVRFM, Converting record format to ", P3 $ convert/fdl='f' 'f'-1 'f' $ fa=f$getdvi(f$parse(f),"ALLDEVNAM") $ Pa=f$getdvi(f$parse(P1),"ALLDEVNAM") $ if fa .eqs. Pa then $ rename &f 'f$parse(P1)' $ if fa .nes. Pa then $ copy &f 'f$parse(P1)' $dl: delete 'f'* $ checksum 'P1' $ if checksum$checksum .nes. P2 then $ - e "-E-CHKSMFAIL, Checksum of ''P1' failed." $ exit $ endsubroutine $start: $! $ create 'f' X$!+`20INTR.COM X$! X$!`20`20PURPOSE:`20To`20list`20records`20in`20the`20breakin`20database`20and V`20to`20delete X$!`20`20`20`20`20`20`20`20`20`20`20any`20of`20them`20by`20number X$! X$`20`20`20SHOW`20INTRUSION/OUTPUT=INTR.TMP X$`20`20`20IF`20(F$TRNLNM("FILE")`20.NES.`20"")`20THEN`20CLOSE`20FILE X$`20`20`20OPEN/READ`20FILE`20INTR.TMP X$`20`20`20READ/END=_END`20`20FILE`20`20HEADER X$`20`20`20WRITE`20SYS$OUTPUT`20HEADER X$`20`20`20N`20=`200 X$_LOOP: X$`20`20`20READ/END=_END`20`20FILE`20LINE X$`20`20`20N`20=`20N`20+`201 X$`20`20`20LINE_'N'`20=`20LINE`20 X$`20`20`20LENGTH`20`20`20=`20F$LENGTH(LINE_'N') X$`20`20`20LOCATION`20=`20F$LOCATE("::",LINE_'N') X$! X$`20`20`20IF`20(LOCATION`20.NE.`20LENGTH) X$`20`20`20THEN X$!`20Convert`20a`204-byte`20Hex`20number`20to`20decimal`20IP`20address X$! X$`20`20`20HEXSTR`20=`20F$EXTRACT(LOCATION+2,8,LINE_'N') X$`20`20`20LEN_HEXSTR`20=`20F$LENGTH(HEXSTR) X$`20`20`20!SH`20SYM`20LEN_HEXSTR X$`20`20`20BYTE4`20=`20F$EXTRACT(LEN_HEXSTR-2,2,HEXSTR) X$`20`20`20BYTE3`20=`20F$EXTRACT(LEN_HEXSTR-4,2,HEXSTR) X$`20`20`20BYTE2`20=`20F$EXTRACT(LEN_HEXSTR-6,2,HEXSTR) X$`20`20`20BYTE1`20=`20F$EXTRACT(LEN_HEXSTR-8,2,HEXSTR) X$`20`20`20!SH`20SYM`20BYTE% X$`20`20`20NUM4`20=`20F$STRING(F$INTEGER("%X''BYTE4'")) X$`20`20`20NUM3`20=`20F$STRING(F$INTEGER("%X''BYTE3'")) X$`20`20`20NUM2`20=`20F$STRING(F$INTEGER("%X''BYTE2'")) X$`20`20`20NUM1`20=`20F$STRING(F$INTEGER("%X''BYTE1'")) X$`20`20`20!SH`20SYM`20NUM% X$`20`20`20IPADR`20=`20NUM1`20`09- X`09`20`20`20`20+`20"."`20+`20NUM2- X`09`20`20`20`20+`20"."`20+`20NUM3- X`09`20`20`20`20+`20"."`20+`20NUM4 X$`20`20`20!SH`20SYM`20IPADR X$`20`20`20LINE_'N'`5BLOCATION+2,17`5D`20:=`20`5B'IPADR'`5D X$`20`20`20ENDIF X$! X$`20`20`20!SH`20SYM`20LOCATION X$`20`20`20SOURCE_'N'`20=`20F$ELEMENT(4,"`20",F$EDIT(LINE,"COMPRESS,TRIM")) X$`20`20`20WRITE`20SYS$OUTPUT`20F$FAO("!2SL!AS",N,F$EXTRACT(2,999,LINE_'N')) X$`20`20`20GOTO`20_LOOP X$_END: X$`20`20`20IF`20(F$TRNLNM("FILE")`20.NES.`20"")`20THEN`20CLOSE`20FILE X$`20`20`20INQUIRE`20CHOICE`20- X`20`20`20`20"Select`20a`20number`20to`20delete`20or`20enter`20'A'`20to`20abort V`20`5BA`5D" X$`20`20`20IF`20(CHOICE`20.EQS.`20"")`20THEN`20CHOICE`20=`20"A" X$`20`20`20IF`20(CHOICE`20.NES.`20"A")`20THEN`20GOTO`20_DEL X$_ABORT: X$`20`20`20WRITE`20SYS$OUTPUT`20"INTR.COM`20exited.`20No`20intrusion`20records V`20were`20deleted." X$`20`20`20PURGE/NOLOG`20INTR.TMP X$`20`20`20EXIT X$_DEL: X$`20`20`20SET`20VERIFY X$`20`20`20!SH`20SYM`20CHOICE X$`20`20`20RECORD`20=`20SOURCE_'CHOICE' X$`20`20`20DELETE/INTRUSION`20"''RECORD'"`20`20!`26SOURCE_'CHOICE' X$`20`20`20SET`20NOVERIFY`20 X$`20`20`20PURGE/NOLOG`20INTR.TMP X$`20`20`20EXIT $ call unpack INTR.COM;1 842668094 "" 4 1 1 $ v=f$verify(v) $ exit