From: SPAMSINK2001@YAHOO.COM Sent: Thursday, May 23, 2002 1:14 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: Deleting intrusion records... contracer11@uol.com.br (Shiva MahaDeva) wrote in message news:... > How can I delete intrusion records in OpenVMS V5.5-2 ? The command: > > $ Delete/intru DRVAX5::telnet_acs0542 > > It doesn´t work ! > > Which SYSGEN parameter can I modify to disable intrusion records ? > ( I forgot this command... LGI_BRK_TMO ???) > Thanks in advance... Here's a command procedure that will let you delete intrustion records by number. It lists all intrusion records and numbers them, then prompts you for the number of the record to delete. It's a VMS SHARE file, so just cut and paste it to its own file on the VAX or Alpha and run it via @. You will get INTR.COM. Just run INTR.COM and follow the instructions. (I used VMS SHARE because Google only allows lines up to 70 chars long and this one has a maximum record length of 91 bytes.) I wrote this years ago (13-OCT-1998) on a VMS v5.5-2 system, so it should work fine. Comments, suggestions, and bug reports are welcome. If you get a couple of DCL warnings: %DCL-W-IVVERB, unrecognized command verb - check validity and spelling \UK\ %DCL-W-IVVERB, unrecognized command verb - check validity and spelling \BLOCKS"\ when running the share file, not to worry. The file is reconstructed properly anyway. As a check, it should have 72 records. Disclaimer: jmho Alan E. Feldman afeldman atski gfigroup dotski com $! ------------------ CUT HERE ----------------------- $ v='f$verify(f$trnlnm("SHARE_UNPACK_VERIFY"))' $! $! This archive created: $! Name : INTR $! By : feldman@IDS03 $! Date : 23-MAY-2002 16:57:55.01 $! Using: VMS_SHARE 8.5-1, (C) 1993 Andy Harper, Kings College London UK $! $! Credit is due to these people for their original ideas: $! James Gray, Michael Bednarek $! $! To unpack this archive: $! Minimum of VMS 4.4 (VAX) / OpenVMS 1.0 (Alpha) is required. $! Remove the headers of the first part, up to `cut here' line. $! Execute file as a command procedure. $! $! The following file(s) will be created after unpacking: $! 1. INTR.COM;1 $! $ set="set" $ set symbol/scope=(nolocal,noglobal) $ f="SYS$SCRATCH:."+f$getjpi("","PID")+";" $ if f$trnlnm("SHARE_UNPACK") .nes. "" then $ - f=f$parse("SHARE_UNPACK_TEMP",f) $ e="write sys$error ""%UNPACK"", " $ w="write sys$output ""%UNPACK"", " $ if .not. f$trnlnm("SHARE_UNPACK_LOG") then $ w = "!" $ if f$getsyi("CPU") .gt. 127 then $ goto start $ ve=f$getsyi("version") $ if ve-f$extract(0,1,ve) .ges. "4.4" then $ goto start $ e "-E-OLDVER, Must run at least VMS 4.4" $ v=f$verify(v) $ exit 44 $unpack:subroutine!P1=file,P2=chksum,P3=attrib,P4=size,P5=fileno,P6=filetotal $ if f$parse(P1) .nes. "" then $ goto dirok $ dn=f$parse(P1,,,"DIRECTORY") $ w "-I-CREDIR, Creating directory ''dn'" $ create/dir 'dn' $ if $status then $ goto dirok $ e "-E-CREDIRFAIL, Unable to create ''dn' File skipped" $ delete 'f'* $ exit $dirok: $ x=f$search(P1) $ if x .eqs. "" then $ goto file_absent $ e "-W-EXISTS, File ''P1' exists. Skipped" $ delete 'f'* $ exit $file_absent: $ w "-I-UNPACK, Unpacking ", P5, " of ", P6, " - ", P1, " - ", P4, " Blocks" $ n=P1 $ if P3 .nes. "" then $ n=f $ if .not. f$verify() then $ define/user sys$output nl: $ EDIT/TPU/NOSEC/NODIS/COM=SYS$INPUT/NOJOURNAL 'f'/OUT='n' PROCEDURE GetHex(s,p)LOCAL x1,x2;x1:=INDEX(t,SUBSTR(s,p,1))-1;x2:=INDEX(t, SUBSTR(s,p+1,1))-1;RETURN 16*x1+x2;ENDPROCEDURE;PROCEDURE SkipPartsep LOCAL m; LOOP m:=MARK(NONE);EXITIF m=END_OF(CURRENT_BUFFER);DELETE(m);EXITIF INDEX( ERASE_LINE,"-+-+-+-+-+-+-+-+")=1;ENDLOOP;ENDPROCEDURE; PROCEDURE ProcessLine LOCAL c,s,l,b,n,p;s := ERASE_LINE;c := SUBSTR(s,1,1);s := s-c;IF c = "X" THEN SPLIT_LINE; ENDIF;MOVE_HORIZONTAL(-1);l := LENGTH(s);p := 1;LOOP EXITIF p > l;c := SUBSTR(s,p,1);p := p+1;CASE c FROM ' ' TO '`' ['`'] : COPY_TEXT(ASCII(GetHex(s,p))); p:=p+2;[' ']: p:=p+1;[INRANGE,OUTRANGE] : COPY_TEXT(c);ENDCASE;ENDLOOP;ENDPROCEDURE;PROCEDURE Decode(b)LOCAL m; POSITION(BEGINNING_OF(b));LOOP m:=MARK(NONE);EXITIF m=END_OF(b);DELETE(m); IF INDEX(CURRENT_LINE,"+-+-+-+-+-+-+-+-")=1 THEN SkipPartSep;ELSE ProcessLine; MOVE_HORIZONTAL(1);ENDIF;ENDLOOP;ENDPROCEDURE;SET(FACILITY_NAME,"UNPACK");SET( SUCCESS,OFF);SET(INFORMATIONAL,OFF);t:="0123456789ABCDEF";f:=GET_INFO( COMMAND_LINE,"file_name");o:=CREATE_BUFFER(f,f);Decode(o);WRITE_FILE(o, GET_INFO(COMMAND_LINE,"output_file"));QUIT; $ if p3 .eqs. "" then $ goto dl $ open/write fdl &f $ write fdl "RECORD" $ write fdl P3 $ close fdl $ w "-I-CONVRFM, Converting record format to ", P3 $ convert/fdl='f' 'f'-1 'f' $ fa=f$getdvi(f$parse(f),"ALLDEVNAM") $ Pa=f$getdvi(f$parse(P1),"ALLDEVNAM") $ if fa .eqs. Pa then $ rename &f 'f$parse(P1)' $ if fa .nes. Pa then $ copy &f 'f$parse(P1)' $dl: delete 'f'* $ checksum 'P1' $ if checksum$checksum .nes. P2 then $ - e "-E-CHKSMFAIL, Checksum of ''P1' failed." $ exit $ endsubroutine $start: $! $ create 'f' X$!+`20INTR.COM X$! X$!`20`20PURPOSE:`20To`20list`20records`20in`20the`20breakin`20database`20and V`20to`20delete X$!`20`20`20`20`20`20`20`20`20`20`20any`20of`20them`20by`20number X$! X$!------`20`20`20Intrusion`20`20`20`20`20`20`20Type`20`20`20`20`20`20`20Count V`20`20Expiration`20`20`20Source X$!------`20`20`20`20`20`20TERM_USER`20`20`20`20INTRUDER`20`20`20`20`20`206`20 V`20`2017:36:30.46`20`20WT66D/PORT_8:DELOSREYES_M`20`20`20`20`20`20`20`20 X$!------`20`20`20Intrusion`20`20`20`20`20`20`20Type`20`20`20`20`20`20`20Count V`20`20Expiration`20`20`20Source X$!------`20`20`20`20`20`20NETWORK`20`20`20`20`20`20SUSPECT`20`20`20`20`20`20 V`201`20`20`2010:01:24.38`20`20TELNET::9F661672`20`20`20`20`20`20`20`20`20`20 V`20`20`20`20`20`20`20 X$!------`20`20`20 X$!+ X$! X$`20`20`20SHOW`20INTRUSION/OUTPUT=INTR.TMP X$`20`20`20IF`20(F$TRNLNM("FILE")`20.NES.`20"")`20THEN`20CLOSE`20FILE X$`20`20`20OPEN/READ`20FILE`20INTR.TMP X$`20`20`20READ/END=_END`20`20FILE`20`20HEADER X$`20`20`20WRITE`20SYS$OUTPUT`20HEADER X$`20`20`20N`20=`200 X$_LOOP: X$`20`20`20READ/END=_END`20`20FILE`20LINE X$`20`20`20N`20=`20N`20+`201 X$`20`20`20LINE_'N'`20=`20LINE`20 X$`20`20`20LENGTH`20`20`20=`20F$LENGTH(LINE_'N') X$`20`20`20LOCATION`20=`20F$LOCATE("::",LINE_'N') X$! X$`20`20`20IF`20(LOCATION`20.NE.`20LENGTH) X$`20`20`20THEN X$!`20Convert`20a`204-byte`20Hex`20number`20to`20decimal`20IP`20address X$! X$`20`20`20HEXSTR`20=`20F$EXTRACT(LOCATION+2,8,LINE_'N') X$`20`20`20LEN_HEXSTR`20=`20F$LENGTH(HEXSTR) X$`20`20`20!SH`20SYM`20LEN_HEXSTR X$`20`20`20BYTE4`20=`20F$EXTRACT(LEN_HEXSTR-2,2,HEXSTR) X$`20`20`20BYTE3`20=`20F$EXTRACT(LEN_HEXSTR-4,2,HEXSTR) X$`20`20`20BYTE2`20=`20F$EXTRACT(LEN_HEXSTR-6,2,HEXSTR) X$`20`20`20BYTE1`20=`20F$EXTRACT(LEN_HEXSTR-8,2,HEXSTR) X$`20`20`20!SH`20SYM`20BYTE% X$`20`20`20NUM4`20=`20F$STRING(F$INTEGER("%X''BYTE4'")) X$`20`20`20NUM3`20=`20F$STRING(F$INTEGER("%X''BYTE3'")) X$`20`20`20NUM2`20=`20F$STRING(F$INTEGER("%X''BYTE2'")) X$`20`20`20NUM1`20=`20F$STRING(F$INTEGER("%X''BYTE1'")) X$`20`20`20!SH`20SYM`20NUM% X$`20`20`20IPADR`20=`20NUM1`20`09- X`09`20`20`20`20+`20"."`20+`20NUM2- X`09`20`20`20`20+`20"."`20+`20NUM3- X`09`20`20`20`20+`20"."`20+`20NUM4 X$`20`20`20!SH`20SYM`20IPADR X$`20`20`20LINE_'N'`5BLOCATION+2,17`5D`20:=`20`5B'IPADR'`5D X$`20`20`20ENDIF X$! X$`20`20`20!SH`20SYM`20LOCATION X$`20`20`20SOURCE_'N'`20=`20F$ELEMENT(4,"`20",F$EDIT(LINE,"COMPRESS,TRIM")) X$`20`20`20WRITE`20SYS$OUTPUT`20F$FAO("!2SL!AS",N,F$EXTRACT(2,999,LINE_'N')) X$`20`20`20GOTO`20_LOOP X$_END: X$`20`20`20IF`20(F$TRNLNM("FILE")`20.NES.`20"")`20THEN`20CLOSE`20FILE X$`20`20`20INQUIRE`20CHOICE`20- X`20`20`20`20"Select`20a`20number`20to`20delete`20or`20enter`20'A'`20to`20abort V`20`5BA`5D" X$`20`20`20IF`20(CHOICE`20.EQS.`20"")`20THEN`20CHOICE`20=`20"A" X$`20`20`20IF`20(CHOICE`20.NES.`20"A")`20THEN`20GOTO`20_DEL X$_ABORT: X$`20`20`20WRITE`20SYS$OUTPUT`20"INTR.COM`20exited.`20No`20intrusion`20records V`20were`20deleted." X$`20`20`20PURGE/NOLOG`20INTR.TMP X$`20`20`20EXIT X$_DEL: X$`20`20`20SET`20VERIFY X$`20`20`20!SH`20SYM`20CHOICE X$`20`20`20RECORD`20=`20SOURCE_'CHOICE' X$`20`20`20DELETE/INTRUSION`20"''RECORD'"`20`20!`26SOURCE_'CHOICE' X$`20`20`20SET`20NOVERIFY`20 X$`20`20`20PURGE/NOLOG`20INTR.TMP X$`20`20`20EXIT $ call unpack INTR.COM;1 741022837 "" 5 1 1 $ v=f$verify(v) $ exit