Usage:
--------------------------- map_telnetd_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_telnetd_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before
it completes it is possible that output is still attached to the file.
You will have to call detach_default_output to get output redirected
back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This
can include error messages reporting that files could not be deleted and
analyze_system prompts. The screen will be cleared before the
connection map table is written. If -write_table is set to yes the
screen is still cleared but the table is written to the file. In the
following example I have included the kinds of messages that you may
see. Note that there will be multiple as: prompts, the exact number will
depend on how many window_term devices there are and how many of those
devices are being used.
map_telnetd_connections delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map2 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map3 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map4 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map5 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map6 OpenVOS Release 17.1.0ba, analyze_system Release 17.1.0ba Current process is 551, ptep 8A26E000, Noah_Davids.CAC as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: + as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as +: as: as: as: as: as: as: as: as: as: as: as: map_telnetd_connecti +ons - 12-05-31 20:32:41 #tli_login.m17_19 164.152.77.128:63937 Noah_Davids.CAC #tli_login.m17_18 164.152.77.34:54366 Noah_Davids.CAC ready 20:32:44 |
The macro:
& map_telnetd_connections begins here & & map_telnetd_connections.cm & version 1.0 06-05-11 & version 1.1 06-07-06 & version 1.2 07-02-17 added write_table argument and no longer changes & working directory & version 1.3 10-11-26 added disclaimer & version 1.4 12-05-24 match "match faddr" to "match ' faddr ' to accommodate & changes in release 17.1 & Noah Davids Stratus CAC noah.davids@stratus.com & & loops through ALL the window_term devices and for each one dumps the ACB & for the device and extracts the remotely connected port (fport) and & IP address (faddr), if any. For those devices that do have an fport and & faddr, it determines the name of the user who has the device locked and & displays a table with the form: & #device_name IP_address:port User_Name.Group_Name & & & Uasge & map_telnetd_connections -no_write_table & & -write_table if set to no (default) output is directed to the & terminal window. If set to yes output is written to & the file map_telnetd_connections_table in the current & directory. & & NOTE NOTE NOTE & This only works for telnetd. Connections made with telnet_msd, os_telnet & or sshd will not be mapped. & & This macro makes use of the attach_default_output command. Terminating & this macro before it completes may leave your output redirected to a & file. & & This macro must be run in a privileged process & & This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY & SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES & OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer & applies, despite any verbal representations of any kind provided by the & author or anyone else. & &begin_parameters WRITE_TABLE switch(-write_table),=0 &end_parameters & &echo no_input_lines no_command_lines no_macro_lines &if (process_type) ^= interactive &then set_ready -format off & &attach_input & & & delete all the temporary files just in case there are any left overs delete_file (process_dir)>map delete_file (process_dir)>map2 delete_file (process_dir)>map3 delete_file (process_dir)>map4 delete_file (process_dir)>map5 delete_file (process_dir)>map6 &if &WRITE_TABLE& &then delete_file map_telnetd_connections_table & & & save a list of all window_term devices in the file named map. Put a & key string "END" at the end of the file so we know when to stop looping attach_default_output (process_dir)>map list_devices -type window_term display_line END detach_default_output & & & record where the pound sign is in the device names &set POUND (index (contents (process_dir)>map 1) #) & & & loop through the map file, strip off the system name, leaving only the & device name, put that in the file named map2. &set line 1 attach_default_output (process_dir)>map2 &while (contents (process_dir)>map &line&) ^= 'END' display_line (substr (contents (process_dir)>map &line&) &POUND&) &set line (calc &line& + 1) &end display_line END detach_default_output & & & loop through the map2 file for each device listed dump the ACB matching on & the foreign port and address numbers. Put the output in the map3 file. & Then read in the two lines generated as well as the device again and write & out all three pieces as one line to the map4 file. &set line 1 analyze_system &while (contents (process_dir)>map2 &line&) ^= 'END' ..attach_default_output (process_dir)>map3 match ' faddr ' -or fport; dump_acb (contents (process_dir)>map2 &line&) ..detach_default_output ..attach_default_output (process_dir)>map4 -append ..display_line (contents (process_dir)>map2 &line&) &+ (contents (process_dir)>map3 1) (contents (process_dir)>map3 2) ..detach_default_output &set line (calc &line& + 1) &end quit & & & Use display -match to filter the lines in the map4 file for only lines & containing fport and output the results to map5. This removes any device & that doesn't have an associated port and IP address. display (process_dir)>map4 -match fport -output_path (process_dir)>map5 &+ -no_header attach_default_output (process_dir)>map5 -append display_line END detach_default_output & & & A lot of miscellaneous stuff has been output to the screen so clear it & note this will only work if the terminal has a clear screen generic output & sequence defined. display_line (byte 27)(byte 2) & & write a nice identifing header &if &WRITE_TABLE& &then &do attach_default_output map_telnetd_connections_table -append display_line map_telnetd_connections - (date) (time) display_line detach_default_output &end &else &do display_line map_telnetd_connections - (date) (time) display_line &end & loop through the map5 file. Copy the line 3 times so we can parse out the & device name, port and IP address. Once we extract the device name do a & who_locked, sending the output to map6 and then extract out the user name. & The "who_locked" line contains the process name in parens. This screws & up the command lines so translate the parens into curly braces. The IP & address is in hex so it has to be converted to decimal before being output. &set POUND (index (contents (process_dir)>map5 1) #) &set line 1 &while (contents (process_dir)>map5 &line&) ^= 'END' &set_string name (contents (process_dir)>map5 &line&) &set_string port (string &name&) &set_string addr (string &name&) &set_string name (substr (string &name&) &POUND&) &set_string name (substr (string &name&) 1 (index (string &name&) ' ')) attach_default_output (process_dir)>map6 who_locked #&name& detach_default_output &set_string user &+ (substr (translate (contents (process_dir)>map6 2) '{}' '()') 31) &set_string user (substr (string &user&) 1 (index (string &user&) ' ')) &set fportp5 (calc (index (string &port&) 'fport') + 5) &set_string port (substr (string &port&) &fportp5&) &set_string port (substr (string &port&) 1 (index (string &port&) ' ')) &set faddrp5 (calc (index (string &addr&) 'faddr') + 5) &set_string addr (substr (string &addr&) &faddrp5&) &set_string addr (substr (string &addr&) 1) &set_string ip1 (substr &addr& 1 2) &set_string ip2 (substr &addr& 3 2) &set_string ip3 (substr &addr& 5 2) &set_string ip4 (substr &addr& 7 2) &set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x) &set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port& &if &WRITE_TABLE& &then &do attach_default_output map_telnetd_connections_table -append display_line #&name& ' ' &addr1&.&addr2& ' ' &user& detach_default_output &end &else display_line #&name& ' ' &addr1&.&addr2& ' ' &user& &set line (calc &line& + 1) &end & & map_telnetd_connections ends here
Usage:
--------------------------- map_secured_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_secured_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before
it completes it is possible that output is still attached to the file.
You will have to call detach_default_output to get output redirected
back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This
can include error messages reporting that files could not be deleted and
analyze_system prompts. The screen will be cleared before the
connection map table is written. If -write_table is set to yes the
screen is still cleared but the table is written to the file. In the
following example I have included the kinds of messages that you may
see. Note that there will be multiple as: prompts, the exact number will
depend on how many sshd connections there are.
map_secured_connections OpenVOS Release 17.1.0ba, analyze_system Release 17.1.0ba Current process is 544, ptep 8A549080, Noah_Davids.CAC as: process: Invalid decimal number. OpenV as: as: process: Invalid decimal number. Curre as: as: Using nonrunning process. Current process is 375, ptep 89CEB000, root.root (sshd) as: as_format_porte: PORTE pointer is null. as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 420, ptep 89CDD600, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 539, ptep 8A5159C0, root.root (sshd) as: as: Using nonrunning process. Current process is 541, ptep 8A26D6C0, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 543, ptep 8A55E100, root.root (sshd) as: as: Using nonrunning process. Current process is 545, ptep 8A524A00, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: map_secured_connections - 12-05-31 20:30:39 #s$pt_log.m17_11 164.152.77.50:20922 Noah_Davids.CAC #s$pt_log.m17_13 164.152.77.50:20993 Noah_Davids.CAC ready 20:30:40 |
The macro:
& map_secured_connections starts here & & map_secured_connections.cm & version 1.0 06-05-11 & version 1.1 07-02-14 added an argument to format and write a table to a & file so that log_my_sshd_login can use it. & version 1.2 07-02-19 modified so it doesn't change the working directory & version 1.3 10-11-26 added disclaimer & version 1.4 12-05-31 added code to handle changes in release 17.1 & version 1.5 12-06-06 corrected code to handle changes in release 17.1 & Noah Davids Stratus CAC noah.davids@stratus.com & & loops through ALL the sshd processes and for each one dumps portes & 9 and 10 for releases before 17.1 or 11 and 8 for release 17,1 and later. & Porte 9/8 is connected to the STCP device, porte 10/11 is connected & to the pipe that connects to the user_login device. From porte 9/8 the & remotely connected port (fport) and IP address (faddr) can be extracted. & From porte 10/11 the name of the login device can be extracted, Once the & device name is known we can figure out who is using it. All the & information is displayed in a table with the form: & #device_name IP_address:port User_Name.Group_Name & & & map_secured_connectoins -no_write_table & & -write_table if set to no (default) output is directed to the & terminal window. If set to yes output is written to & the file map_secured_connections_table in the current & directory. & & NOTE NOTE NOTE & This only works for sshd. Connections made with telnet_msd, os_telnet & or telnetd will not be mapped. & & This macro makes use of the attach_default_output command. Terminating & this macro before it completes may leave your output redirected to a & file. & & This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY & SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES & OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer & applies, despite any verbal representations of any kind provided by the & author or anyone else. & &begin_parameters WRITE_TABLE switch(-write_table),=0 &end_parameters & &echo no_input_lines no_command_lines no_macro_lines &if (process_type) ^= interactive &then set_ready -format off & &attach_input & & delete all the temporary files. delete_file (process_dir)>map delete_file (process_dir)>map1 delete_file (process_dir)>map2 delete_file (process_dir)>map3 &if &WRITE_TABLE& &then delete_file map_secured_connections_table & & & Get a list of all the sshd processes. Put a key string "END" at the end & of the file so we know when to stop looping attach_default_output (process_dir)>map analyze_system -request_line 'match sshd; who' -quit display_line END detach_default_output & & & The device name being used can be found either from PORTE number 10 on & releases before 17.1 or from PORTE number 11 on release 17.1 and later & (lets hope it doesn't change again). Similarly, the foreign IP adress and & port can be found from PORTE number 9 on releases before 17.1 and PORTE & number 8 on 17.1 and later &set_string DVTEP 10 &set_string PORTADDR 9 &set_string RELEASE (after (module_info os_release) 'Release ') &if (index &RELEASE& '17.1') &then &do &set_string DVTEP 13 &set_string PORTADDR 8 &end & & Loop through the map file, extracting the process numbers for each & sshd process. For each process dump the PORTES to get the device name and & fport and faddr values. Save it all in the map1 file. &set line 1 analyze_system &while (contents (process_dir)>map &line&) ^= 'END' &set proc (substr (contents (process_dir)>map &line&) 1 5) process &proc& ..attach_default_output (process_dir)>map1 -append match dvtep; dump_porte -number &DVTEP& match ' fport ' -or ' faddr '; dump_porte -number &PORTADDR& ..detach_default_output & & & filter out some extraneous lines in the map1 file, writting the good stuff & to the map2 file. &set line (calc &line& + 1) &end quit display (process_dir)>map1 -min_lines 3 -match 'dvtep &+ ' -output_path (process_dir)>map2 -no_header attach_default_output (process_dir)>map2 -append display_line END detach_default_output & & & A lot of miscellaneous stuff has been output to the screen so clear it & note this will only work if the terminal has a clear screen generic output & sequence defined. display_line (byte 27)(byte 2) & & write a nice identifing header &if &WRITE_TABLE& &then &do attach_default_output map_secured_connections_table -append display_line map_secured_connections - (date) (time) display_line detach_default_output &end &else &do display_line map_secured_connections - (date) (time) display_line &end & & & loop through the map2 file which has sets of three lines, device name, port & number and address. The device name is enclosed in parens which have to be & translated to curly backets or the system thinks its a command function. & Once the device name is extracted do a who_locked to figure out who has it & locked. Write that info into the map3 file. The process name in that file is & also enclosed in parens so we have to translate them too. Finally the IP & address is in hex so it has to be translated into decimal. &set line 1 &while (contents (process_dir)>map2 &line&) ^= 'END' &set_string name (translate (contents (process_dir)>map2 &line&) '{}' '()') &set line (calc &line& + 1) &set_string port (contents (process_dir)>map2 &line&) &set line (calc &line& + 1) &set_string addr (contents (process_dir)>map2 &line&) &set line (calc &line& + 1) &set_string name (substr (string &name&) &+ (calc (index (string &name&) '{') + 1)) &set_string name (substr (string &name&) 1 &+ (calc (index (string &name&) '}') - 1)) attach_default_output (process_dir)>map3 who_locked #&name& detach_default_output &set_string user &+ (substr (translate (contents (process_dir)>map3 2) '{}' '()') 31) &set_string user (substr (string &user&) 1 (index (string &user&) ' ')) &set_string port (substr (string &port&) &+ (calc (index (string &port&) 'fport') + 6)) &set_string addr (substr (string &addr&) &+ (calc (index (string &addr&) 'faddr') + 5)) &set_string ip1 (substr &addr& 1 2) &set_string ip2 (substr &addr& 3 2) &set_string ip3 (substr &addr& 5 2) &set_string ip4 (substr &addr& 7 2) &set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x) &set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port& &if &WRITE_TABLE& = 1 &then &do attach_default_output map_secured_connections_table -append display_line #&name& ' ' &addr1&.&addr2& ' ' &user& detach_default_output &end &else display_line #&name& ' ' &addr1&.&addr2& ' ' &user& &end & & map_secured_connections ends here
Usage:
------------------------------- map_connections ------------------------------ No arguments required. Press ENTER to continue. |
Example output:
map_connections map_telnetd_connections - 12-05-31 20:34:57 #tli_login.m17_19 164.152.77.128:63937 Noah_Davids.CAC #tli_login.m17_18 164.152.77.34:54366 Noah_Davids.CAC map_secured_connections - 12-05-31 20:34:57 #s$pt_log.m17_11 164.152.77.50:20922 Noah_Davids.CAC #s$pt_log.m17_13 164.152.77.50:20993 Noah_Davids.CAC ready 20:34:57 |
The macro:
& map_connections starts here & & map_connections.cm & version 1.0 07-02-18 & version 1.1 10-11-26 added disclaimer & Noah Davids Stratus CAC noah.davids@stratus.com & & runs both map_telnetd_connections and map_secured_connections with the & -write_table argument, waits for the processes to complete and then & displays the created the tables & & This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY & SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES & OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer & applies, despite any verbal representations of any kind provided by the & author or anyone else. & start_process 'map_telnetd_connections -write_table' -privileged &+ -wait -output_path (process_dir)>map_telnetd_connections.out start_process 'map_secured_connections -write_table' -privileged &+ -wait -output_path (process_dir)>map_secured_connections.out display map_telnetd_connections_table -no_header display_line display_line display_line display_line display map_secured_connections_table -no_header & & map_connections ends here