Command macros to map telnetd and sshd connections
Usage:
--------------------------- map_telnetd_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_telnetd_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before
it completes it is possible that output is still attached to the file.
You will have to call detach_default_output to get output redirected
back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This
can include error messages reporting that files could not be deleted and
analyze_system prompts. The screen will be cleared before the
connection map table is written. If -write_table is set to yes the
screen is still cleared but the table is written to the file. In the
following example I have included the kinds of messages that you may
see. Note that there will be multiple as: prompts, the exact number will
depend on how many window_term devices there are and how many of those
devices are being used.
map_telnetd_connections delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map2 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map3 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map4 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map5 delete_file: Object not found. %azvos#m17_mas>process_dir_dir>pd.11118227>map6 OpenVOS Release 17.1.0ba, analyze_system Release 17.1.0ba Current process is 551, ptep 8A26E000, Noah_Davids.CAC as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: + as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as +: as: as: as: as: as: as: as: as: as: as: as: map_telnetd_connecti +ons - 12-05-31 20:32:41 #tli_login.m17_19 164.152.77.128:63937 Noah_Davids.CAC #tli_login.m17_18 164.152.77.34:54366 Noah_Davids.CAC ready 20:32:44 |
The macro:
& map_telnetd_connections begins here
&
& map_telnetd_connections.cm
& version 1.0 06-05-11
& version 1.1 06-07-06
& version 1.2 07-02-17 added write_table argument and no longer changes
& working directory
& version 1.3 10-11-26 added disclaimer
& version 1.4 12-05-24 match "match faddr" to "match ' faddr ' to accommodate
& changes in release 17.1
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& loops through ALL the window_term devices and for each one dumps the ACB
& for the device and extracts the remotely connected port (fport) and
& IP address (faddr), if any. For those devices that do have an fport and
& faddr, it determines the name of the user who has the device locked and
& displays a table with the form:
& #device_name IP_address:port User_Name.Group_Name
&
&
& Uasge
& map_telnetd_connections -no_write_table
&
& -write_table if set to no (default) output is directed to the
& terminal window. If set to yes output is written to
& the file map_telnetd_connections_table in the current
& directory.
&
& NOTE NOTE NOTE
& This only works for telnetd. Connections made with telnet_msd, os_telnet
& or sshd will not be mapped.
&
& This macro makes use of the attach_default_output command. Terminating
& this macro before it completes may leave your output redirected to a
& file.
&
& This macro must be run in a privileged process
&
& This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
& SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
& OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer
& applies, despite any verbal representations of any kind provided by the
& author or anyone else.
&
&begin_parameters
WRITE_TABLE switch(-write_table),=0
&end_parameters
&
&echo no_input_lines no_command_lines no_macro_lines
&if (process_type) ^= interactive
&then set_ready -format off
&
&attach_input
&
&
& delete all the temporary files just in case there are any left overs
delete_file (process_dir)>map
delete_file (process_dir)>map2
delete_file (process_dir)>map3
delete_file (process_dir)>map4
delete_file (process_dir)>map5
delete_file (process_dir)>map6
&if &WRITE_TABLE&
&then delete_file map_telnetd_connections_table
&
&
& save a list of all window_term devices in the file named map. Put a
& key string "END" at the end of the file so we know when to stop looping
attach_default_output (process_dir)>map
list_devices -type window_term
display_line END
detach_default_output
&
&
& record where the pound sign is in the device names
&set POUND (index (contents (process_dir)>map 1) #)
&
&
& loop through the map file, strip off the system name, leaving only the
& device name, put that in the file named map2.
&set line 1
attach_default_output (process_dir)>map2
&while (contents (process_dir)>map &line&) ^= 'END'
display_line (substr (contents (process_dir)>map &line&) &POUND&)
&set line (calc &line& + 1)
&end
display_line END
detach_default_output
&
&
& loop through the map2 file for each device listed dump the ACB matching on
& the foreign port and address numbers. Put the output in the map3 file.
& Then read in the two lines generated as well as the device again and write
& out all three pieces as one line to the map4 file.
&set line 1
analyze_system
&while (contents (process_dir)>map2 &line&) ^= 'END'
..attach_default_output (process_dir)>map3
match ' faddr ' -or fport; dump_acb (contents (process_dir)>map2 &line&)
..detach_default_output
..attach_default_output (process_dir)>map4 -append
..display_line (contents (process_dir)>map2 &line&) &+
(contents (process_dir)>map3 1) (contents (process_dir)>map3 2)
..detach_default_output
&set line (calc &line& + 1)
&end
quit
&
&
& Use display -match to filter the lines in the map4 file for only lines
& containing fport and output the results to map5. This removes any device
& that doesn't have an associated port and IP address.
display (process_dir)>map4 -match fport -output_path (process_dir)>map5 &+
-no_header
attach_default_output (process_dir)>map5 -append
display_line END
detach_default_output
&
&
& A lot of miscellaneous stuff has been output to the screen so clear it
& note this will only work if the terminal has a clear screen generic output
& sequence defined.
display_line (byte 27)(byte 2)
&
& write a nice identifing header
&if &WRITE_TABLE&
&then &do
attach_default_output map_telnetd_connections_table -append
display_line map_telnetd_connections - (date) (time)
display_line
detach_default_output
&end
&else &do
display_line map_telnetd_connections - (date) (time)
display_line
&end
& loop through the map5 file. Copy the line 3 times so we can parse out the
& device name, port and IP address. Once we extract the device name do a
& who_locked, sending the output to map6 and then extract out the user name.
& The "who_locked" line contains the process name in parens. This screws
& up the command lines so translate the parens into curly braces. The IP
& address is in hex so it has to be converted to decimal before being output.
&set POUND (index (contents (process_dir)>map5 1) #)
&set line 1
&while (contents (process_dir)>map5 &line&) ^= 'END'
&set_string name (contents (process_dir)>map5 &line&)
&set_string port (string &name&)
&set_string addr (string &name&)
&set_string name (substr (string &name&) &POUND&)
&set_string name (substr (string &name&) 1 (index (string &name&) ' '))
attach_default_output (process_dir)>map6
who_locked #&name&
detach_default_output
&set_string user &+
(substr (translate (contents (process_dir)>map6 2) '{}' '()') 31)
&set_string user (substr (string &user&) 1 (index (string &user&) ' '))
&set fportp5 (calc (index (string &port&) 'fport') + 5)
&set_string port (substr (string &port&) &fportp5&)
&set_string port (substr (string &port&) 1 (index (string &port&) ' '))
&set faddrp5 (calc (index (string &addr&) 'faddr') + 5)
&set_string addr (substr (string &addr&) &faddrp5&)
&set_string addr (substr (string &addr&) 1)
&set_string ip1 (substr &addr& 1 2)
&set_string ip2 (substr &addr& 3 2)
&set_string ip3 (substr &addr& 5 2)
&set_string ip4 (substr &addr& 7 2)
&set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x)
&set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port&
&if &WRITE_TABLE&
&then &do
attach_default_output map_telnetd_connections_table -append
display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
detach_default_output
&end
&else display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
&set line (calc &line& + 1)
&end
&
& map_telnetd_connections ends here
Usage:
--------------------------- map_secured_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_secured_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before
it completes it is possible that output is still attached to the file.
You will have to call detach_default_output to get output redirected
back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This
can include error messages reporting that files could not be deleted and
analyze_system prompts. The screen will be cleared before the
connection map table is written. If -write_table is set to yes the
screen is still cleared but the table is written to the file. In the
following example I have included the kinds of messages that you may
see. Note that there will be multiple as: prompts, the exact number will
depend on how many sshd connections there are.
map_secured_connections OpenVOS Release 17.1.0ba, analyze_system Release 17.1.0ba Current process is 544, ptep 8A549080, Noah_Davids.CAC as: process: Invalid decimal number. OpenV as: as: process: Invalid decimal number. Curre as: as: Using nonrunning process. Current process is 375, ptep 89CEB000, root.root (sshd) as: as_format_porte: PORTE pointer is null. as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 420, ptep 89CDD600, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 539, ptep 8A5159C0, root.root (sshd) as: as: Using nonrunning process. Current process is 541, ptep 8A26D6C0, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: Using nonrunning process. Current process is 543, ptep 8A55E100, root.root (sshd) as: as: Using nonrunning process. Current process is 545, ptep 8A524A00, root.root (sshd) as: as_format_porte: PORTE pointer is null. as: map_secured_connections - 12-05-31 20:30:39 #s$pt_log.m17_11 164.152.77.50:20922 Noah_Davids.CAC #s$pt_log.m17_13 164.152.77.50:20993 Noah_Davids.CAC ready 20:30:40 |
The macro:
& map_secured_connections starts here
&
& map_secured_connections.cm
& version 1.0 06-05-11
& version 1.1 07-02-14 added an argument to format and write a table to a
& file so that log_my_sshd_login can use it.
& version 1.2 07-02-19 modified so it doesn't change the working directory
& version 1.3 10-11-26 added disclaimer
& version 1.4 12-05-31 added code to handle changes in release 17.1
& version 1.5 12-06-06 corrected code to handle changes in release 17.1
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& loops through ALL the sshd processes and for each one dumps portes
& 9 and 10 for releases before 17.1 or 11 and 8 for release 17,1 and later.
& Porte 9/8 is connected to the STCP device, porte 10/11 is connected
& to the pipe that connects to the user_login device. From porte 9/8 the
& remotely connected port (fport) and IP address (faddr) can be extracted.
& From porte 10/11 the name of the login device can be extracted, Once the
& device name is known we can figure out who is using it. All the
& information is displayed in a table with the form:
& #device_name IP_address:port User_Name.Group_Name
&
&
& map_secured_connectoins -no_write_table
&
& -write_table if set to no (default) output is directed to the
& terminal window. If set to yes output is written to
& the file map_secured_connections_table in the current
& directory.
&
& NOTE NOTE NOTE
& This only works for sshd. Connections made with telnet_msd, os_telnet
& or telnetd will not be mapped.
&
& This macro makes use of the attach_default_output command. Terminating
& this macro before it completes may leave your output redirected to a
& file.
&
& This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
& SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
& OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer
& applies, despite any verbal representations of any kind provided by the
& author or anyone else.
&
&begin_parameters
WRITE_TABLE switch(-write_table),=0
&end_parameters
&
&echo no_input_lines no_command_lines no_macro_lines
&if (process_type) ^= interactive
&then set_ready -format off
&
&attach_input
&
& delete all the temporary files.
delete_file (process_dir)>map
delete_file (process_dir)>map1
delete_file (process_dir)>map2
delete_file (process_dir)>map3
&if &WRITE_TABLE&
&then delete_file map_secured_connections_table
&
&
& Get a list of all the sshd processes. Put a key string "END" at the end
& of the file so we know when to stop looping
attach_default_output (process_dir)>map
analyze_system -request_line 'match sshd; who' -quit
display_line END
detach_default_output
&
&
& The device name being used can be found either from PORTE number 10 on
& releases before 17.1 or from PORTE number 11 on release 17.1 and later
& (lets hope it doesn't change again). Similarly, the foreign IP adress and
& port can be found from PORTE number 9 on releases before 17.1 and PORTE
& number 8 on 17.1 and later
&set_string DVTEP 10
&set_string PORTADDR 9
&set_string RELEASE (after (module_info os_release) 'Release ')
&if (index &RELEASE& '17.1') &then &do
&set_string DVTEP 13
&set_string PORTADDR 8
&end
&
& Loop through the map file, extracting the process numbers for each
& sshd process. For each process dump the PORTES to get the device name and
& fport and faddr values. Save it all in the map1 file.
&set line 1
analyze_system
&while (contents (process_dir)>map &line&) ^= 'END'
&set proc (substr (contents (process_dir)>map &line&) 1 5)
process &proc&
..attach_default_output (process_dir)>map1 -append
match dvtep; dump_porte -number &DVTEP&
match ' fport ' -or ' faddr '; dump_porte -number &PORTADDR&
..detach_default_output
&
&
& filter out some extraneous lines in the map1 file, writting the good stuff
& to the map2 file.
&set line (calc &line& + 1)
&end
quit
display (process_dir)>map1 -min_lines 3 -match 'dvtep &+
' -output_path (process_dir)>map2 -no_header
attach_default_output (process_dir)>map2 -append
display_line END
detach_default_output
&
&
& A lot of miscellaneous stuff has been output to the screen so clear it
& note this will only work if the terminal has a clear screen generic output
& sequence defined.
display_line (byte 27)(byte 2)
&
& write a nice identifing header
&if &WRITE_TABLE&
&then &do
attach_default_output map_secured_connections_table -append
display_line map_secured_connections - (date) (time)
display_line
detach_default_output
&end
&else &do
display_line map_secured_connections - (date) (time)
display_line
&end
&
&
& loop through the map2 file which has sets of three lines, device name, port
& number and address. The device name is enclosed in parens which have to be
& translated to curly backets or the system thinks its a command function.
& Once the device name is extracted do a who_locked to figure out who has it
& locked. Write that info into the map3 file. The process name in that file is
& also enclosed in parens so we have to translate them too. Finally the IP
& address is in hex so it has to be translated into decimal.
&set line 1
&while (contents (process_dir)>map2 &line&) ^= 'END'
&set_string name (translate (contents (process_dir)>map2 &line&) '{}' '()')
&set line (calc &line& + 1)
&set_string port (contents (process_dir)>map2 &line&)
&set line (calc &line& + 1)
&set_string addr (contents (process_dir)>map2 &line&)
&set line (calc &line& + 1)
&set_string name (substr (string &name&) &+
(calc (index (string &name&) '{') + 1))
&set_string name (substr (string &name&) 1 &+
(calc (index (string &name&) '}') - 1))
attach_default_output (process_dir)>map3
who_locked #&name&
detach_default_output
&set_string user &+
(substr (translate (contents (process_dir)>map3 2) '{}' '()') 31)
&set_string user (substr (string &user&) 1 (index (string &user&) ' '))
&set_string port (substr (string &port&) &+
(calc (index (string &port&) 'fport') + 6))
&set_string addr (substr (string &addr&) &+
(calc (index (string &addr&) 'faddr') + 5))
&set_string ip1 (substr &addr& 1 2)
&set_string ip2 (substr &addr& 3 2)
&set_string ip3 (substr &addr& 5 2)
&set_string ip4 (substr &addr& 7 2)
&set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x)
&set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port&
&if &WRITE_TABLE& = 1
&then &do
attach_default_output map_secured_connections_table -append
display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
detach_default_output
&end
&else display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
&end
&
& map_secured_connections ends here
Usage:
------------------------------- map_connections ------------------------------ No arguments required. Press ENTER to continue. |
Example output:
map_connections map_telnetd_connections - 12-05-31 20:34:57 #tli_login.m17_19 164.152.77.128:63937 Noah_Davids.CAC #tli_login.m17_18 164.152.77.34:54366 Noah_Davids.CAC map_secured_connections - 12-05-31 20:34:57 #s$pt_log.m17_11 164.152.77.50:20922 Noah_Davids.CAC #s$pt_log.m17_13 164.152.77.50:20993 Noah_Davids.CAC ready 20:34:57 |
The macro:
& map_connections starts here
&
& map_connections.cm
& version 1.0 07-02-18
& version 1.1 10-11-26 added disclaimer
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& runs both map_telnetd_connections and map_secured_connections with the
& -write_table argument, waits for the processes to complete and then
& displays the created the tables
&
& This software is provided on an "AS IS" basis, WITHOUT ANY WARRANTY OR ANY
& SUPPORT OF ANY KIND. The AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES
& OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. This disclaimer
& applies, despite any verbal representations of any kind provided by the
& author or anyone else.
&
start_process 'map_telnetd_connections -write_table' -privileged &+
-wait -output_path (process_dir)>map_telnetd_connections.out
start_process 'map_secured_connections -write_table' -privileged &+
-wait -output_path (process_dir)>map_secured_connections.out
display map_telnetd_connections_table -no_header
display_line
display_line
display_line
display_line
display map_secured_connections_table -no_header
&
& map_connections ends here
Send comments and suggestions