× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: RE: who ran the ADDTCPHTE comman
  • From: "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
  • Date: Tue, 5 Jun 2001 13:32:10 -0500
  • Importance: Normal

Okay, you need to identify command use.  You have two options:

1. Restrict to one user
2. Log usage

Those are the only options I can see.  Since restriction is not viable,
logging is the only solution.  So, I would:

A. Restrict use to a special profile
B. Write my own wrapper command that adopts that profile
C. Make my wrapper command log any use to a secure file

This solves the problem, though at the expense of a wrapper.  At the same
time it allows you to possibly minimize the exposure by perhaps limiting the
actual operations allowed.  It could, for instance, do some validation on
the parameters to avoid certain catastrophic conditions.  The logging could
also notify someone who is in charge of auditing such changes.

There's a price to pay in terms of development time, but if this is a highly
sensitive systems area, you may want to pay the price.

Joe


> -----Original Message-----
> From: owner-midrange-l@midrange.com
> [mailto:owner-midrange-l@midrange.com]On Behalf Of D.BALE@handleman.com
> Sent: Tuesday, June 05, 2001 12:27 PM
> To: MIDRANGE-L@midrange.com
> Subject: RE: who ran the ADDTCPHTE comman
>
>
> Yes, you are correct, that *wasn't* what I meant. <g>
>
> It was intended to be a past tense question.  We have since identified the
> culprit and we have cut off the pinky on his left hand.  This was done in
> order to help him think twice before he attempts to run any ADD*
> commands in
> the future.
>
> We may need to consider the middle finger on his left hand as
> well to cover
> the DLT* & CHG* commands.  But we are hopeful that the first
> punishment was
> sufficient to preclude any future problems.
>
> Security?  Hmmmph.  We don't get many recurrences on security
> problems around
> here.
>
> <TFIC>
>
> Seriously though, Joe, you say to restrict it to a single user's profile.
> What do you do when you need to allow more than one person to use this
> command, and need to be able to determine who used it, as is absolutely
> necessary in this case?
>
> Dan Bale
> IT - AS/400
> Handleman Company
> 248-362-4400  Ext. 4952
> D.Bale@Handleman.com
>   Quiquid latine dictum sit altum viditur.
>   (Whatever is said in Latin seems profound.)
>
> -------------------------- Original Message --------------------------
> This probably isn't what you mean, but yes there is a way: restrict the
> command's use to a single user profile.
>
> Joe
>
>
> > -----Original Message-----
> > From: owner-midrange-l@midrange.com
> > [mailto:owner-midrange-l@midrange.com]On Behalf Of D.BALE@handleman.com
> > Sent: Tuesday, June 05, 2001 8:49 AM
> > To: MIDRANGE-L@midrange.com
> > Subject: who ran the ADDTCPHTE command?
> >
> >
> > Is there a way to determine the user profile used to
> create/modify/delete
> > TCP/IP interfaces, routes, host table entries, etc.
> >
> > Specifically, who ran the ADDTCPHTE command?
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
> MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator:
> david@midrange.com
> +---
>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.