Command macros to map telnetd and sshd connections
Usage:
map_telnetd_connections.cm
--------------------------- map_telnetd_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_telnetd_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before it completes it is possible that output is still attached to the file. You will have to call detach_default_output to get output redirected back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This can include error messages reporting that files could not be deleted and analyze_system prompts. The screen will be cleared before the connection map table is written. If -write_table is set to yes the screen is still cleared but the table is written to the file. In the following example I have included the kinds of messages that you may see. Note that there will be multiple as: prompts, the exact number will depend on how many window_term devices there are and how many of those devices are being used.
map_telnetd_connections.cm
delete_file: Object not found. %phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map
delete_file: Object not found.
%phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map2
delete_file: Object not found.
%phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map3
delete_file: Object not found.
%phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map4
delete_file: Object not found.
%phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map5
delete_file: Object not found.
%phx_vos#m14_mas>process_dir_dir>pd.550E87F7>map6
VOS Release 14.7.2ag+d_e, analyze_system Pre-release
Current process is 2037, ptep C34E0000, Noah_Davids.CAC
+)
as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as:
+as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as:
+ as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as:
+ as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as
+: as: as: as: as: as: as: as: as: as: as: as: as: as: as: as: a
+s: as: as:
map_telnetd_connections - 07-02-18 20:04:19
#tli_log.m15_24 164.152.77.50:2197 Noah_Davids.CAC
#tli_log.m15_23 164.152.77.50:2196 Noah_Davids.CAC
|
The macro:
& map_telnetd_connections begins here
&
& map_telnetd_connections.cm
& version 1.0 06-05-11
& version 1.1 06-07-06
& version 1.2 07-02-17 added write_table argument and no longer changes
& working directory
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& loops through ALL the window_term devices and for each one dumps the ACB
& for the device and extracts the remotely connected port (fport) and
& IP address (faddr), if any. For those devices that do have an fport and
& faddr, it determines the name of the user who has the device locked and
& displays a table with the form:
& #device_name IP_address:port User_Name.Group_Name
&
&
& Uasge
& map_telnetd_connections -no_write_table
&
& -write_table if set to no (default) output is directed to the
& terminal window. If set to yes output is written to
& the file map_telnetd_connections_table in the current
& directory.
&
& NOTE NOTE NOTE
& This only works for telnetd. Connections made with telnet_msd, os_telnet
& or sshd will not be mapped.
&
& This macro makes use of the attach_default_output command. Terminating
& this macro before it completes may leave your output redirected to a
& file.
&
& This macro must be run in a privileged process
&
&begin_parameters
WRITE_TABLE switch(-write_table),=0
&end_parameters
&
&echo no_input_lines no_command_lines no_macro_lines
&if (process_type) ^= interactive
&then set_ready -format off
&
&attach_input
&
&
& delete all the temporary files just in case there are any left overs
delete_file (process_dir)>map
delete_file (process_dir)>map2
delete_file (process_dir)>map3
delete_file (process_dir)>map4
delete_file (process_dir)>map5
delete_file (process_dir)>map6
&if &WRITE_TABLE&
&then delete_file map_telnetd_connections_table
&
&
& save a list of all window_term devices in the file named map. Put a
& key string "END" at the end of the file so we know when to stop looping
attach_default_output (process_dir)>map
list_devices -type window_term
display_line END
detach_default_output
&
&
& record where the pound sign is in the device names
&set POUND (index (contents (process_dir)>map 1) #)
&
&
& loop through the map file, strip off the system name, leaving only the
& device name, put that in the file named map2.
&set line 1
attach_default_output (process_dir)>map2
&while (contents (process_dir)>map &line&) ^= 'END'
display_line (substr (contents (process_dir)>map &line&) &POUND&)
&set line (calc &line& + 1)
&end
display_line END
detach_default_output
&
&
& loop through the map2 file for each device listed dump the ACB matching on
& the foreign port and address numbers. Put the output in the map3 file.
& Then read in the two lines generated as well as the device again and write
& out all three pieces as one line to the map4 file.
&set line 1
analyze_system
&while (contents (process_dir)>map2 &line&) ^= 'END'
..attach_default_output (process_dir)>map3
match faddr -or fport; dump_acb (contents (process_dir)>map2 &line&)
..detach_default_output
..attach_default_output (process_dir)>map4 -append
..display_line (contents (process_dir)>map2 &line&) &+
(contents (process_dir)>map3 1) (contents (process_dir)>map3 2)
..detach_default_output
&set line (calc &line& + 1)
&end
quit
&
&
& Use display -match to filter the lines in the map4 file for only lines
& containing fport and output the results to map5. This removes any device
& that doesn't have an associated port and IP address.
display (process_dir)>map4 -match fport -output_path (process_dir)>map5 &+
-no_header
attach_default_output (process_dir)>map5 -append
display_line END
detach_default_output
&
&
& A lot of miscellaneous stuff has been output to the screen so clear it
& note this will only work if the terminal has a clear screen generic output
& sequence defined.
display_line (byte 27)(byte 2)
&
& write a nice identifing header
&if &WRITE_TABLE&
&then &do
attach_default_output map_telnetd_connections_table -append
display_line map_telnetd_connections - (date) (time)
display_line
detach_default_output
&end
&else &do
display_line map_telnetd_connections - (date) (time)
display_line
&end
& loop through the map5 file. Copy the line 3 times so we can parse out the
& device name, port and IP address. Once we extract the device name do a
& who_locked, sending the output to map6 and then extract out the user name.
& The "who_locked" line contains the process name in parens. This screws
& up the command lines so translate the parens into curly braces. The IP
& address is in hex so it has to be converted to decimal before being output.
&set POUND (index (contents (process_dir)>map5 1) #)
&set line 1
&while (contents (process_dir)>map5 &line&) ^= 'END'
&set_string name (contents (process_dir)>map5 &line&)
&set_string port (string &name&)
&set_string addr (string &name&)
&set_string name (substr (string &name&) &POUND&)
&set_string name (substr (string &name&) 1 (index (string &name&) ' '))
attach_default_output (process_dir)>map6
who_locked #&name&
detach_default_output
&set_string user &+
(substr (translate (contents (process_dir)>map6 2) '{}' '()') 31)
&set_string user (substr (string &user&) 1 (index (string &user&) ' '))
&set fportp5 (calc (index (string &port&) 'fport') + 5)
&set_string port (substr (string &port&) &fportp5&)
&set_string port (substr (string &port&) 1 (index (string &port&) ' '))
&set faddrp5 (calc (index (string &addr&) 'faddr') + 5)
&set_string addr (substr (string &addr&) &faddrp5&)
&set_string addr (substr (string &addr&) 1)
&set_string ip1 (substr &addr& 1 2)
&set_string ip2 (substr &addr& 3 2)
&set_string ip3 (substr &addr& 5 2)
&set_string ip4 (substr &addr& 7 2)
&set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x)
&set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port&
&if &WRITE_TABLE&
&then &do
attach_default_output map_telnetd_connections_table -append
display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
detach_default_output
&end
&else display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
&set line (calc &line& + 1)
&end
&
& map_telnetd_connections ends here
Usage:
map_secured_connections.cm
--------------------------- map_secured_connections -------------------------- -write_table: no |
If write_table is set to no (the default) the table is displayed directly to the terminal window. If set to yes the output is written to the map_secured_connections_table file.
Warnings:
The macro calles analyze_system so must be run by a privileged process.
The macro calls attach_default_output. If the macro is terminated before it completes it is possible that output is still attached to the file. You will have to call detach_default_output to get output redirected back to the terminal window.
Example output:
A certain amount of miscellaneous output is written to the screen. This can include error messages reporting that files could not be deleted and analyze_system prompts. The screen will be cleared before the connection map table is written. If -write_table is set to yes the screen is still cleared but the table is written to the file. In the following example I have included the kinds of messages that you may see. Note that there will be multiple as: prompts, the exact number will depend on how many sshd connections there are.
map_secured_connections
delete_file: Object not found. %phx_vos#m15_mas>process_dir_dir>pd.550F04BA>map
delete_file: Object not found.
%phx_vos#m15_mas>process_dir_dir>pd.550F04BA>map1
delete_file: Object not found.
%phx_vos#m15_mas>process_dir_dir>pd.550F04BA>map2
delete_file: Object not found.
%phx_vos#m15_mas>process_dir_dir>pd.550F04BA>map3
VOS Release 15.2.0af, analyze_system Pre-release
Current process is 1210, ptep 86B5C540, Noah_Davids.CAC
as: process: Wrong number of arguments. R
as: as: process: Invalid decimal number. Curre
as: as: Using nonrunning process.
Current process is 76, ptep 869CB340, root.root (sshd)
as: as_format_porte: PORTE pointer is null.
as_format_porte: PORTE pointer is null.
as: Using nonrunning process.
Current process is 1207, ptep 86E03000, root.root (sshd)
as: as: Using nonrunning process.
Current process is 1209, ptep 86B5C080, root.root (sshd)
as: as:
map_secured_connections - 07-02-18 19:51:37
#s$pt_log.m15_8 164.152.77.50:2203 Noah_Davids.CAC
#s$pt_log.m15_9 164.152.77.50:2204 Noah_Davids.CAC
ready 19:51:37
|
The macro:
& map_secured_connections starts here
&
& map_secured_connections.cm
& version 1.0 06-05-11
& version 1.1 07-02-14 added an argument to format and write a table to a
& file so that log_my_sshd_login can use it.
& version 1.2 07-02-19 modified so it doesn't change the working directory
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& loops through ALL the sshd processes and for each one dumps portes
& 9 and 10. Porte 9 is connected to the STCP device, porte 10 is connected
& to the pipe that connects to the user_login device. From porte 9 the
& remotely connected port (fport) and IP address (faddr) can be extracted.
& From porte 10 the name of the login device can be extracted, Once the
& device name is known we can figure out who is using it. All the
& information is displayed in a table with the form:
& #device_name IP_address:port User_Name.Group_Name
&
&
& map_secured_connectoins -no_write_table
&
& -write_table if set to no (default) output is directed to the
& terminal window. If set to yes output is written to
& the file map_secured_connections_table in the current
& directory.
& NOTE NOTE NOTE
& This only works for sshd. Connections made with telnet_msd, os_telnet
& or telnetd will not be mapped.
&
& This macro makes use of the attach_default_output command. Terminating
& this macro before it completes may leave your output redirected to a
& file.
&
&begin_parameters
WRITE_TABLE switch(-write_table),=0
&end_parameters
&
&echo no_input_lines no_command_lines no_macro_lines
&if (process_type) ^= interactive
&then set_ready -format off
&
&attach_input
&
& delete all the temporary files.
delete_file (process_dir)>map
delete_file (process_dir)>map1
delete_file (process_dir)>map2
delete_file (process_dir)>map3
&if &WRITE_TABLE&
&then delete_file map_secured_connections_table
&
&
& Get a list of all the sshd processes. Put a key string "END" at the end
& of the file so we know when to stop looping
attach_default_output (process_dir)>map
analyze_system -request_line 'match sshd; who' -quit
display_line END
detach_default_output
&
&
& Loop through the map file, extracting the process numbers for each
& sshd process. For each process dump the dvtep from porte 10 and the
& fport and faddr from porte 9. Save it all in the map1 file.
&set line 1
analyze_system
&while (contents (process_dir)>map &line&) ^= 'END'
&set proc (substr (contents (process_dir)>map &line&) 1 5)
process &proc&
..attach_default_output (process_dir)>map1 -append
match dvtep; dump_porte -number 10
match fport -or faddr; dump_porte -number 9
..detach_default_output
&
&
& filter out some extraneous lines in the map1 file, writting the good stuff
& to the map2 file.
&set line (calc &line& + 1)
&end
quit
display (process_dir)>map1 -min_lines 3 -match 'dvtep &+
' -output_path (process_dir)>map2 -no_header
attach_default_output (process_dir)>map2 -append
display_line END
detach_default_output
&
&
& A lot of miscellaneous stuff has been output to the screen so clear it
& note this will only work if the terminal has a clear screen generic output
& sequence defined.
display_line (byte 27)(byte 2)
&
& write a nice identifing header
&if &WRITE_TABLE&
&then &do
attach_default_output map_secured_connections_table -append
display_line map_secured_connections - (date) (time)
display_line
detach_default_output
&end
&else &do
display_line map_secured_connections - (date) (time)
display_line
&end
&
&
& loop through the map2 file which has sets of three lines, device name, port
& number and address. The device name is enclosed in parens which have to be
& translated to curly backets or the system thinks its a command function.
& Once the device name is extracted do a who_locked to figure out who has it
& locked. Write that info into the map3 file. The process name in that file is
& also enclosed in parens so we have to translate them too. Finally the IP
& address is in hex so it has to be translated into decimal.
&set line 1
&while (contents (process_dir)>map2 &line&) ^= 'END'
&set_string name (translate (contents (process_dir)>map2 &line&) '{}' '()')
&set line (calc &line& + 1)
&set_string port (contents (process_dir)>map2 &line&)
&set line (calc &line& + 1)
&set_string addr (contents (process_dir)>map2 &line&)
&set line (calc &line& + 1)
&set_string name (substr (string &name&) &+
(calc (index (string &name&) '{') + 1))
&set_string name (substr (string &name&) 1 &+
(calc (index (string &name&) '}') - 1))
attach_default_output (process_dir)>map3
who_locked #&name&
detach_default_output
&set_string user &+
(substr (translate (contents (process_dir)>map3 2) '{}' '()') 31)
&set_string user (substr (string &user&) 1 (index (string &user&) ' '))
&set_string port (substr (string &port&) &+
(calc (index (string &port&) 'fport') + 6))
&set_string addr (substr (string &addr&) &+
(calc (index (string &addr&) 'faddr') + 5))
&set_string ip1 (substr &addr& 1 2)
&set_string ip2 (substr &addr& 3 2)
&set_string ip3 (substr &addr& 5 2)
&set_string ip4 (substr &addr& 7 2)
&set_string addr1 (calc 0&ip1&x).(calc 0&ip2&x)
&set_string addr2 (calc 0&ip3&x).(calc 0&ip4&x):&port&
&if &WRITE_TABLE& = 1
&then &do
attach_default_output map_secured_connections_table -append
display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
detach_default_output
&end
&else display_line #&name& ' ' &addr1&.&addr2& ' ' &user&
&end
&
& map_secured_connections ends here
Usage:
------------------------------- map_connections ------------------------------ No arguments required. Press ENTER to continue. |
Example output:
map_connections map_telnetd_connections - 07-02-18 20:16:51 #tli_log.m15_24 164.152.77.50:2197 Noah_Davids.CAC #tli_log.m15_23 164.152.77.50:2196 Noah_Davids.CAC map_secured_connections - 07-02-18 20:16:53 #s$pt_log.m15_8 164.152.77.50:2203 Noah_Davids.CAC #s$pt_log.m15_9 164.152.77.50:2204 Noah_Davids.CAC ready 20:16:53 |
The macro:
& map_connections starts here
&
& map_connections.cm
& version 1.0 07-02-18
& Noah Davids Stratus CAC noah.davids@stratus.com
&
& runs both map_telnetd_connections and map_secured_connections with the
& -write_table argument, waits for the processes to complete and then
& displays the created the tables
&
start_process 'map_telnetd_connections -write_table' -privileged &+
-wait -output_path (process_dir)>map_telnetd_connections.out
start_process 'map_secured_connections -write_table' -privileged &+
-wait -output_path (process_dir)>map_secured_connections.out
display map_telnetd_connections_table -no_header
display_line
display_line
display_line
display_line
display map_secured_connections_table -no_header
&
& map_connections ends here
Send comments and suggestions