HPE Community
Operating System - HP-UX
1752793 Members
5772 Online
108789 Solutions
New Discussion юеВ

need to check IP address before allowing login to app

 
SOLVED
Go to solution
LorI Szabo
Occasional Contributor

тАО10-14-2009 05:03 AM

тАО10-14-2009 05:03 AM

need to check IP address before allowing login to app

I have been searching for a way to do this. We want to stop simultaneous logins with identical UserIDs established from different computers will be blocked. Users will be allowed to have 6 sessions open on the same computer. If you have any script ideas let me know.
0 Kudos
Reply
3 REPLIES 3
SUDHAKAR_18
Trusted Contributor

тАО10-14-2009 05:10 AM

тАО10-14-2009 05:10 AM

Re: need to check IP address before allowing login to app

Hi,

1) Install & configure SSH.
Use /etc/hosts.allow & /etc/deny after installing SSH.

2) Use system in Trusted mode.

3) Configure bastille.

0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

тАО10-14-2009 05:18 AM

тАО10-14-2009 05:18 AM

Re: need to check IP address before allowing login to app

I am not sure is there any tool in native HP-UX to limit multi-user number ? But , I think it can be written a code to do:

Pseudo Code:
#!/bin/ksh

# How many user1 around

kim=`who |grep user1 |wc -l`

if (( $kim >= 6 ))
then
user1 reached limit!
else
permit user. .
fi

0 Kudos
Reply
OldSchool
Honored Contributor

тАО10-14-2009 08:56 AM

тАО10-14-2009 08:56 AM

Solution

Re: need to check IP address before allowing login to app

something along the lines of the following allow you to limit the maximum number of logins. it also allows you to limit the number of different locations they login from. its not been checked with background / nohup jobs running. you'd need to put something similar in either the system-wide profile or the users profile. if installed system-wide, you may want to wrap it in a test that excludes certain users (or at least root) from running the test.

#!/usr/bin/ksh

LoginLimit=3
OtherLocLimit=0

My_IP=$(who am i | awk '{print $NF}')
My_Name=$(whoami)
My_Login_Ct=$(who | grep $My_Name | wc -l)
My_Other_IP=$(who | grep $My_Name | grep -v $My_IP | awk '{print $NF}' | sort -u | wc -l )

if [ $My_Login_Ct -le $LoginLimit ]
then
echo Login count OK
else
echo Number of attempted logins exceeds limit \($LoginLimit\)
# exit here as appropriate
fi

if [ $My_Other_IP -gt $OtherLocLimit ]
then
echo Logged in at the following other locations:
who | grep $My_Name | grep -v $My_IP | awk '{print $NF}' | sort -u
# exit here as appropriate
else
echo You are logged in at $My_Other_IP locations. The limit is currently $OtherLocLimit
fi



Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.