HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

need to check IP address before allowing login to app

 
SOLVED
Go to solution
LorI Szabo
Occasional Contributor

need to check IP address before allowing login to app

I have been searching for a way to do this. We want to stop simultaneous logins with identical UserIDs established from different computers will be blocked. Users will be allowed to have 6 sessions open on the same computer. If you have any script ideas let me know.
3 REPLIES
SUDHAKAR_18
Trusted Contributor

Re: need to check IP address before allowing login to app

Hi,

1) Install & configure SSH.
Use /etc/hosts.allow & /etc/deny after installing SSH.

2) Use system in Trusted mode.

3) Configure bastille.

Hakki Aydin Ucar
Honored Contributor

Re: need to check IP address before allowing login to app

I am not sure is there any tool in native HP-UX to limit multi-user number ? But , I think it can be written a code to do:

Pseudo Code:
#!/bin/ksh

# How many user1 around

kim=`who |grep user1 |wc -l`

if (( $kim >= 6 ))
then
user1 reached limit!
else
permit user. .
fi

OldSchool
Honored Contributor
Solution

Re: need to check IP address before allowing login to app

something along the lines of the following allow you to limit the maximum number of logins. it also allows you to limit the number of different locations they login from. its not been checked with background / nohup jobs running. you'd need to put something similar in either the system-wide profile or the users profile. if installed system-wide, you may want to wrap it in a test that excludes certain users (or at least root) from running the test.

#!/usr/bin/ksh

LoginLimit=3
OtherLocLimit=0

My_IP=$(who am i | awk '{print $NF}')
My_Name=$(whoami)
My_Login_Ct=$(who | grep $My_Name | wc -l)
My_Other_IP=$(who | grep $My_Name | grep -v $My_IP | awk '{print $NF}' | sort -u | wc -l )

if [ $My_Login_Ct -le $LoginLimit ]
then
echo Login count OK
else
echo Number of attempted logins exceeds limit \($LoginLimit\)
# exit here as appropriate
fi

if [ $My_Other_IP -gt $OtherLocLimit ]
then
echo Logged in at the following other locations:
who | grep $My_Name | grep -v $My_IP | awk '{print $NF}' | sort -u
# exit here as appropriate
else
echo You are logged in at $My_Other_IP locations. The limit is currently $OtherLocLimit
fi