Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Question: Automatic launching of a CLI menu upon login (OpenBSD)
Top Forums Shell Programming and Scripting Question: Automatic launching of a CLI menu upon login (OpenBSD) Post 302514141 by lcxpics on Friday 15th of April 2011 12:36:21 AM
Old 04-15-2011
Java Question: Automatic launching of a CLI menu upon login (OpenBSD)
Hi all,

I am OpenBSD newbie and currently need to manage some OpenBSD firewalls running pf. The OpenBSD version is 4.8

As the other sys admins are not so familiar with OpenBSD, so I have an idea across in my mind on how to minimize the root account usage and other unnecessary access and make the configuration/change of OpenBSD firewalls easier.

Let say if the IT Admin would like to manage the firewall from either console or ssh and they don't need to su in to do some config:

OpenBSD/i386

login: user1
password: password1

after they inputted the password and click enter, there will be another menu coming out on the screen instead of normal shell prompt ($)

>>>Welcome to the OpenBSD, please choose the option to configure:
1>Configure/Change IP address and subnet mask
2>View ifconfig
3>Configure/Change default route
4>Add/Remove static route
5>View routing table
6>Add/Change Name Server IP address
7>Add/Modify pf rule
8>Check pfstatus
9>Backup OpenBSD pf config
10>Quit

I really have no idea how to do that and the users are not allowed to access ($) or (#) at all to minimize human error(eg: accidentally delete config file etc) My intention is only giving them the necessary access to do the daily job.

Have you guys ever done the task like what I would like to do?
Can you give me the direction and hints on how to do that?

Regards,
Stefan
 

10 More Discussions You Might Find Interesting

1. BSD

openbsd : cannot login

hi OK. I don't know exactly what I did to system! The system is OpenBSD 3.5. It is 200MMX, 16MB ram 1.2 + 2.4 GB HDD. The system was running well. But a few days ago I try to unpack a big tar.gz file and the system uses most the cpu and ram for this. While the system unpacking the file I try to... (4 Replies)
Discussion started by: fnoyan
4 Replies

2. UNIX for Advanced & Expert Users

Automatic time out of user login

I have asked by our security team to implement an automatic time out for user logins after a specified time interval. I have never heard of this feature in Unix before. Does anyone know of a way to accomplish this for HP-UX 11i? (2 Replies)
Discussion started by: keelba
2 Replies

3. Shell Programming and Scripting

Automatic login script

Hi, I'm a beginner in unix.As a part of my script i need to remote logon using ssh. my script run as being asked for password and logons only after the user enters the password correctly. But my script stops executing after that as I login to a different server(different shell if i'm right).... (3 Replies)
Discussion started by: dayanand
3 Replies

4. UNIX for Advanced & Expert Users

Automatic login

Hello all, I need a script that can run an sftp session into a remote server, and retreive a file. Does anyone know how to pass in the user/password details in a script? I seem to have forgotten (5 Replies)
Discussion started by: Khoomfire
5 Replies

5. Solaris

Automatic login

Hi, Boss I have a question.... BackGround: i have a shell name xxxLineInput.x the useage is: xxxLineInput.x -Txxx -Uxxx -Pxxx when i use the command line..can run normal. Target: i want to set automatic login, the mean is when i login the as the specifical... (0 Replies)
Discussion started by: surainbow
0 Replies

6. UNIX for Dummies Questions & Answers

Automatic login

I need a script that will let me connect to my hpux server with just a click of the icon without type my username and password. (5 Replies)
Discussion started by: tree740
5 Replies

7. Slackware

Automatic login without X

I know how to set up KDM or GDM to do automatic login, but is there a way to do it without GDM or KDM or X at all so when I start the machine I am immediately taken to a waiting command prompt? Thanks (5 Replies)
Discussion started by: raidzero
5 Replies

8. UNIX for Dummies Questions & Answers

Automatic login at startup

Hi, how can I set my linux server that it logs in the main user at startup? I would like to be able to make a restart remotely and be able to connect to the server again afterwards. The problem is that the server waits for a login and than connects to the network. So at the beginning at... (5 Replies)
Discussion started by: borobudur
5 Replies

9. Solaris

Automatic Login to Desktop

On Solaris 11 is it possible to bypass the userid/password requirement to automatically login to the desktop ? I'm the sole user and it is really not necessary to secure the system. I have searched this forum and have not found a relevant post. (2 Replies)
Discussion started by: stansaraczewski
2 Replies

10. Web Development

Scheduling automatic Internet explorer login

Hi , I am using windows XP and IE8 I have my credentials stored for a website in internet explorer. I want to implement below scenario. I have entered both username/password for a website and left IE explorer open and locked my computer I want the computer to login in that website... (1 Reply)
Discussion started by: Jcpratap
1 Replies

LEARN ABOUT OPENSOLARIS

pfsync

PFSYNC(4)                                                  BSD Kernel Interfaces Manual                                                  PFSYNC(4)

NAME

     pfsync -- packet filter state table logging interface

SYNOPSIS

     device pfsync

DESCRIPTION

     The pfsync interface is a pseudo-device which exposes certain changes to the state table used by pf(4).  If configured with a physical syn-
     chronisation interface, pfsync will send state changes out on that interface using IP multicast, and insert state changes received on that
     interface from other systems into the state table.

     By default, all local changes to the state table are exposed via pfsync.  However, state changes from packets received by pfsync over the
     network are not rebroadcast.  States created by a rule marked with the no-sync keyword are omitted from the pfsync interface (see pf.conf(5)
     for details).

     The pfsync interface will attempt to collapse multiple updates of the same state into one message where possible.  The maximum number of
     times this can be done before the update is sent out is controlled by the maxupd parameter to ifconfig (see ifconfig(8) and the example below
     for more details).

     Each packet retrieved on this interface has a header associated with it of length PFSYNC_HDRLEN.  The header indicates the version of the
     protocol, address family, action taken on the following states, and the number of state table entries attached in this packet.  This struc-
     ture is defined in <net/if_pfsync.h> as:

           struct pfsync_header {
                   u_int8_t version;
                   u_int8_t af;
                   u_int8_t action;
                   u_int8_t count;
           };

NETWORK SYNCHRONISATION

     States can be synchronised between two or more firewalls using this interface, by specifying a synchronisation interface using ifconfig(8).
     For example, the following command sets fxp0 as the synchronisation interface:

           # ifconfig pfsync0 syncdev fxp0

     It is important that the underlying synchronisation interface is up and has an IP address assigned.

     By default, state change messages are sent out on the synchronisation interface using IP multicast packets.  The protocol is IP protocol 240,
     PFSYNC, and the multicast group used is 224.0.0.240.  When a peer address is specified using the syncpeer keyword, the peer address is used
     as a destination for the pfsync traffic, and the traffic can then be protected using ipsec(4).  In such a configuration, the syncdev should
     be set to the enc(4) interface, as this is where the traffic arrives when it is decapsulated, e.g.:

           # ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0

     It is important that the pfsync traffic be well secured as there is no authentication on the protocol and it would be trivial to spoof pack-
     ets which create states, bypassing the pf ruleset.  Either run the pfsync protocol on a trusted network - ideally  a network dedicated to
     pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with ipsec(4).

     For pfsync to start its operation automatically at the system boot time, pfsync_enable and pfsync_syncdev variables should be used in
     rc.conf(5).  It is not advisable to set up pfsync with common network interface configuration variables of rc.conf(5) because pfsync must
     start after its syncdev, which cannot be always ensured in the latter case.

EXAMPLES

     pfsync and carp(4) can be used together to provide automatic failover of a pair of firewalls configured in parallel.  One firewall handles
     all traffic - if it dies or is shut down, the second firewall takes over automatically.

     Both firewalls in this example have three sis(4) interfaces.  sis0 is the external interface, on the 10.0.0.0/24 subnet; sis1 is the internal
     interface, on the 192.168.0.0/24 subnet; and sis2 is the pfsync interface, using the 192.168.254.0/24 subnet.  A crossover cable connects the
     two firewalls via their sis2 interfaces.  On all three interfaces, firewall A uses the .254 address, while firewall B uses .253.  The inter-
     faces are configured as follows (firewall A unless otherwise indicated):

     Interfaces configuration in /etc/rc.conf:

           network_interfaces="lo0 sis0 sis1 sis2"
           cloned_interfaces="carp0 carp1"
           ifconfig_sis0="10.0.0.254/24"
           ifconfig_sis1="192.168.0.254/24"
           ifconfig_sis2="192.168.254.254/24"
           ifconfig_carp0="vhid 1 pass foo 10.0.0.1/24"
           ifconfig_carp1="vhid 2 pass bar 192.168.0.1/24"
           pfsync_enable="YES"
           pfsync_syncdev="sis2"

     pf(4) must also be configured to allow pfsync and carp(4) traffic through.  The following should be added to the top of /etc/pf.conf:

           pass quick on { sis2 } proto pfsync
           pass on { sis0 sis1 } proto carp

     If it is preferable that one firewall handle the traffic, the advskew on the backup firewall's carp(4) interfaces should be set to something
     higher than the primary's.  For example, if firewall B is the backup, its carp1 configuration would look like this:

           ifconfig_carp1="vhid 2 pass bar advskew 100 192.168.0.1/24"

     The following must also be added to /etc/sysctl.conf:

           net.inet.carp.preempt=1

BUGS

     Possibility to view state changes using tcpdump(1) has not been ported from OpenBSD yet.

SEE ALSO

     bpf(4), carp(4), ifconfig(8), inet(4), inet6(4), ipsec(4), netintro(4), pf(4), pf.conf(5), protocols(5), rc.conf(5) ifconfig(8), ifstated(8),
     tcpdump(8)

HISTORY

     The pfsync device first appeared in OpenBSD 3.3.  The pfsync device was imported to FreeBSD 5.3.

BSD                                                                June 6, 2006                                                                BSD
All times are GMT -4. The time now is 03:47 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy