Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 08-24-2005, 12:12 PM
Birl's Avatar
Birl Birl is offline
Registered User
 
Join Date: Mar 2004
Location: Philadelphia
Posts: 20
Question Problem setting Trigger for VShell 2.2.3

I wrote a test PERL script to use in a failed authentication trigger. The script
works if I run the program directly via CMD, but not when I entered said script
into VShell.

In the failed authentication dialog box, I entered
"C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U
(with and without the quotes). Nada.

I checked NTFS permissions and the Event Viewer logs: found no errors.
Check the VShell logs and there's no mention of executing the script.

How can I correct this?

Thanks.
Reply With Quote
  #2  
Old 08-26-2005, 07:55 AM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hi Birl,
Quote:
Originally Posted by Birl
In the failed authentication dialog box, I entered
"C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U

...

How can I correct this?
Instead of calling the script directly, you need to call the perl executable and pass the script to it instead. For instance, with a batch file, we would call cmd and have it run the batch file:

Code:
"C:\WINNT\system32\cmd.exe /C script.bat %T%I %U"
Can you try this and let me know how this works for you?

Thanks,

-bocks
Reply With Quote
  #3  
Old 08-26-2005, 02:23 PM
Birl's Avatar
Birl Birl is offline
Registered User
 
Join Date: Mar 2004
Location: Philadelphia
Posts: 20
Thumbs down Still not working.

Quote:
Originally Posted by bocks
Hi Birl,Instead of calling the script directly, you need to call the perl executable and pass the script to it instead. For instance, with a batch file, we would call cmd and have it run the batch file:

Code:
"C:\WINNT\system32\cmd.exe /C script.bat %T%I %U"
Can you try this and let me know how this works for you?

Thanks,

-bocks
I tried your suggestion and
Code:
C:\PERL\bin\perl.exe "C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U
and
Code:
C:\Program Files\scripts\vshell_intrusion_detection.bat
without any luck.
__________________
S.A. Birl
Senior Systems Administrator - Computer Services - Temple University
Philadelphia, PA
Reply With Quote
  #4  
Old 08-26-2005, 05:38 PM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hi Birl,
Quote:
Originally Posted by Birl
I tried your suggestion and
Code:
C:\PERL\bin\perl.exe "C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U
Was this the exact code that you entered into the trigger field?

Using your example, try this example:
Code:
"C:\Program Files\scripts\vshell_intrusion_detection.pl %T %I %U"
Does this work better for you?

Thanks,

-bocks
Reply With Quote
  #5  
Old 08-30-2005, 09:12 AM
Birl's Avatar
Birl Birl is offline
Registered User
 
Join Date: Mar 2004
Location: Philadelphia
Posts: 20
Thumbs down Nope

Quote:
Originally Posted by bocks
Hi Birl,Was this the exact code that you entered into the trigger field?
Correct.

Quote:
Originally Posted by bocks
Using your example, try this example:
Code:
"C:\Program Files\scripts\vshell_intrusion_detection.pl %T %I %U"
Does this work better for you?

Thanks,

-bocks
No. Still nothing.
__________________
S.A. Birl
Senior Systems Administrator - Computer Services - Temple University
Philadelphia, PA
Reply With Quote
  #6  
Old 08-31-2005, 03:38 PM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hi Birl,
Quote:
Originally Posted by Birl
No. Still nothing.
Hi Birl, I think that we are going to have to do a little more investigating.

Before we go to far, I need to find out how many times you are attempting to authenticate when you test the trigger. Also, can you tell me if you have the "Limit failed attempts to" option enabled in the Authentication category. If so, can you tell me how many attemtps it is set to?

The reason that I am asking is that the failed authentication trigger will only fire once this limit is exceeded. If you have this value set to 5 (the default) and you are entering an invalid password one time, then the trigger will not fire. If you set this value to one, does the trigger fire?

I think the next step we need to take is to turn on the Debug log option in the VShell Control Panel, under the Logging category.

Once Debug logging is enabled, let's use this format for your Trigger:
Code:
C:\PERL\bin\perl.exe "C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U
By turning on the Debug logging option, we should see VShell attempting to run the trigger when it gets called.

We also need to see whether perl.exe is being called. To do this, open Task manager and watch for perl.exe to appear when the trigger is fired.

After these changs, can you attempt to log in using an invalid password until Vshell fails the connection?

Did you see the perl.exe executable appear on the Task manager window?

Does the VShell log file show an attempt to fire the trigger? You would probably see something like this in the log file:

Code:
23:01:12,sftp,00134: Trigger executed command: c:\windows\system32\wscript.exe "C:\Scripting\VBScripts\Example Scripts\VShell Trigger Scripts\VShellTriggerTest.vbs" 192.168.0.123 23:01:12 domain\user "C:\Files\Incoming\UploadedFile.txt"
Can you send me a copy of the log file with the Debug information so that we can see what is happening? The email should go to Support@vandyke.com with a subject of: Attn: Shannon re: Forums thread 974

Thanks,

-bocks
Reply With Quote
  #7  
Old 09-04-2005, 10:59 AM
Birl's Avatar
Birl Birl is offline
Registered User
 
Join Date: Mar 2004
Location: Philadelphia
Posts: 20
Quote:
Originally Posted by bocks
I need to find out how many times you are attempting to authenticate when you test the trigger. Also, can you tell me if you have the "Limit failed attempts to" option enabled in the Authentication category. If so, can you tell me how many attemtps it is set to?

The reason that I am asking is that the failed authentication trigger will only fire once this limit is exceeded. If you have this value set to 5 (the default) and you are entering an invalid password one time, then the trigger will not fire. If you set this value to one, does the trigger fire?

I think the next step we need to take is to turn on the Debug log option in the VShell Control Panel, under the Logging category.
Debug logging has been on ever since installation.

3 attempts are allowed, and I always try with 3 attempts. Even afterwards
the trigger does not fire, nor does anything appear in the logs.


Quote:
Originally Posted by bocks
Once Debug logging is enabled, let's use this format for your Trigger:
Code:
C:\PERL\bin\perl.exe "C:\Program Files\scripts\vshell_intrusion_detection.pl" %T %I %U
By turning on the Debug logging option, we should see VShell attempting to run the trigger when it gets called.

We also need to see whether perl.exe is being called. To do this, open Task manager and watch for perl.exe to appear when the trigger is fired.

After these changs, can you attempt to log in using an invalid password until Vshell fails the connection?

Did you see the perl.exe executable appear on the Task manager window?

Does the VShell log file show an attempt to fire the trigger? You would probably see something like this in the log file:

Code:
23:01:12,sftp,00134: Trigger executed command: c:\windows\system32\wscript.exe "C:\Scripting\VBScripts\Example Scripts\VShell Trigger Scripts\VShellTriggerTest.vbs" 192.168.0.123 23:01:12 domain\user "C:\Files\Incoming\UploadedFile.txt"
Can you send me a copy of the log file with the Debug information so that we can see what is happening? The email should go to Support@vandyke.com with a subject of: Attn: Shannon re: Forums thread 974

Thanks,

-bocks

I can send you all of the debug logs you need. Do you want the Registry keys
as well?
__________________
S.A. Birl
Senior Systems Administrator - Computer Services - Temple University
Philadelphia, PA
Reply With Quote
  #8  
Old 09-06-2005, 07:55 AM
bocks's Avatar
bocks bocks is offline
VanDyke Customer Support
 
Join Date: Jan 2004
Location: Albuquerque, NM
Posts: 184
Hello Birl,
Quote:
Originally Posted by Birl
I can send you all of the debug logs you need. Do you want the Registry keys
as well?
At this point, I think the log files will do. Once I have taken a look at them and see what VShell is doing, I should have a better idea of what information we will need to gather. I would rather hold off on having you export anything from the registry unless absolutely necessary.

Thanks,

-bocks
Reply With Quote
  #9  
Old 10-31-2005, 02:21 PM
Birl's Avatar
Birl Birl is offline
Registered User
 
Join Date: Mar 2004
Location: Philadelphia
Posts: 20
Red face

Shannon,

I know you must be busy. Was any progress made on this?

Thanks.
__________________
S.A. Birl
Senior Systems Administrator - Computer Services - Temple University
Philadelphia, PA

Last edited by Birl; 10-31-2005 at 02:44 PM.
Reply With Quote
  #10  
Old 11-01-2005, 07:22 AM
tnygren's Avatar
tnygren tnygren is offline
Registered User
 
Join Date: May 2005
Posts: 1,408
Hi Birl,

I apologize for the slow reply.

Shannon did receive your email and replied to it. However, it appears that the reply was lost.

I have pulled the log information that you sent in and am currently analyzing the log files.

I will send you an email reply today. Please post back here if you do not receive it.
__________________
Thanks,

Teresa

Teresa Nygren
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:28 PM.