HP OpenVMS Systems Documentation
Content starts here

HP OpenVMS DCL Dictionary

Previous Contents Index

DELETE/INTRUSION_RECORD

Removes an entry from the break-in database.

Requires CMKRNL (change mode to kernel) and SECURITY privileges.

Format

DELETE/INTRUSION_RECORD source

Parameter

source

Specifies the name of the device or the remote system where the user is attempting to log in. The source name can be presented in the syntax of another operating system domain, for example, one that is case sensitive or conflicts with DCL syntax rules. In such cases, you must enclose the source parameter in quotation marks.

Description

Use the DELETE/INTRUSION_RECORD command to remove an entry from the break-in database. For example, if the user Hammer repeatedly attempted to log in to terminal TTA24 with an expired password, the SHOW INTRUSION command would display the following entry: 


Intrusion  Type      Count    Expiration   Source

TERM_USER   INTRUDER    9      10:29:39.16   TTA24:HAMMER

The terminal is locked out of the system because the login failure limit has been reached. When Hammer approaches you and you identify the problem as an expired password, you can then use the DELETE/INTRUSION command to remove the record from the break-in database.

Qualifiers

/NODE=(node-name[,...])

Deletes the node information relating to the specified nodes. If the specified nodes are the only nodes in the node information list, the intrusion record is also deleted.

Examples

#1 

$ DELETE/INTRUSION_RECORD TTC2:

In this example, the DELETE/INTRUSION_RECORD command removes all intrusion records generated by break-in attempts on TTC2. No user name is specified because none of the login failures occurred for valid users.

#2 

$ DELETE/INTRUSION_RECORD "AV34C2/LC-2-10":FORGETFUL

In this example, the source of the break-in is a local terminal that is connected to a terminal server. To delete the record from the break-in database, you must enclose the terminal port name within quotation marks so that the operating system interprets the slash as a foreign character and not as a qualifier.

#3 

$ DELETE/INTRUSION_RECORD NODE1::HAMMER

This command removes all intrusion entries generated from node NODE1 for user HAMMER.

#4 

$ DELETE/INTRUSION_RECORD/NODE=(CAPPY,INDI)
$ SHOW INTRUSION
NETWORK      SUSPECT       2  26-JUL-2001 08:51:25.66  BARNEY::HAMMER
    Node: TSAVO      Count:   2

This command removes intrusion entries for the nodes CAPPY and INDI.

#5 

$ DELETE/INTRUSION_RECORD/NODE=FOOBAR
$ SHOW INTRUSION
NETWORK      SUSPECT       2  26-JUL-2001 08:51:25.66  BARNEY::HAMMER
    Node: TSAVO      Count:   2

This command removes intrusion entries for the node FOOBAR.

#6 

$ DELETE/INTRUSION_RECORD/NODE=TSAVO
$ SHOW INTRUSION
%SHOW-F-NOINTRUDERS, no intrusion records match specification

This command attempts to remove intrusion entries for node TSAVO, however there were no intrusion records for this node.

Previous Next Contents Index