source: FOIAVistA/trunk/r/KERNEL-XU-A4A7-USC-XG-XLF-XNOA-XPD-XQ-XVIR-ZI-ZOSF-ZOSV-ZT-ZU-%Z-XIP--XQAB--XUC--XUR--ZIN--ZTED/XUSFACHK.m@ 1154

Last change on this file since 1154 was 628, checked in by George Lilly, 15 years ago

initial load of FOIAVistA 6/30/08 version

File size: 3.1 KB
Line 
1XUSFACHK ;ISF/RWF - FAILED ACCESS ATTEMPTS LOG MONITOR ;10/15/2003 15:25
2 ;;8.0;KERNEL;**265**;July 10, 1995
3 Q
4 ;Built on work by DAF.
5FAILED ;FAILED ACCESS ATTEMPTS SCAN PROGRAM
6 ;This subroutine will watch over file 3.05 and report if it
7 ;finds repeated signon attempts from the same IP address
8 N DA,DIC,DIE,DIK,DR,%,%Y,ZCNT,WORK,XKT,TCI
9 N XLST,LAST,TCNT,NUM,NOW,ZTIO,AODLM,AODBUL,IRMLM,IRMBUL
10 K ^TMP($J)
11 S NOW=$$NOW^XLFDT,^XTMP("XUSFACHK",0)=$$HTFM^XLFDT($H+3)
12 ;Check last time this ran. reset last run time to now.
13 S XLST=$$GET1^DIQ(8989.3,"1,",405.15,"I"),DA=1,DIE="^XTV(8989.3,",DR="405.15////"_NOW D ^DIE
14 S XKT=$$GET1^DIQ(8989.3,"1,",405.17,"I") ;Get Keep Threshold
15 S TCI=$$GET1^DIQ(8989.3,"1,",405.18,"I") ;Get Total Count Increase
16 ;loop through failed attempts log. count any that happened since last run time.
17 S NUM=XLST-.0000001 S:NUM<0 NUM=0
18 F S NUM=$O(^%ZUA(3.05,NUM)) Q:NUM'>0 D
19 . S ZTIO=$P(^%ZUA(3.05,NUM,0),"^",7) Q:'$L(ZTIO) S ZTIO=$P(ZTIO,$S(ZTIO["/":"/",1:":"),1)
20 . S ^TMP($J,ZTIO)=$G(^TMP($J,ZTIO))+1
21CHKIT ;check to see if number of attempts on any one port is over KEEP THRESHOLD, if so save it.
22 S IRMLM=$$GET1^DIQ(8989.3,"1,",405.12,"I"),AODLM=$$GET1^DIQ(8989.3,"1,",405.13,"I"),WORK=$$NBH(NOW)
23 S (AODBUL,IRMBUL,TCNT)=0
24 S ZTIO="" F S ZTIO=$O(^TMP($J,ZTIO)) Q:'$L(ZTIO) D
25 . S TCNT=TCNT+^TMP($J,ZTIO)
26 . D:^TMP($J,ZTIO)>XKT SET
27 . I WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>IRMLM)!(TCNT>(IRMLM+TCI)) S IRMBUL=1
28 . I 'WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>AODLM)!(TCNT>(AODLM+TCI)) S AODBUL=1
29 . Q
30 D CLEAN
31 ;send bulletin to irm if during work hours. if after hours send to irm and aod.
32 I IRMBUL!(AODBUL) D BULL
33EXIT Q
34 ;clean up and leave.
35CLEAN ;clean up ^XTMP("XUSFACHK" global, If no new failed attempts remove.
36 N ZNUM,ZZNUM
37 S ZNUM="" F S ZNUM=$O(^XTMP("XUSFACHK",2,ZNUM)) Q:'$L(ZNUM) D
38 .I '$D(^TMP($J,ZNUM)) D
39 ..K ^XTMP("XUSFACHK",2,ZNUM)
40 Q
41SET ;set ^XTMP("XUSFACHK" global.
42 S ^XTMP("XUSFACHK",2,ZTIO)=$G(^XTMP("XUSFACHK",2,ZTIO))+^TMP($J,ZTIO)
43 Q
44BULL ;send bulletin to irm. if after hours, send to aod and have irm paged.
45 N NUM,DTE,X,Y,XMY,XMSUB,XMTEXT,ZCNT,I,XMDUZ,XMZ
46 S XMSUB="THERE HAVE BEEN A LARGE NUMBER OF FAILED ACCESS ATTEMPTS!!"
47 S XMTEXT="^TMP(""XM"",$J,",XMDUZ=.5,ZCNT=0
48 S Y=$$GET1^DIQ(8989.3,"1,",.02,"I") I $L(Y) S XMY(Y)=""
49 I AODBUL S Y=$$GET1^DIQ(8989.3,"1,",.03,"I") I $L(Y) S XMY(Y)=""
50 I '$D(XMY) S XMY(.5)=""
51 S DTE=$$FMTE^XLFDT(XLST,"1P")
52 D TXT("Since "_DTE_" there have been "_TCNT_" failed access attempts on VistA")
53 S NUM="" F S NUM=$O(^TMP($J,NUM)) Q:NUM']"" I ^TMP($J,NUM)>XKT D
54 . D TXT("Device "_NUM_" has had "_$G(^XTMP("XUSFACHK",2,NUM))_" attempts total so far.")
55 . Q
56 D TXT(" ")
57 D TXT("Someone from IRM should check the Failed Access Attempts log.")
58 I AODBUL D TXT("AOD PLEASE PAGE THE IRM ON-CALL PERSON")
59 N DO,DIX,DIY
60 D ^XMD
61 Q
62 ;
63TXT(S) ;Add text to ^TMP("XM",$J
64 S ZCNT=ZCNT+1,^TMP("XM",$J,ZCNT)=S
65 Q
66 ;
67NBH(DATE) ;FIND OUT IF NOW IS DURING NORMAL BUSINESS HOURS.
68 ;SEND DATE/TIME IN FILEMAN FORMAT
69 N %,%Y
70 S %Y=$$DOW^XLFDT(DATE,1)
71 Q:%Y<1!(%Y>5) 0
72 Q:$D(^HOLIDAY($P(DATE,".",1))) 0
73 Q:$E($P(DATE,".",2)_"0000",1,4)>1630!($E($P(DATE,".",2)_"0000",1,4)<0800) 0
74 Q 1
Note: See TracBrowser for help on using the repository browser.