CM 10.1 - remove login terminal type prompt 2

[wallot]

Morning folks

When logging into CM 10.1.3.1 via the CLI, the system is prompting for a terminal selection type. We need to remove that prompt because the security scanning software cannot defeat the prompt causing a login failure.

Seems like I knew the answer to this but haven't had the issue for so long I forgot what the answer may be.

Thanks!

 

[wallot]

Need to remove this prompt "Enter your terminal type (i.e., xterm, vt100, etc.) [vt100]=>

 

[AvayaTier3]

you are getting that from linux bash default system profile for logins. They all use this.
send a CR Carriage Return and the type defaults to vt100 and will then return a linux prompt



A great teacher does not provide answers, but methods to teach others "How and where to find the answers"

bsh

49 years Bell, AT&T, Lucent, Avaya
Tier 3 for 39 years and counting
[URL unfurl="true"]http://bshtele.com[/url]

 

[wallot]

Thanks, I know where it comes from but for the DoD, we have to disable or remove it so the scan tools can login. It's been a while since I worked this area and I know there's a way to remove it but have lost that knowledge

 

[AvayaTier3]

Only root could modify system files that control this.
The system file that controls this, if modified would need to set a terminal type.
It works this way to make access flexible for any terminal type.
To change this would break this flexibility for the system.

If this is a requirement for DOD and JITC a special login could be used for scan tools
that could possibly be modified for all JITC loads and all DOD systems.
Request may be considered by Avaya.

Have the scan tool modified to send a carriage return after the password.
login, password, carriage return or vt100 and carriage return.

login: dadmin
Password: xxxxxxxx
Enter your terminal type (i.e., xterm, vt100, etc.) [vt100]=>
dadmin@s8700a> echo $TERM
vt100
dadmin@s8700a> export TERM=4410
dadmin@s8700a> echo $TERM
4410
dadmin@s8700a>



A great teacher does not provide answers, but methods to teach others "How and where to find the answers"

bsh

49 years Bell, AT&T, Lucent, Avaya
Tier 3 for 39 years and counting
[URL unfurl="true"]http://bshtele.com[/url]

 

[wallot]

Thanks,

After all the years, they have not added that feature in the scan tools. We'll keep looking.

 

[jimbojimbo]

If it is a Military requirement, you should be able to find it in the MUDG documentation.

 

[AvayaTier3]

It may be possible to modify for a login used by scan software if the login
is not used for anything else.

A great teacher does not provide answers, but methods to teach others "How and where to find the answers"

bsh

49 years Bell, AT&T, Lucent, Avaya
Tier 3 for 39 years and counting
[URL unfurl="true"]http://bshtele.com[/url]

 

[dialtonebone]

The scan tool would normally be programmed to deal with this -- working it the other direction is a bit odd and makes me wonder if the tool is any good. Modifying the files needed would be very difficult and put the system in a ambiguous state of support if it's not something documented already by a MUDG or other supporting doc.

 

[wallot]

The solution is to add a RHEL user rather than a CM user with useradd. Thanks!

 

[wallot]

Setup Configuration for SCC SCAP Scans in Avaya Communication Manager

- Create RHEL user (not CM) like scap or scan - useradd <user name>
- set password for new user = passwd <user name>
- in CM CLI, su - root - enter root password
- vi /etc/ecs.conf
* Without the next 2 lines, the sshd_config may revert "PasswordAuthentication yes" back to "no" before a scan is completed
- do "/CustomSSHFiles" and enter
- edit CustomSSHFiles to enabled and save - esc :wq
- vi /etc/ssh/sshd_config
- go down about 14 lines and set "PasswordAuthentication yes" - save edit - esc :wq.
- restart sshd service = /bin/systemctl restart sshd.service

Add a host to the SCC SCAP compliance Checker as you normally would.

 

[dialtonebone]

@wallot - thank you for sharing your solution.