Home   Package List   Routine Alphabetical List   Global Alphabetical List   FileMan Files List   FileMan Sub-Files List   Package Component Lists   Package-Namespace Mapping  
Routine: XUSFACHK

XUSFACHK.m

Go to the documentation of this file. 
XUSFACHK ;ISF/RWF - FAILED ACCESS ATTEMPTS LOG MONITOR ;10/15/2003  15:25

 ;;8.0;KERNEL;**265**;July 10, 1995

 Q

 ;Built on work by DAF.

FAILED ;FAILED ACCESS ATTEMPTS SCAN PROGRAM

 ;This subroutine will watch over file 3.05 and report if it 

 ;finds repeated signon attempts from the same IP address

 N DA,DIC,DIE,DIK,DR,%,%Y,ZCNT,WORK,XKT,TCI

 N XLST,LAST,TCNT,NUM,NOW,ZTIO,AODLM,AODBUL,IRMLM,IRMBUL

 K ^TMP($J)

 S NOW=$$NOW^XLFDT,^XTMP("XUSFACHK",0)=$$HTFM^XLFDT($H+3)

 ;Check last time this ran. reset last run time to now.

 S XLST=$$GET1^DIQ(8989.3,"1,",405.15,"I"),DA=1,DIE="^XTV(8989.3,",DR="405.15////"_NOW D ^DIE

 S XKT=$$GET1^DIQ(8989.3,"1,",405.17,"I") ;Get Keep Threshold

 S TCI=$$GET1^DIQ(8989.3,"1,",405.18,"I") ;Get Total Count Increase

 ;loop through failed attempts log. count any that happened since last run time.

 S NUM=XLST-.0000001 S:NUM<0 NUM=0

 F  S NUM=$O(^%ZUA(3.05,NUM)) Q:NUM'>0  D

 . S ZTIO=$P(^%ZUA(3.05,NUM,0),"^",7) Q:'$L(ZTIO)  S ZTIO=$P(ZTIO,$S(ZTIO["/":"/",1:":"),1)

 . S ^TMP($J,ZTIO)=$G(^TMP($J,ZTIO))+1

CHKIT ;check to see if number of attempts on any one port is over KEEP THRESHOLD, if so save it.

 S IRMLM=$$GET1^DIQ(8989.3,"1,",405.12,"I"),AODLM=$$GET1^DIQ(8989.3,"1,",405.13,"I"),WORK=$$NBH(NOW)

 S (AODBUL,IRMBUL,TCNT)=0

 S ZTIO=""  F  S ZTIO=$O(^TMP($J,ZTIO)) Q:'$L(ZTIO)  D

 . S TCNT=TCNT+^TMP($J,ZTIO)

 . D:^TMP($J,ZTIO)>XKT SET

 . I WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>IRMLM)!(TCNT>(IRMLM+TCI)) S IRMBUL=1

 . I 'WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>AODLM)!(TCNT>(AODLM+TCI)) S AODBUL=1

 . Q

 D CLEAN

 ;send bulletin to irm if during work hours.  if after hours send to irm and aod.

 I IRMBUL!(AODBUL) D BULL

EXIT Q

 ;clean up and leave.

CLEAN ;clean up ^XTMP("XUSFACHK" global, If no new failed attempts remove.

 N ZNUM,ZZNUM

 S ZNUM="" F  S ZNUM=$O(^XTMP("XUSFACHK",2,ZNUM)) Q:'$L(ZNUM)  D

 .I '$D(^TMP($J,ZNUM)) D

 ..K ^XTMP("XUSFACHK",2,ZNUM)

 Q

SET ;set ^XTMP("XUSFACHK" global.

 S ^XTMP("XUSFACHK",2,ZTIO)=$G(^XTMP("XUSFACHK",2,ZTIO))+^TMP($J,ZTIO)

 Q

BULL ;send bulletin to irm. if after hours, send to aod and have irm paged.

 N NUM,DTE,X,Y,XMY,XMSUB,XMTEXT,ZCNT,I,XMDUZ,XMZ

 S XMSUB="THERE HAVE BEEN A LARGE NUMBER OF FAILED ACCESS ATTEMPTS!!"

 S XMTEXT="^TMP(""XM"",$J,",XMDUZ=.5,ZCNT=0

 S Y=$$GET1^DIQ(8989.3,"1,",.02,"I") I $L(Y) S XMY(Y)=""

 I AODBUL S Y=$$GET1^DIQ(8989.3,"1,",.03,"I") I $L(Y) S XMY(Y)=""

 I '$D(XMY) S XMY(.5)=""

 S DTE=$$FMTE^XLFDT(XLST,"1P")

 D TXT("Since "_DTE_" there have been "_TCNT_" failed access attempts on VistA")

 S NUM=""  F  S NUM=$O(^TMP($J,NUM)) Q:NUM']""  I ^TMP($J,NUM)>XKT D

 . D TXT("Device "_NUM_" has had "_$G(^XTMP("XUSFACHK",2,NUM))_" attempts total so far.")

 . Q

 D TXT(" ")

 D TXT("Someone from IRM should check the Failed Access Attempts log.")

 I AODBUL D TXT("AOD PLEASE PAGE THE IRM ON-CALL PERSON")

 N DO,DIX,DIY

 D ^XMD

 Q

 ;

TXT(S) ;Add text to ^TMP("XM",$J

 S ZCNT=ZCNT+1,^TMP("XM",$J,ZCNT)=S

 Q

 ;

NBH(DATE) ;FIND OUT IF NOW IS DURING NORMAL BUSINESS HOURS.

 ;SEND DATE/TIME IN FILEMAN FORMAT

 N %,%Y

 S %Y=$$DOW^XLFDT(DATE,1)

 Q:%Y<1!(%Y>5) 0

 Q:$D(^HOLIDAY($P(DATE,".",1))) 0

 Q:$E($P(DATE,".",2)_"0000",1,4)>1630!($E($P(DATE,".",2)_"0000",1,4)<0800) 0

 Q 1