Home   Package List   Routine Alphabetical List   Global Alphabetical List   FileMan Files List   FileMan Sub-Files List   Package Component Lists   Package-Namespace Mapping  
Routine: XUSFACHK

XUSFACHK.m

Go to the documentation of this file. 
  1. XUSFACHK ;ISF/RWF - FAILED ACCESS ATTEMPTS LOG MONITOR ;10/15/2003  15:25
  1.  ;;8.0;KERNEL;**265**;July 10, 1995
  1.  Q
  1.  ;Built on work by DAF.
  1. FAILED ;FAILED ACCESS ATTEMPTS SCAN PROGRAM
  1.  ;This subroutine will watch over file 3.05 and report if it 
  1.  ;finds repeated signon attempts from the same IP address
  1.  N DA,DIC,DIE,DIK,DR,%,%Y,ZCNT,WORK,XKT,TCI
  1.  N XLST,LAST,TCNT,NUM,NOW,ZTIO,AODLM,AODBUL,IRMLM,IRMBUL
  1.  K ^TMP($J)
  1.  S NOW=$$NOW^XLFDT,^XTMP("XUSFACHK",0)=$$HTFM^XLFDT($H+3)
  1.  ;Check last time this ran. reset last run time to now.
  1.  S XLST=$$GET1^DIQ(8989.3,"1,",405.15,"I"),DA=1,DIE="^XTV(8989.3,",DR="405.15////"_NOW D ^DIE
  1.  S XKT=$$GET1^DIQ(8989.3,"1,",405.17,"I") ;Get Keep Threshold
  1.  S TCI=$$GET1^DIQ(8989.3,"1,",405.18,"I") ;Get Total Count Increase
  1.  ;loop through failed attempts log. count any that happened since last run time.
  1.  S NUM=XLST-.0000001 S:NUM<0 NUM=0
  1.  F  S NUM=$O(^%ZUA(3.05,NUM)) Q:NUM'>0  D
  1.  . S ZTIO=$P(^%ZUA(3.05,NUM,0),"^",7) Q:'$L(ZTIO)  S ZTIO=$P(ZTIO,$S(ZTIO["/":"/",1:":"),1)
  1.  . S ^TMP($J,ZTIO)=$G(^TMP($J,ZTIO))+1
  1. CHKIT ;check to see if number of attempts on any one port is over KEEP THRESHOLD, if so save it.
  1.  S IRMLM=$$GET1^DIQ(8989.3,"1,",405.12,"I"),AODLM=$$GET1^DIQ(8989.3,"1,",405.13,"I"),WORK=$$NBH(NOW)
  1.  S (AODBUL,IRMBUL,TCNT)=0
  1.  S ZTIO=""  F  S ZTIO=$O(^TMP($J,ZTIO)) Q:'$L(ZTIO)  D
  1.  . S TCNT=TCNT+^TMP($J,ZTIO)
  1.  . D:^TMP($J,ZTIO)>XKT SET
  1.  . I WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>IRMLM)!(TCNT>(IRMLM+TCI)) S IRMBUL=1
  1.  . I 'WORK,($G(^XTMP("XUSFACHK",2,ZTIO))>AODLM)!(TCNT>(AODLM+TCI)) S AODBUL=1
  1.  . Q
  1.  D CLEAN
  1.  ;send bulletin to irm if during work hours.  if after hours send to irm and aod.
  1.  I IRMBUL!(AODBUL) D BULL
  1. EXIT Q
  1.  ;clean up and leave.
  1. CLEAN ;clean up ^XTMP("XUSFACHK" global, If no new failed attempts remove.
  1.  N ZNUM,ZZNUM
  1.  S ZNUM="" F  S ZNUM=$O(^XTMP("XUSFACHK",2,ZNUM)) Q:'$L(ZNUM)  D
  1.  .I '$D(^TMP($J,ZNUM)) D
  1.  ..K ^XTMP("XUSFACHK",2,ZNUM)
  1.  Q
  1. SET ;set ^XTMP("XUSFACHK" global.
  1.  S ^XTMP("XUSFACHK",2,ZTIO)=$G(^XTMP("XUSFACHK",2,ZTIO))+^TMP($J,ZTIO)
  1.  Q
  1. BULL ;send bulletin to irm. if after hours, send to aod and have irm paged.
  1.  N NUM,DTE,X,Y,XMY,XMSUB,XMTEXT,ZCNT,I,XMDUZ,XMZ
  1.  S XMSUB="THERE HAVE BEEN A LARGE NUMBER OF FAILED ACCESS ATTEMPTS!!"
  1.  S XMTEXT="^TMP(""XM"",$J,",XMDUZ=.5,ZCNT=0
  1.  S Y=$$GET1^DIQ(8989.3,"1,",.02,"I") I $L(Y) S XMY(Y)=""
  1.  I AODBUL S Y=$$GET1^DIQ(8989.3,"1,",.03,"I") I $L(Y) S XMY(Y)=""
  1.  I '$D(XMY) S XMY(.5)=""
  1.  S DTE=$$FMTE^XLFDT(XLST,"1P")
  1.  D TXT("Since "_DTE_" there have been "_TCNT_" failed access attempts on VistA")
  1.  S NUM=""  F  S NUM=$O(^TMP($J,NUM)) Q:NUM']""  I ^TMP($J,NUM)>XKT D
  1.  . D TXT("Device "_NUM_" has had "_$G(^XTMP("XUSFACHK",2,NUM))_" attempts total so far.")
  1.  . Q
  1.  D TXT(" ")
  1.  D TXT("Someone from IRM should check the Failed Access Attempts log.")
  1.  I AODBUL D TXT("AOD PLEASE PAGE THE IRM ON-CALL PERSON")
  1.  N DO,DIX,DIY
  1.  D ^XMD
  1.  Q
  1.  ;
  1. TXT(S) ;Add text to ^TMP("XM",$J
  1.  S ZCNT=ZCNT+1,^TMP("XM",$J,ZCNT)=S
  1.  Q
  1.  ;
  1. NBH(DATE) ;FIND OUT IF NOW IS DURING NORMAL BUSINESS HOURS.
  1.  ;SEND DATE/TIME IN FILEMAN FORMAT
  1.  N %,%Y
  1.  S %Y=$$DOW^XLFDT(DATE,1)
  1.  Q:%Y<1!(%Y>5) 0
  1.  Q:$D(^HOLIDAY($P(DATE,".",1))) 0
  1.  Q:$E($P(DATE,".",2)_"0000",1,4)>1630!($E($P(DATE,".",2)_"0000",1,4)<0800) 0
  1.  Q 1