Login Warning

Coleman, Kelley (HAC) Kelley.Coleman at va.gov
Sat Jan 28 03:19:57 UTC 2006 

The banner option mentioned below has seemed to satisfy.  I haven't had
time, yet, to test the /issue option. Hope to get that done this
weekend. Hopefully, that will show the warning message on the console
login page.  Although no one ever gets in that room but the people who
already have the password anyway.  Can't get that to fly, though.

Have any of you tried to run the cis-scan tool yet?  That's what the
security guy is having me run.  I think we got it off the NIST website.
If there's interest, I'll find the link and post it here.

Kelley 

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Wayne Betts
Sent: Wednesday, January 25, 2006 4:48 PM
To: General Red Hat Linux discussion list
Subject: Re: Login Warning

Apparently Kelley Coleman (Kelley.Coleman at va.gov) wrote:

>I've been tasked to get login warnings on our Linux systems.  On the 
>console, I need a login warning to display on the same screen or on an 
>immediately prior screen where the username and password would be 
>entered.
> 
>I also need to display the same or similar warning on all ssh and sftp 
>connections.  I've found where I can get the warnings to show AFTER 
>someone has connected, but not before. Seems a little counter-intuitive

>to me, but I'm told by our security officer that it is a requirement.
> 
>Any thoughts?
>
>Kelley Coleman
>  
>

Try the Banner option in the sshd_config.  It displays the banner before
the login process is done, and still allows a separate motd if you like
which as you've discovered is displayed after authentication.

In the sshd_config file, look for (or add yourself) a line starting with
"Banner"  There is probably already a Banner line commented out.  Here
for instance is what mine looks like:

# no default banner path
#Banner /some/path
Banner /etc/DOEbanner

The first two lines are exactly as packaged, effectively turning the
option off since they are commented out.  The third line I added (plus
of course I created the file /etc/DOEbanner with the required text.)
(Restart your sshd (or SIGHUP) to reread the new configuration once
done.)

Hth,

Wayne (not Wayner)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list