Login Warning
Coleman, Kelley (HAC)
Kelley.Coleman at va.gov
Sat Jan 28 03:31:09 UTC 2006
The security contractor must have had a pre-release version. On the
website - http://www.cisecurity.org/bench.html - it shows the Redhat
Linux as still under development. Now I wish I hadn't said anything!
It's due out 02/2006.
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Meadows, Andrew
Sent: Friday, January 27, 2006 8:22 PM
To: redhat-list at redhat.com
Subject: Re: Login Warning
Post the link if you would or just send it to me directly.
-----Original Message-----
From: redhat-list-bounces at redhat.com <redhat-list-bounces at redhat.com>
To: General Red Hat Linux discussion list <redhat-list at redhat.com>
Sent: Fri Jan 27 21:19:57 2006
Subject: RE: Login Warning
The banner option mentioned below has seemed to satisfy. I haven't had
time, yet, to test the /issue option. Hope to get that done this
weekend. Hopefully, that will show the warning message on the console
login page. Although no one ever gets in that room but the people who
already have the password anyway. Can't get that to fly, though.
Have any of you tried to run the cis-scan tool yet? That's what the
security guy is having me run. I think we got it off the NIST website.
If there's interest, I'll find the link and post it here.
Kelley
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Wayne Betts
Sent: Wednesday, January 25, 2006 4:48 PM
To: General Red Hat Linux discussion list
Subject: Re: Login Warning
Apparently Kelley Coleman (Kelley.Coleman at va.gov) wrote:
>I've been tasked to get login warnings on our Linux systems. On the
>console, I need a login warning to display on the same screen or on an
>immediately prior screen where the username and password would be
>entered.
>
>I also need to display the same or similar warning on all ssh and sftp
>connections. I've found where I can get the warnings to show AFTER
>someone has connected, but not before. Seems a little counter-intuitive
>to me, but I'm told by our security officer that it is a requirement.
>
>Any thoughts?
>
>Kelley Coleman
>
>
Try the Banner option in the sshd_config. It displays the banner before
the login process is done, and still allows a separate motd if you like
which as you've discovered is displayed after authentication.
In the sshd_config file, look for (or add yourself) a line starting with
"Banner" There is probably already a Banner line commented out. Here
for instance is what mine looks like:
# no default banner path
#Banner /some/path
Banner /etc/DOEbanner
The first two lines are exactly as packaged, effectively turning the
option off since they are commented out. The third line I added (plus
of course I created the file /etc/DOEbanner with the required text.)
(Restart your sshd (or SIGHUP) to reread the new configuration once
done.)
Hth,
Wayne (not Wayner)
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
********************************************
This message is intended only for the use of the Addressee and may
contain information that is PRIVILEGED and CONFIDENTIAL.
If you are not the intended recipient, you are hereby notified that any
dissemination of this communication is strictly prohibited.
If you have received this communication in error, please erase all
copies of the message and its attachments and notify us immediately.
Thank you.
********************************************
More information about the redhat-list
mailing list