List Info

Thread: Login Warning
Login Warning
user name
 2006-01-28 03:19:57 
The banner option mentioned below has seemed to satisfy.  I
haven't had
time, yet, to test the /issue option. Hope to get that done
this
weekend. Hopefully, that will show the warning message on
the console
login page.  Although no one ever gets in that room but the
people who
already have the password anyway.  Can't get that to fly,
though.

Have any of you tried to run the cis-scan tool yet?  That's
what the
security guy is having me run.  I think we got it off the
NIST website.
If there's interest, I'll find the link and post it here.

Kelley 

-----Original Message-----
From: redhat-list-bouncesredhat.com
[mailto:redhat-list-bouncesredhat.com] On Behalf Of
Wayne Betts
Sent: Wednesday, January 25, 2006 4:48 PM
To: General Red Hat Linux discussion list
Subject: Re: Login Warning

Apparently Kelley Coleman (Kelley.Colemanva.gov)
wrote:

>I've been tasked to get login warnings on our Linux
systems.  On the 
>console, I need a login warning to display on the same
screen or on an 
>immediately prior screen where the username and password
would be 
>entered.
> 
>I also need to display the same or similar warning on
all ssh and sftp 
>connections.  I've found where I can get the warnings to
show AFTER 
>someone has connected, but not before. Seems a little
counter-intuitive

>to me, but I'm told by our security officer that it is a
requirement.
> 
>Any thoughts?
>
>Kelley Coleman
>  
>

Try the Banner option in the sshd_config.  It displays the
banner before
the login process is done, and still allows a separate motd
if you like
which as you've discovered is displayed after
authentication.

In the sshd_config file, look for (or add yourself) a line
starting with
"Banner"  There is probably already a Banner line
commented out.  Here
for instance is what mine looks like:

# no default banner path
#Banner /some/path
Banner /etc/DOEbanner

The first two lines are exactly as packaged, effectively
turning the
option off since they are commented out.  The third line I
added (plus
of course I created the file /etc/DOEbanner with the
required text.)
(Restart your sshd (or SIGHUP) to reread the new
configuration once
done.)

Hth,

Wayne (not Wayner)

--
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-requestredhat.com?subject=unsubscribe
h
ttps://www.redhat.com/mailman/listinfo/redhat-list
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )