Information
A Login window banner warning informs the user that the system is reserved for authorized use only. It enforces an acknowledgment by the user that they have been informed of the use policy in the banner if required. The system recognizes either thetxt and thertf formats.
An access warning may reduce a casual attacker's tendency to target the system. Access warnings may also aid in the prosecution of an attacker by evincing the attacker's knowledge of the system's private status, acceptable use policy, and authorization requirements.
Solution
Terminal Method:
Run the following commands to create or edit the login window text and set the proper permissions:
Edit (or create) a PolicyBanner.txt or PolicyBanner.rtf file, in the /Library/Security/ folder, to include the required login window banner text.
Perform the following to set permissions on the policy banner file:
$ /usr/bin/sudo /bin/chmod o+r /Library/Security/PolicyBanner.txt
$ /usr/bin/sudo /bin/chmod o+r /Library/Security/PolicyBanner.rtf
Note: If your organization uses anrtfd file to set the policy banner, run $ /usr/bin/sudo /bin/chmod o+rx /Library/Security/PolicyBanner.rtfd to update the permissions.
Impact:
Users will have to click on the window with the Login text before logging into the computer.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: bf04b56c647cfd1d4ca4b579a08c06bc4eafe0014f8c26da084ad0e1ff008155