1.7.1.3 Ensure remote login warning banner is configured properly

Information

The contents of the /etc/issue.net file are displayed to users prior to login for remote
connections from configured services.

Unix-based systems have typically displayed information about the OS release and patch
level upon logging in to the system. This information can be useful to developers who are
developing software for a particular OS platform. If mingetty(8) supports the following
options, they display operating system information: m - machine architecture r -
operating system release s - operating system name v - operating system version

Rationale:

Warning messages inform users who are attempting to login to the system of their legal
status regarding the system and must include the name of the organization that owns the
system and any monitoring policies that are in place. Displaying OS and patch level
information in login banners also has the side effect of providing detailed system
information to attackers attempting to target specific exploits of a system. Authorized users
can easily get this information by running the " uname -a " command once they have logged
in.

Solution

Edit the /etc/issue.net file with the appropriate contents according to your site policy,
remove any instances of m , r , s , v or references to the OS platform

# echo "Authorized uses only. All activity may be monitored and reported." >
/etc/issue.net

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|13, CSCv7|5.1

Plugin: Unix

Control ID: 81a116c5ef89b88837952e19695791c52764aef08535f882abef68da188f3c3d