Detections
Analytics

1.7.2 Ensure /etc/issue is configured

Information

The file /etc/issue is read from agetty(8) and similar tools and shown above the login prompt. While some of the information can be adjusted with variables, the file itself is static. To display dynamic content, issue-generator(1) generates a /run/issue file from different files.

Files in /etc/issue.d override files with the same name in /usr/lib/issue.d and /run/issue.d . Files in /run/issue.d override files with the same name in /usr/lib/issue.d. Packages should install their configuration files in /usr/lib/issue.d . Files in /etc/issue.d are reserved for the local administrator, who may use this logic to override the files installed by vendor packages. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in.

Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. Displaying OS and patch level information in login banners also has the side effect of providing detailed system information to attackers attempting to target specific exploits of a system. Authorized users can easily get this information by running the " uname -a " command once they have logged in.

Solution

Edit the issue file with the appropriate contents according to your site policy, remove any instances of \m, \r, \s, \v or references to the OS platform

Example:

# echo "Authorized users only. All activity may be monitored and reported." > /etc/issue

Note:

 - The issue file /usr/lib/issue.d/10-SUSE may be removed or overridden with the appropriate contents according to your site policy.
 - Files in /etc/issue.d override files with the same name in /usr/lib/issue.d and /run/issue.d . Files in /run/issue.d override files with the same name in /usr/lib/issue.d.
 - Files in /etc/issue.d are reserved for the local administrator, who may use this logic to override the files installed by vendor packages.
 - All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in.

See Also

https://workbench.cisecurity.org/benchmarks/26236

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-1, 800-53|CM-3, 800-53|CM-6

Plugin: Unix

Control ID: 57f440c55e7e254405ebf2303f39db918cd127ac8cff043d2df89e25183ff8a4