The security contractor must have had a pre-release version. On the website - http://www.cisecurity.org/bench.html - it shows the Redhat Linux as still under development. Now I wish I hadn't said anything! It's due out 02/2006. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Meadows, Andrew Sent: Friday, January 27, 2006 8:22 PM To: redhat-list@xxxxxxxxxx Subject: Re: Login Warning Post the link if you would or just send it to me directly. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx <redhat-list-bounces@xxxxxxxxxx> To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx> Sent: Fri Jan 27 21:19:57 2006 Subject: RE: Login Warning The banner option mentioned below has seemed to satisfy. I haven't had time, yet, to test the /issue option. Hope to get that done this weekend. Hopefully, that will show the warning message on the console login page. Although no one ever gets in that room but the people who already have the password anyway. Can't get that to fly, though. Have any of you tried to run the cis-scan tool yet? That's what the security guy is having me run. I think we got it off the NIST website. If there's interest, I'll find the link and post it here. Kelley -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Wayne Betts Sent: Wednesday, January 25, 2006 4:48 PM To: General Red Hat Linux discussion list Subject: Re: Login Warning Apparently Kelley Coleman (Kelley.Coleman@xxxxxx) wrote: >I've been tasked to get login warnings on our Linux systems. On the >console, I need a login warning to display on the same screen or on an >immediately prior screen where the username and password would be >entered. > >I also need to display the same or similar warning on all ssh and sftp >connections. I've found where I can get the warnings to show AFTER >someone has connected, but not before. Seems a little counter-intuitive >to me, but I'm told by our security officer that it is a requirement. > >Any thoughts? > >Kelley Coleman > > Try the Banner option in the sshd_config. It displays the banner before the login process is done, and still allows a separate motd if you like which as you've discovered is displayed after authentication. In the sshd_config file, look for (or add yourself) a line starting with "Banner" There is probably already a Banner line commented out. Here for instance is what mine looks like: # no default banner path #Banner /some/path Banner /etc/DOEbanner The first two lines are exactly as packaged, effectively turning the option off since they are commented out. The third line I added (plus of course I created the file /etc/DOEbanner with the required text.) (Restart your sshd (or SIGHUP) to reread the new configuration once done.) Hth, Wayne (not Wayner) -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list ******************************************** This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately. Thank you. ******************************************** -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
