Banner Files

or say hello to the user that log in and NO to unauthorized users.

Author: matsk

Final: 2009-02-10

Send improvements, corrections and comments to the CentOS-docs mailinglist.

Introduction

This Tips & Trix will cover banners for SSH and the console prompt.

About legal issues

An often forgotten area in system protection is an well formed banner text.

Since the publication of the "Computer Misuse Act 1990" it has been strongly recommended that computers display a banner before allowing users to log in. The Act stipulates that an offense of unauthorized access can only be committed if the offender knew at the time that the access he intended to obtain was unauthorized. Login banners are the best way to achieve this. The "Regulation of Investigatory Powers Act 2000" also requires information to be given to computer users: login banners may also be a good way to do this dissemination.

/etc/motd

Console login The content of this file is shown after the user has logged in, and immediately before the shell is started.

/etc/issue.net

Network login

OBS By default is this disabled in ssh!

The content of this file is shown when a ssh session is connected and before the authorization.

To enable this in ssh you have to follow this simple steps:

1. Create a /etc/issue.net file and fill it with the desired context

2. Edit /etc/ssh/sshd_config, to look like this Banner /etc/issue.net

3. Restart sshd, service sshd restart

FTP Greeting Banner

This topic is covered in the "Deployment Guide" for CentOS 5.1 in section 43.2.6.1. "FTP Greeting Banner"

TCP Wrappers and Connection Banners

This topic is covered in the Deployment Guide" for CentOS 5.1 in section 43.2.1.1.1. "TCP Wrappers and Connection Banners"

Sample banner texts

Example #1

Unauthorized access to this machine is prohibited
Press <Ctrl-D> if you are not an authorized user

Example #2

********************************************************************
*                                                                  *
* This system is for the use of authorized users only.  Usage of   *
* this system may be monitored and recorded by system personnel.   *
*                                                                  *
* Anyone using this system expressly consents to such monitoring   *
* and is advised that if such monitoring reveals possible          *
* evidence of criminal activity, system personnel may provide the  *
* evidence from such monitoring to law enforcement officials.      *
*                                                                  *
********************************************************************

Fancy banners

linux_logo

"Create nice ASCII Art logos"

linux_logon is a tool that creates ASCII Art banners. The default ASCII art can be seen in the example below or other created from a template file. It does also add system stats like kernel version, CPU version, RAM and utilization values.

Example

                                                                 #####
                                                                #######
                   @                                            ##O#O##
  ######          @@#                                           #VVVVV#
    ##             #                                          ##  VVV  ##
    ##         @@@   ### ####   ###    ###  ##### ######     #          ##
    ##        @  @#   ###    ##  ##     ##    ###  ##       #            ##
    ##       @   @#   ##     ##  ##     ##      ###         #            ###
    ##          @@#   ##     ##  ##     ##      ###        QQ#           ##Q
    ##       # @@#    ##     ##  ##     ##     ## ##     QQQQQQ#       #QQQQQQ
    ##      ## @@# #  ##     ##  ###   ###    ##   ##    QQQQQQQ#     #QQQQQQQ
  ############  ###  ####   ####   #### ### ##### ######   QQQQQ#######QQQQQ
 Linux Version 2.6.18-53.1.4.el5, Compiled #1 SMP Fri Nov 30 00:45:16 EST 2007
One 2.19GHz AMD AMD Turion(tm) 64 Mobile ML-40 Processor, 256M RAM, 4394.20 Bogomips Total
                             localhost.localdomain

An alternative to linux_logo is FIGlet.

Links

Programs that could be used to create ASCII/ANSI logos

TipsAndTricks/BannerFiles (last edited 2009-04-17 12:58:16 by MatsOKarlsson)