Rule ID
SV-282367r1201610_rule
Version
V1R1
The warning message reinforces policy awareness during the login process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution. Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088
Verify any SSH connection to the operating system displays the Standard Mandatory DOD or other applicable U.S. Government agency Notice and Consent Banner before granting access to the system.
For nodes of the cluster that are only privately (within the cluster) accessible, this requirement is not applicable.
Check for the location of the banner file being used using the following command:
$ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*banner'
banner /etc/issue
This command will return the banner keyword and the name of the file that contains the SSH banner (in this case "/etc/issue").
If the line is commented out, this is a finding.Configure TOSS 5 to display the Standard Mandatory DOD or other applicable U.S. Government agency Notice and Consent Banner before granting access to the system via SSH. Edit the "/etc/ssh/sshd_config" file to uncomment the banner keyword and configure it to point to a file that contains the login banner (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor). An example configuration line is: Banner /etc/issue