Eikonal Blog

2012.04.27

Logon Banners

Filed under: infosec, security hardening, web security — Tags: , , , , , , — sandokan65 @ 15:06
  • On Linux systems, put pre-login banner text in the files /etc/banner, /etc/issue, and /etc/issue.net; and the after-login banner in /etc/motd.
  • For OpenSSH servers (e.g. on Linux systems), activate the banner use (by SSH/SFTP/SCP) by including following (uncommented) line in /etc/ssh/sshd_config:
    Banner /etc/banner
  • TELNET:
    • On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
      banner = /etc/issue
    • Older versions of TELNET may be using /etc/default/telnetd containing the block:
        BANNER="\\n
        nThis should be a telnet banner\\n
        n"
        
  • FTP:
    • If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
      banner = /etc/issue
    • If wu-ftpd is used (on Linux), edit /etc/ftpaccess to add following line:
      banner = /etc/issue
    • FTP may be using /etc/ftpd/banner.msg (or any file external to /etc/ftpd/ftpaccess) by specifying following line:
      banner /etc/ftpd/banner.msg

      in /etc/ftpd/ftpaccess.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: