Thanks. So we should add a check to banner_etc_issue.xml for issue.net and either a separate check for motd or add to banner_etc_issue.xml.
On Wed, Jan 21, 2015 at 9:16 AM, Jeremiah Jahn < jeremiah@goodinassociates.com> wrote:
Same boat here. Plus CIS treats issue and issue.net distinctly. It refers to /etc/issue /etc/issue.net and /etc/motd in it's audit instructions.
https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_... Section 8.1 for example.
On Wed, Jan 21, 2015 at 9:16 AM, Gerwin Krist | LinQhost Internet Services gerwin@linqhost.nl wrote:
Because we would like to have 2 different issue files (different
content):
tty and ssh. But guess I have to make a patch then for internal use :-)
- Gerwin
On 01/21/2015 04:02 PM, Gabe Alford wrote:
Just read this thread.
I may be missing something here, but why are you using issue.net for SSH banners?
On Wed, Jan 21, 2015 at 7:36 AM, Jeremiah Jahn jeremiah@goodinassociates.com wrote:
Nope, I don't think I ever did. I'm assuming the principles are so overwhelmed, given the current amount of activity, that the thing to do would be submit your own patch that splits these things up into two pieces. I got sucked into a different project right now, otherwise, that's what I'd probably do. Now that everything is on github, it's a lot easier.
On Wed, Jan 21, 2015 at 2:09 AM, Gerwin Krist | LinQhost Internet Services gerwin@linqhost.nl wrote:
Hi,
Did you get any response on this one? Only allowing /etc/issue is not workable when using both console and ssh logins. The console login is accepting escape cookies the ssh version not.
On 08/01/2014 10:38 PM, Jeremiah Jahn wrote:
We used to have to keep out banners under /etc/issue for the console, and /etc/issue.net for remote access. Would it be okay to make this rule deal with either one?
diff --git a/shared/oval/sshd_enable_warning_banner.xml b/shared/oval/sshd_enable_warning_banner.xml index 0bd8d32..ace8b75 100644 --- a/shared/oval/sshd_enable_warning_banner.xml +++ b/shared/oval/sshd_enable_warning_banner.xml @@ -25,7 +25,7 @@ </ind:textfilecontent54_test> <ind:textfilecontent54_object id="obj_sshd_banner_set"
version="2">
<ind:filepath>/etc/ssh/sshd_config</ind:filepath>
- <ind:pattern operation="pattern
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$</ind:pattern>
- <ind:pattern operation="pattern
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue(.net){0,1}[\s]*(?:|(?:#.*))?$</ind:pattern>
<ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object></def-group>
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/