This may not be the best long term approach, but I've always symlinked /etc/motd and /etc/issue.net against /etc/issue to solve this annoying problem...
Cheers -chris On Jan 21, 2015 7:03 AM, "Gabe Alford" redhatrises@gmail.com wrote:
Just read this thread.
I may be missing something here, but why are you using issue.net for SSH banners?
On Wed, Jan 21, 2015 at 7:36 AM, Jeremiah Jahn < jeremiah@goodinassociates.com> wrote:
Nope, I don't think I ever did. I'm assuming the principles are so overwhelmed, given the current amount of activity, that the thing to do would be submit your own patch that splits these things up into two pieces. I got sucked into a different project right now, otherwise, that's what I'd probably do. Now that everything is on github, it's a lot easier.
On Wed, Jan 21, 2015 at 2:09 AM, Gerwin Krist | LinQhost Internet Services gerwin@linqhost.nl wrote:
Hi,
Did you get any response on this one? Only allowing /etc/issue is not workable when using both console and ssh logins. The console login is accepting escape
cookies
the ssh version not.
On 08/01/2014 10:38 PM, Jeremiah Jahn wrote:
We used to have to keep out banners under /etc/issue for the console, and /etc/issue.net for remote access. Would it be okay to make this rule deal with either one?
diff --git a/shared/oval/sshd_enable_warning_banner.xml b/shared/oval/sshd_enable_warning_banner.xml index 0bd8d32..ace8b75 100644 --- a/shared/oval/sshd_enable_warning_banner.xml +++ b/shared/oval/sshd_enable_warning_banner.xml @@ -25,7 +25,7 @@ </ind:textfilecontent54_test> <ind:textfilecontent54_object id="obj_sshd_banner_set" version="2"> ind:filepath/etc/ssh/sshd_config</ind:filepath>
- <ind:pattern operation="pattern
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$</ind:pattern>
- <ind:pattern operation="pattern
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue(.net){0,1}[\s]*(?:|(?:#.*))?$</ind:pattern>
<ind:instance datatype="int">1</ind:instance> </ind:textfilecontent54_object></def-group>
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/