Profile Applicability:
• Level 1
Description:
A remote login warning banner displays a legal notice or warning message to users attempting to access the system remotely via SSH or other remote login services. Properly configured warning banners inform users about authorized access policies and help deter unauthorized use.
Rationale:
Displaying a remote login warning banner helps satisfy legal requirements and provides a clear notice to users that unauthorized access is prohibited, which may support prosecution of unauthorized users.
Impact:
Pros:
Provides legal notice and deterrent for unauthorized users.
Supports compliance with organizational policies and regulations.
Cons:
Misconfigured banners may confuse legitimate users if wording is unclear.
Default Value:
By default, many systems may not have a warning banner configured.
Pre-requisites:
Root or sudo privileges to modify SSH configuration and banner files.
Remediation:
Test Plan:
Using Linux command line:
- Verify the SSH configuration file (/etc/ssh/sshd_config) includes a Banner directive pointing to a valid banner file:
grep -i '^Banner' /etc/ssh/sshd_config
Check the contents of the banner file specified (e.g., /etc/issue.net or custom file) to ensure appropriate warning message.
Test SSH login to confirm banner displays correctly.
Implementation Plan:
Using Linux command line:
- Edit /etc/ssh/sshd_config to add or update the Banner directive, for example:
Banner /etc/issue.net
Create or modify the banner file /etc/issue.net with the appropriate legal warning message.
- Restart the SSH service to apply changes:
systemctl restart sshd
Test remote SSH login to verify banner display.
Backout Plan:
Using Linux command line:
Remove or comment out the Banner directive in /etc/ssh/sshd_config.
- Restart SSH service:
systemctl restart sshd
Remove or revert changes to the banner file as needed.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
OpenSSH Manual: sshd_config