Profile Applicability:
• Level 1
Description:
The /etc/issue file contains a pre-login message displayed before the login prompt. Properly configuring access to this file prevents unauthorized modification or disclosure of sensitive information, which could aid attackers in reconnaissance.
Rationale:
Restricting access to /etc/issue ensures that only authorized users can read or modify the file, maintaining the confidentiality and integrity of the pre-login message.
Impact:
Pros:
Protects the system’s pre-login banner from unauthorized changes.
Prevents disclosure of system information to unauthorized users.
Cons:
Overly restrictive permissions may prevent legitimate users from viewing the message.
Default Value:
By default, /etc/issue is typically world-readable and owned by root.
Pre-requisites:
Root or sudo privileges to modify file ownership and permissions.
Remediation:
Test Plan:
Using Linux command line:
- Check current ownership and permissions of /etc/issue:
ls -l /etc/issue
Verify file is owned by root and permissions are typically 644.
Implementation Plan:
Using Linux command line:
1. Set ownership to root:
chown root:root /etc/issue
2. Set permissions to restrict access:
chmod 644 /etc/issue
Backout Plan:
Using Linux command line:
Restore previous ownership and permissions if needed.
Notify users if permission changes affect usage.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Linux man page: issue