Profile Applicability:
• Level 1
Description:
Configuring an SSH banner displays a warning message to users before they log in. This banner can serve as a legal notice, security warning, or acceptable use policy, informing users about authorized access and monitoring.
Rationale:
Displaying a login banner helps deter unauthorized access by warning potential intruders and reinforcing legal protections for the system.
Impact:
Pros:
Provides clear notification of access policies and monitoring.
Can serve as a deterrent to unauthorized access attempts.
Cons:
May be ignored by attackers but is a best practice for compliance.
Default Value:
The SSH banner is often not configured by default.
Pre-requisites:
Root or sudo privileges to modify SSH daemon configuration and manage banner files.
Remediation:
Test Plan:
Using Linux command line:
Check if the Banner directive is set in /etc/ssh/sshd_config:
grep ^Banner /etc/ssh/sshd_config
Verify that the banner file exists and contains the desired message.
Implementation Plan:
Using Linux command line:
Create or edit the banner file (e.g., /etc/issue.net):
vi /etc/issue.net
Add the banner message, for example:
WARNING: Unauthorized access to this system is prohibited.
All activities are monitored and logged.
Edit /etc/ssh/sshd_config to set the banner directive:
Banner /etc/issue.net
Restart the SSH daemon to apply changes:
systemctl restart sshd
Verify configuration:
grep ^Banner /etc/ssh/sshd_config
Backout Plan:
Using Linux command line:
Remove or comment out the Banner directive in /etc/ssh/sshd_config if needed.
Restart sshd service:
systemctl restart sshd
Verify the banner is no longer displayed.
References: