* Warning banner
@ 2005-11-30 15:46 Kirkwood, David A
2005-11-30 15:53 ` darren kirby
0 siblings, 1 reply; 7+ messages in thread
From: Kirkwood, David A @ 2005-11-30 15:46 UTC (permalink / raw)
To: 'Linux Mail List'
How can I add a warning to the login page of a RH Enterprise system
stating that the system is subject to monitoring, etc notifying the user
before he logs in
or completes the login process? The banner must require user intervention to
compete the login process in order to satify tacit complience issues.
Thanks,
Dave
^ permalink raw reply [flat|nested] 7+ messages in thread
* RE: Warning banner
@ 2005-11-30 15:54 Khushil Dep
0 siblings, 0 replies; 7+ messages in thread
From: Khushil Dep @ 2005-11-30 15:54 UTC (permalink / raw)
To: Kirkwood, David A, Linux Mail List
What's the ingress route? SSH / Telnet / Terminal / rlogin?
SSH has settings that you can set in it's configuration file located in
/etc
-----------------------
Khushil Dep
Basilica Helpdesk
T : 0870 600 77 60
F : 01462 70 80 99
-----Original Message-----
From: linux-admin-owner@vger.kernel.org
[mailto:linux-admin-owner@vger.kernel.org] On Behalf Of Kirkwood, David
A
Sent: 30 November 2005 15:47
To: 'Linux Mail List'
Subject: Warning banner
How can I add a warning to the login page of a RH Enterprise system
stating that the system is subject to monitoring, etc notifying the user
before he logs in
or completes the login process? The banner must require user
intervention to
compete the login process in order to satify tacit complience issues.
Thanks,
Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-admin"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Warning Banner
@ 2005-11-30 16:05 Kirkwood, David A
2005-11-30 16:50 ` Thornton Prime
2005-11-30 16:52 ` Yuri Csapo
0 siblings, 2 replies; 7+ messages in thread
From: Kirkwood, David A @ 2005-11-30 16:05 UTC (permalink / raw)
To: 'Linux Mail List'
> Can you not just add the disclaimer to /etc/issue?
>Seems the perfect place to me...
>What's the ingress route? SSH / Telnet / Terminal / rlogin?
>SSH has settings that you can set in it's configuration file located in
>/etc
Ingress route is all inclusive. /etc/issue does not satisfy the requirements
for X11 greeting
and user intervention to complete the login process. For the terminal logins
I know I
can use a combination of the /etc/login, profile, and so forth, but the
problem is the X11
screen criteria...
>> How can I add a warning to the login page of a RH Enterprise system
>> stating that the system is subject to monitoring, etc notifying the user
>> before he logs in
>> or completes the login process? The banner must require user intervention
>> to compete the login process in order to satify tacit complience issues.
Dave
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Warning Banner
2005-11-30 16:05 Warning Banner Kirkwood, David A
@ 2005-11-30 16:50 ` Thornton Prime
2005-11-30 17:23 ` Yuri Csapo
2005-11-30 16:52 ` Yuri Csapo
1 sibling, 1 reply; 7+ messages in thread
From: Thornton Prime @ 2005-11-30 16:50 UTC (permalink / raw)
To: Linux Mail List
On 11/30/05, Kirkwood, David A <DAVID.A.KIRKWOOD@saic.com> wrote:
> Ingress route is all inclusive. /etc/issue does not satisfy the requirements
> for X11 greeting
> and user intervention to complete the login process. For the terminal logins
> I know I
> can use a combination of the /etc/login, profile, and so forth, but the
> problem is the X11
> screen criteria...
For X11 you can modify the Welcome in the gdm.conf or you can add a
command that will pop up a window in the global Xsession.
If you want something all-inclusive, you can look to adding a PAM
module and add acceptance of your terms as an authentication
requirement.
Personally, I see little utility in these warnings. My reading of the
law surrounding computer system access suggests that there is no legal
weight in these warnings, and that the system owner (company or
government entity) has the right to monitor or prosecute without such
warnings. At my last job, one of the lawyers agreed, saying that the
real weight is in a statement in an employee handbook -- clicking an
"OK" button on screen does not constitute a contract.
IINAL, but these banners or warnings are apparently a nuisance at best.
thornton
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Warning Banner
2005-11-30 16:50 ` Thornton Prime
@ 2005-11-30 17:23 ` Yuri Csapo
0 siblings, 0 replies; 7+ messages in thread
From: Yuri Csapo @ 2005-11-30 17:23 UTC (permalink / raw)
To: Thornton Prime; +Cc: Linux Mail List
Thornton Prime wrote:
> Personally, I see little utility in these warnings. My reading of the
> law surrounding computer system access suggests that there is no legal
> weight in these warnings, and that the system owner (company or
> government entity) has the right to monitor or prosecute without such
> warnings. At my last job, one of the lawyers agreed, saying that the
> real weight is in a statement in an employee handbook -- clicking an
> "OK" button on screen does not constitute a contract.
>
> IINAL, but these banners or warnings are apparently a nuisance at best.
From a legal standpoint, of course I agree. On the other hand from my
administrative point of view I find them very useful. I use these things
for everything from helpful hints for users to warnings about recent
updates to the system.
I admin a few hundreds of Linux clients in public labs in a university
setting, I realize not everybody will have this need.
--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
Green Center Rm 249
Phone: (303) 273-3503
Fax: (303) 273-3475
Email: ycsapo@mines.edu
Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Warning Banner
2005-11-30 16:05 Warning Banner Kirkwood, David A
2005-11-30 16:50 ` Thornton Prime
@ 2005-11-30 16:52 ` Yuri Csapo
1 sibling, 0 replies; 7+ messages in thread
From: Yuri Csapo @ 2005-11-30 16:52 UTC (permalink / raw)
To: Kirkwood, David A; +Cc: 'Linux Mail List'
My solution (on Debian, FC1 and FC2):
- For local CLI logins:
Put my message into /etc/issue.
On sane systems, /etc/issue gets displayed every time a user logs in; on
the Fedora systems I had to add a line to /etc/profile so this would
work, like so:
...
/bin/cat /etc/issue
...
- For remote (ssh) logins:
Put my message into /etc/issue.net.
On sane systems, /etc/issue.net gets displayed to remote terminals right
after login. On less sane systems, you need to edit /etc/ssh/sshd_config
and uncomment the line:
Banner /etc/issue.net
Don't forget to restart sshd after that.
- For local GUI logins:
I've installed something called zenity and then created the script
/etc/gdm/PostLogin/Default containing the following:
if [ -f /etc/admin.msg ]
then
zenity --info --info-text "`cat /etc/admin.msg`"
fi
The "Default" script gets run by gdm right after login but before the
actual (usually gnome) session is set up. If there is a file in /etc
called "admin.msg", its contents get displayed in a nice graphical
window. If there is no such file, nothing happens.
I have the message in 3 different files so that I can customize things
depending on the access methods - and also depending on departmental
policies, but that's a different discussion.
Hope this helps
Yuri
Kirkwood, David A wrote:
>>Can you not just add the disclaimer to /etc/issue?
>>Seems the perfect place to me...
>
>
>>What's the ingress route? SSH / Telnet / Terminal / rlogin?
>
>
>>SSH has settings that you can set in it's configuration file located in
>>/etc
>
>
> Ingress route is all inclusive. /etc/issue does not satisfy the requirements
> for X11 greeting
> and user intervention to complete the login process. For the terminal logins
> I know I
> can use a combination of the /etc/login, profile, and so forth, but the
> problem is the X11
> screen criteria...
>
>
>>>How can I add a warning to the login page of a RH Enterprise system
>>>stating that the system is subject to monitoring, etc notifying the user
>>>before he logs in
>>>or completes the login process? The banner must require user intervention
>>>to compete the login process in order to satify tacit complience issues.
>
>
> Dave
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
Green Center Rm 249
Phone: (303) 273-3503
Fax: (303) 273-3475
Email: ycsapo@mines.edu
Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-11-30 17:23 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-30 15:46 Warning banner Kirkwood, David A
2005-11-30 15:53 ` darren kirby
-- strict thread matches above, loose matches on Subject: below --
2005-11-30 15:54 Khushil Dep
2005-11-30 16:05 Warning Banner Kirkwood, David A
2005-11-30 16:50 ` Thornton Prime
2005-11-30 17:23 ` Yuri Csapo
2005-11-30 16:52 ` Yuri Csapo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).