Re: Warning Banner

[Yuri Csapo <ycsapo@Mines.EDU>]

My solution (on Debian, FC1 and FC2):

- For local CLI logins:

Put my message into /etc/issue.

On sane systems, /etc/issue gets displayed every time a user logs in; on 
the Fedora systems I had to add a line to /etc/profile so this would 
work, like so:

...
/bin/cat /etc/issue
...

- For remote (ssh) logins:

Put my message into /etc/issue.net.

On sane systems, /etc/issue.net gets displayed to remote terminals right 
after login. On less sane systems, you need to edit /etc/ssh/sshd_config 
and uncomment the line:

Banner /etc/issue.net

Don't forget to restart sshd after that.

- For local GUI logins:

I've installed something called zenity and then created the script 
/etc/gdm/PostLogin/Default containing the following:

if [ -f /etc/admin.msg ]
then
	zenity --info --info-text "`cat /etc/admin.msg`"
fi

The "Default" script gets run by gdm right after login but before the 
actual (usually gnome) session is set up. If there is a file in /etc 
called "admin.msg", its contents get displayed in a nice graphical 
window. If there is no such file, nothing happens.

I have the message in 3 different files so that I can customize things 
depending on the access methods - and also depending on departmental 
policies, but that's a different discussion.

Hope this helps

Yuri

Kirkwood, David A wrote:
>>Can you not just add the disclaimer to /etc/issue?
>>Seems the perfect place to me...
> 
> 
>>What's the ingress route? SSH / Telnet / Terminal / rlogin?
> 
> 
>>SSH has settings that you can set in it's configuration file located in
>>/etc
> 
> 
> Ingress route is all inclusive. /etc/issue does not satisfy the requirements
> for X11 greeting
> and user intervention to complete the login process. For the terminal logins
> I know I
> can use a combination of the /etc/login, profile,  and so forth, but the
> problem is the X11
> screen criteria...
> 
> 
>>>How can I add a warning to the login page of a RH Enterprise system
>>>stating that the system is subject to monitoring, etc notifying the user
>>>before he logs in
>>>or completes the login process? The banner must require user intervention
>>>to compete the login process in order to satify tacit complience issues.
> 
> 
> Dave
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
Green Center Rm 249
Phone:  (303) 273-3503
Fax:      (303) 273-3475
Email:   ycsapo@mines.edu

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster