From mboxrd@z Thu Jan 1 00:00:00 1970 From: Yuri Csapo Subject: Re: Warning Banner Date: Wed, 30 Nov 2005 09:52:36 -0700 Message-ID: <438DD8D4.9060306@mines.edu> References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: "Kirkwood, David A" Cc: 'Linux Mail List' My solution (on Debian, FC1 and FC2): - For local CLI logins: Put my message into /etc/issue. On sane systems, /etc/issue gets displayed every time a user logs in; on the Fedora systems I had to add a line to /etc/profile so this would work, like so: ... /bin/cat /etc/issue ... - For remote (ssh) logins: Put my message into /etc/issue.net. On sane systems, /etc/issue.net gets displayed to remote terminals right after login. On less sane systems, you need to edit /etc/ssh/sshd_config and uncomment the line: Banner /etc/issue.net Don't forget to restart sshd after that. - For local GUI logins: I've installed something called zenity and then created the script /etc/gdm/PostLogin/Default containing the following: if [ -f /etc/admin.msg ] then zenity --info --info-text "`cat /etc/admin.msg`" fi The "Default" script gets run by gdm right after login but before the actual (usually gnome) session is set up. If there is a file in /etc called "admin.msg", its contents get displayed in a nice graphical window. If there is no such file, nothing happens. I have the message in 3 different files so that I can customize things depending on the access methods - and also depending on departmental policies, but that's a different discussion. Hope this helps Yuri Kirkwood, David A wrote: >>Can you not just add the disclaimer to /etc/issue? >>Seems the perfect place to me... > > >>What's the ingress route? SSH / Telnet / Terminal / rlogin? > > >>SSH has settings that you can set in it's configuration file located in >>/etc > > > Ingress route is all inclusive. /etc/issue does not satisfy the requirements > for X11 greeting > and user intervention to complete the login process. For the terminal logins > I know I > can use a combination of the /etc/login, profile, and so forth, but the > problem is the X11 > screen criteria... > > >>>How can I add a warning to the login page of a RH Enterprise system >>>stating that the system is subject to monitoring, etc notifying the user >>>before he logs in >>>or completes the login process? The banner must require user intervention >>>to compete the login process in order to satify tacit complience issues. > > > Dave > > - > To unsubscribe from this list: send the line "unsubscribe linux-admin" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Yuri Csapo Academic Computing & Networking Colorado School of Mines Green Center Rm 249 Phone: (303) 273-3503 Fax: (303) 273-3475 Email: ycsapo@mines.edu Please use the following link to open a service request: http://helpdesk.mines.edu =========================================== With a PC, I always felt limited by the software available. On Unix, I am limited only by my knowledge. --Peter J. Schoenster