Because we would like to have 2 different issue files (different
content): tty and ssh.
But guess I have to make a patch then for internal use :-)
- Gerwin
On 01/21/2015 04:02 PM, Gabe Alford wrote:
Just read this thread.
I may be missing something here, but why are you using issue.net
<http://issue.net> for SSH banners?
On Wed, Jan 21, 2015 at 7:36 AM, Jeremiah Jahn
<[email protected] <mailto:[email protected]>>
wrote:
Nope, I don't think I ever did. I'm assuming the principles are so
overwhelmed, given the current amount of activity, that the thing to
do would be submit your own patch that splits these things up into two
pieces. I got sucked into a different project right now, otherwise,
that's what I'd probably do. Now that everything is on github, it's a
lot easier.
On Wed, Jan 21, 2015 at 2:09 AM, Gerwin Krist | LinQhost Internet
Services <[email protected] <mailto:[email protected]>> wrote:
> Hi,
>
> Did you get any response on this one? Only allowing /etc/issue
is not
> workable when using
> both console and ssh logins. The console login is accepting
escape cookies
> the ssh version
> not.
>
>
> On 08/01/2014 10:38 PM, Jeremiah Jahn wrote:
>>
>> We used to have to keep out banners under /etc/issue for the
console,
>> and /etc/issue.net <http://issue.net> for remote access.
>> Would it be okay to make this rule deal with either one?
>>
>> diff --git a/shared/oval/sshd_enable_warning_banner.xml
>> b/shared/oval/sshd_enable_warning_banner.xml
>> index 0bd8d32..ace8b75 100644
>> --- a/shared/oval/sshd_enable_warning_banner.xml
>> +++ b/shared/oval/sshd_enable_warning_banner.xml
>> @@ -25,7 +25,7 @@
>> </ind:textfilecontent54_test>
>> <ind:textfilecontent54_object id="obj_sshd_banner_set"
version="2">
>> <ind:filepath>/etc/ssh/sshd_config</ind:filepath>
>> - <ind:pattern operation="pattern
>>
>>
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$</ind:pattern>
>> + <ind:pattern operation="pattern
>>
>>
match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue(.net){0,1}[\s]*(?:|(?:#.*))?$</ind:pattern>
>> <ind:instance datatype="int">1</ind:instance>
>> </ind:textfilecontent54_object>
>> </def-group>
>
>
--
SCAP Security Guide mailing list
[email protected]
<mailto:[email protected]>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
