Thanks. So we should add a check to banner_etc_issue.xml for issue.net and either a separate check for motd or add to banner_etc_issue.xml.
On Wed, Jan 21, 2015 at 9:16 AM, Jeremiah Jahn < [email protected]> wrote: > Same boat here. Plus CIS treats issue and issue.net distinctly. It > refers to /etc/issue /etc/issue.net and /etc/motd in it's audit > instructions. > > > https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf > Section 8.1 for example. > > > On Wed, Jan 21, 2015 at 9:16 AM, Gerwin Krist | LinQhost Internet > Services <[email protected]> wrote: > > Because we would like to have 2 different issue files (different > content): > > tty and ssh. > > But guess I have to make a patch then for internal use :-) > > > > - Gerwin > > > > > > On 01/21/2015 04:02 PM, Gabe Alford wrote: > > > > Just read this thread. > > > > I may be missing something here, but why are you using issue.net for SSH > > banners? > > > > On Wed, Jan 21, 2015 at 7:36 AM, Jeremiah Jahn > > <[email protected]> wrote: > >> > >> Nope, I don't think I ever did. I'm assuming the principles are so > >> overwhelmed, given the current amount of activity, that the thing to > >> do would be submit your own patch that splits these things up into two > >> pieces. I got sucked into a different project right now, otherwise, > >> that's what I'd probably do. Now that everything is on github, it's a > >> lot easier. > >> > >> On Wed, Jan 21, 2015 at 2:09 AM, Gerwin Krist | LinQhost Internet > >> Services <[email protected]> wrote: > >> > Hi, > >> > > >> > Did you get any response on this one? Only allowing /etc/issue is not > >> > workable when using > >> > both console and ssh logins. The console login is accepting escape > >> > cookies > >> > the ssh version > >> > not. > >> > > >> > > >> > On 08/01/2014 10:38 PM, Jeremiah Jahn wrote: > >> >> > >> >> We used to have to keep out banners under /etc/issue for the console, > >> >> and /etc/issue.net for remote access. > >> >> Would it be okay to make this rule deal with either one? > >> >> > >> >> diff --git a/shared/oval/sshd_enable_warning_banner.xml > >> >> b/shared/oval/sshd_enable_warning_banner.xml > >> >> index 0bd8d32..ace8b75 100644 > >> >> --- a/shared/oval/sshd_enable_warning_banner.xml > >> >> +++ b/shared/oval/sshd_enable_warning_banner.xml > >> >> @@ -25,7 +25,7 @@ > >> >> </ind:textfilecontent54_test> > >> >> <ind:textfilecontent54_object id="obj_sshd_banner_set" > version="2"> > >> >> <ind:filepath>/etc/ssh/sshd_config</ind:filepath> > >> >> - <ind:pattern operation="pattern > >> >> > >> >> > >> >> > match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue[\s]*(?:|(?:#.*))?$</ind:pattern> > >> >> + <ind:pattern operation="pattern > >> >> > >> >> > >> >> > match">^[\s]*(?i)Banner(?-i)[\s]+/etc/issue(.net){0,1}[\s]*(?:|(?:#.*))?$</ind:pattern> > >> >> <ind:instance datatype="int">1</ind:instance> > >> >> </ind:textfilecontent54_object> > >> >> </def-group> > >> > > >> > > >> -- > >> SCAP Security Guide mailing list > >> [email protected] > >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >> https://github.com/OpenSCAP/scap-security-guide/ > > > > > > > > > > -- > > SCAP Security Guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > https://github.com/OpenSCAP/scap-security-guide/ >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
