Make login banner customizable
This patch makes it easier for deployers to customize their login banner and it also fixes some documentation bugs around how to configure the graphical login banner. Closes-bug: 1679749 Change-Id: I755de63cc3965f065077c983dbf1015ad93dfa6c
This commit is contained in:
parent
9d745ec4fe
commit
005fa52c66
|
@ -564,6 +564,15 @@ security_rhel7_session_timeout: 600 # V-72223
|
|||
security_rhel7_enable_chrony: yes # V-72269
|
||||
# Restrict mail relaying.
|
||||
security_rhel7_restrict_mail_relaying: yes # V-72297
|
||||
# Deploy a login banner. # V-72225 / V-71863
|
||||
security_login_banner_text: |
|
||||
------------------------------------------------------------------------------
|
||||
* WARNING *
|
||||
* You are accessing a secured system and your actions will be logged along *
|
||||
* with identifying information. Disconnect immediately if you are not an *
|
||||
* authorized user of this system. *
|
||||
------------------------------------------------------------------------------
|
||||
|
||||
|
||||
## Packages (packages)
|
||||
# Remove packages from the system as required by the STIG. Set any of these
|
||||
|
|
|
@ -1,9 +1,28 @@
|
|||
---
|
||||
id: V-71861
|
||||
status: implemented
|
||||
tag: sshd
|
||||
tag: graphical
|
||||
---
|
||||
|
||||
This control is implemented by the tasks for another control:
|
||||
The security role configures a login banner for graphical logins using
|
||||
``dconf``. Deployers can opt out of this change by setting the following
|
||||
Ansible variable:
|
||||
|
||||
* :ref:`stig-V-72225`
|
||||
.. code-block:: yaml
|
||||
|
||||
security_enable_graphical_login_message: no
|
||||
|
||||
The message is customized by setting another Ansible variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
security_enable_graphical_login_message_text: >
|
||||
You are accessing a secured system and your actions will be logged along
|
||||
with identifying information. Disconnect immediately if you are not an
|
||||
authorized user of this system.
|
||||
|
||||
.. note::
|
||||
|
||||
The space available for the graphical banner is relatively short. Deployers
|
||||
should limit the length of their graphical login banners to the shortest
|
||||
length possible.
|
||||
|
|
|
@ -4,6 +4,7 @@ status: implemented
|
|||
tag: misc
|
||||
---
|
||||
|
||||
The STIG requires a standardized login banner for all command line user logins.
|
||||
The security role deploys a default banner from ``files/login_banner.txt`` to
|
||||
``/etc/issue`` on the system.
|
||||
The security role already deploys a login banner for console logins with tasks
|
||||
from another STIG:
|
||||
|
||||
* :ref:`stig-V-V-7225`
|
||||
|
|
|
@ -15,5 +15,14 @@ following Ansible variable:
|
|||
|
||||
security_sshd_banner_file: /etc/motd
|
||||
|
||||
The text of the banner file is configurable by editing
|
||||
``files/login_banner.txt`` in the security role.
|
||||
The message is customized with the following Ansible variable:
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
security_login_banner_text: |
|
||||
------------------------------------------------------------------------------
|
||||
* WARNING *
|
||||
* You are accessing a secured system and your actions will be logged along *
|
||||
* with identifying information. Disconnect immediately if you are not an *
|
||||
* authorized user of this system. *
|
||||
------------------------------------------------------------------------------
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Deployers can provide a customized login banner via a new Ansible variable:
|
||||
``security_login_banner_text``. This banner text is used for non-graphical
|
||||
logins, which includes console and ssh logins.
|
|
@ -406,12 +406,3 @@
|
|||
- high
|
||||
- misc
|
||||
- V-72313
|
||||
|
||||
- name: V-71863 - Display a login banner for console prompts
|
||||
copy:
|
||||
src: login_banner.txt
|
||||
dest: /etc/issue.net
|
||||
tags:
|
||||
- medium
|
||||
- misc
|
||||
- V-71863
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
|
||||
- name: Copy login warning banner
|
||||
copy:
|
||||
src: login_banner.txt
|
||||
content: "{{ security_login_banner_text }}"
|
||||
dest: "{{ security_sshd_banner_file }}"
|
||||
owner: root
|
||||
group: root
|
||||
|
|
Loading…
Reference in New Issue