Modify the system banner
Author: KevinDKinsey
Reviewer: name contact BSD flavour
Reviewer: name contact BSD flavour
Concept
Be aware of the banner(s) that may be seen depending on how a user accesses a system and which files are used to configure each banner.
Introduction
Various banners and welcome messages are available to introduce a BSD system and to possibly share news, system policies, or important announcements. Among these are:
"Getty" message - this appears prior to the "login" prompt on a local terminal. It defaults to:
\r\n%s/%m (%h) (%t)\r\n\r\n
and is described in gettytab(5). An example appears below.
"Message of the Day" - This is generally shown after a successful login. The content is usually that of the file
/etc/motd
. In Free- and NetBSD, you can change the file to be shown in/etc/login.conf
with the "welcome" directive. The administrator for the system modifies this file. In "ancient" times, this file was used as a 'bulletin board' for all system users; since most machine have very few terminal users these days, this file isn't changed (or read) as often as it once was."Copyright" - Some variants show the BSD
/COPYRIGHT
file upon login. This may be configured fromlogin.conf
as well."SSH Banner" - You may be greeted (or warned!) by a special "banner" message when
sshd
prompts you for your login credentials. In days past this message may have announced the name and OS of the system you were connecting to. In the present day, many times it displays a "legal warning", instead --- but only a lawyer can tell you if the message bears any actual legal weight. This message is configured within/etc/ssh/sshd_config
with the "Banner" directive. See Configure an SSH server according to a set of requirements for more information. A sample appears below. You can also configuresshd
to suppress the MOTD."Shell Cruft" (for lack of a better name). Some administrators or users set up additional output-producing directives in
~/.login
--- an example, on FreeBSD, is the invocation of fortune(6) using the "freebsd-tips" database. An example is below.
TODO: telnetd uses standard login??
Examples
Gettytab
's "banner":
""NetBSD/i386 (foo.example.com) (ttyv0)
""login:
The first part of the "stock" FreeBSD MOTD:
""Welcome to FreeBSD!
""Before seeking technical support, please use the following resources:
""o Security advisories and updated errata information for all releases are "" at http://www.FreeBSD.org/releases/ - always consult the ERRATA section "" for your release first as it's updated frequently.
""o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, "" along with the mailing lists, can be searched by going to "" http://www.FreeBSD.org/search/. If the doc distribution has "" been installed, they're also available formatted in /usr/share/doc.
A sample ssh
login, displaying a banner (of the "warning" type):
""$ ssh me@somehost
"" * * * * * * * * * * * W A R N I N G * * * * * * * * * * * * *
""THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE
""ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE
""PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR
""OTHER APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM,
""DISCONNECT NOW. BY CONTINUING, YOU CONSENT TO YOUR KEYSTROKES
""AND DATA CONTENT BEING MONITORED. ALL PERSONS ARE HEREBY
""NOTIFIED THAT THE USE OF THIS SYSTEM CONSTITUTES CONSENT TO
""MONITORING AND AUDITING.
""Password:
After logging in and the display of the MOTD, FreeBSD systems often display a "tip":
""To erase a line you've written at the command prompt, use "Ctrl-U". "" -- Dru <genesis@istar.ca>
Practice Exercises
- View your /etc/motd file.
- Configure
sshd
to display a message prior to logging in, or to suppress the display of the system MOTD afterwards.
More information
motd(5), login.conf(5), gettytab(5), sshd_config(5)