-
Notifications
You must be signed in to change notification settings - Fork 0
/
RHEL-06-000073.sh
executable file
·138 lines (121 loc) · 6.04 KB
/
RHEL-06-000073.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/bin/bash
#
##########################################################################
#Red Hat Enterprise Linux 6 - DISA STIG Compliance Remediation Content
#Copyright (C) 2013
#Vincent C. Passaro ([email protected])
#
##########################################################################
#
###################### Buddha Labs LLC ################################
# By Vincent C. Passaro #
# Buddha Labs LLC. #
# vince[@]buddhalabs[.]com #
# www.buddhalabs.com #
###################### Buddha Labs LLC ################################
#_________________________________________________________________________
# Version | Change Information | Author | Date
#-------------------------------------------------------------------------
# 1.0 | Initial Script Creation | Vincent Passaro | 1-JUNE-2013
#
#
#######################DISA INFORMATION##################################
# Group ID (Vulid): RHEL-06-000073
# Group Title: SRG-OS-000228
#
# Rule ID: RHEL-06-000073_rule
# Severity: medium
# Rule Version (STIG-ID): RHEL-06-000073
# Rule Title: The Department of Defense (DoD) login banner must be
# displayed immediately prior to, or as part of, console login prompts.
#
# Vulnerability Discussion: An appropriate warning message reinforces
# policy awareness during the logon process and facilitates possible legal
# action against attackers.
#
# Responsibility:
# IAControls:
#
# Check Content:
#
# To check if the system login banner is compliant, run the following
# command:
# $ cat /etc/issue
# If it does not display the required banner, this is a finding.
#
# Fix Text:
#
# To configure the system login banner:
# Edit "/etc/issue". Replace the default text with a message compliant with
# the local site policy or a legal disclaimer. The DoD required text is
# either:
# "You are accessing a U.S. Government (USG) Information System (IS) that
# is provided for USG-authorized use only. By using this IS (which includes
# any device attached to this IS), you consent to the following conditions:
# -The USG routinely intercepts and monitors communications on this IS for
# purposes including, but not limited to, penetration testing, COMSEC
# monitoring, network operations and defense, personnel misconduct (PM),
# law enforcement (LE), and counterintelligence (CI) investigations.
# -At any time, the USG may inspect and seize data stored on this IS.
# -Communications using, or data stored on, this IS are not private, are
# subject to routine monitoring, interception, and search, and may be
# disclosed or used for any USG-authorized purpose.
# -This IS includes security measures (e.g., authentication and access
# controls) to protect USG interests -- not for your personal benefit or
# privacy.
# -Notwithstanding the above, using this IS does not constitute consent to
# PM, LE or CI investigative searching or monitoring of the content of
# privileged communications, or work product, related to personal
# representation or services by attorneys, psychotherapists, or clergy, and
# their assistants. Such communications and work product are private and
# confidential. See User Agreement for details."
# OR:
# "I've read & consent to terms in IS user agreem't."
#######################DISA INFORMATION##################################
#
# Global Variables
PDI=RHEL-06-000073
#
#BEGIN_CHECK
if [ -f /etc/aqueduct/issue.banner ]; then
cp -f /etc/aqueduct/issue.banner > /etc/issue
else
grep 'U\.S\.Government' /etc/issue > /dev/null
#END_CHECK
#BEGIN_REMEDY
if [ $? != 0 ]; then
cat <<EOF > /etc/issue
##########################################################################
# You are accessing a U.S. Government (USG) Information System (IS) #
# that is provided for USG-authorized use only. #
# #
# By using this IS (which includes any device attached to this IS), #
# you consent to the following conditions: #
# #
# -The USG routinely intercepts and monitors communications on this #
# IS for purposes including, but not limited to, penetration testing, #
# COMSEC monitoring, network operations and defense, personnel #
# misconduct (PM), law enforcement (LE), and counterintelligence (CI) #
# investigations. #
# #
# -At any time, the USG may inspect and seize data stored on this IS. #
# #
# -Communications using, or data stored on, this IS are not private, #
# are subject to routine monitoring, interception, and search, and #
# may be disclosed or used for any USG-authorized purpose. #
# #
# -This IS includes security measures (e.g., authentication and access #
# controls) to protect USG interests--not for your personal benefit or #
# privacy. #
# #
# -Notwithstanding the above, using this IS does not constitute consent #
# to PM, LE or CI investigative searching or monitoring of the content #
# of privileged communications, or work product, related to personal #
# representation or services by attorneys, psychotherapists, or clergy, #
# and their assistants. Such communications and work product are private #
# and confidential. See User Agreement for details. #
##########################################################################
EOF
fi
fi
#END_REMEDY