Warning banner

How can I add a warning to the login page of a RH Enterprise system
stating that the system is subject to monitoring, etc notifying the user
before he logs in
or completes the login process? The banner must require user intervention to
compete the login process in order to satify tacit complience issues.

Thanks,

Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Warning banner

--nextPart6379911.ErstFhvMoA
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

quoth the Kirkwood, David A:
> How can I add a warning to the login page of a RH Enterprise system
> stating that the system is subject to monitoring, etc notifying the user
> before he logs in
> or completes the login process? The banner must require user intervention
> to compete the login process in order to satify tacit complience issues.

Can you not just add the disclaimer to /etc/issue?
Seems the perfect place to me...

> Thanks,
>
> Dave

=2Dd

=2D-=20
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org
"...the number of UNIX installations has grown to 10, with more expected..."
=2D Dennis Ritchie and Ken Thompson, June 1972

--nextPart6379911.ErstFhvMoA
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBDjcsJwPD5Cr/3CJgRAoaaAJ9VUlfjrTNxGtsV6dgn0B3iuleUnwCc DvzP
8iaKi3aubdJlBQQVKyxxHU0=
=ckVf
-----END PGP SIGNATURE-----

--nextPart6379911.ErstFhvMoA--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Warning Banner

> Can you not just add the disclaimer to /etc/issue?
>Seems the perfect place to me...

>What's the ingress route? SSH / Telnet / Terminal / rlogin?

>SSH has settings that you can set in it's configuration file located in
>/etc

Ingress route is all inclusive. /etc/issue does not satisfy the requirements
for X11 greeting
and user intervention to complete the login process. For the terminal logins
I know I
can use a combination of the /etc/login, profile, and so forth, but the
problem is the X11
screen criteria...

>> How can I add a warning to the login page of a RH Enterprise system
>> stating that the system is subject to monitoring, etc notifying the user
>> before he logs in
>> or completes the login process? The banner must require user intervention
>> to compete the login process in order to satify tacit complience issues.

Dave

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Warning Banner

On 11/30/05, Kirkwood, David A wrote:
> Ingress route is all inclusive. /etc/issue does not satisfy the requirements
> for X11 greeting
> and user intervention to complete the login process. For the terminal logins
> I know I
> can use a combination of the /etc/login, profile, and so forth, but the
> problem is the X11
> screen criteria...

For X11 you can modify the Welcome in the gdm.conf or you can add a
command that will pop up a window in the global Xsession.

If you want something all-inclusive, you can look to adding a PAM
module and add acceptance of your terms as an authentication
requirement.

Personally, I see little utility in these warnings. My reading of the
law surrounding computer system access suggests that there is no legal
weight in these warnings, and that the system owner (company or
government entity) has the right to monitor or prosecute without such
warnings. At my last job, one of the lawyers agreed, saying that the
real weight is in a statement in an employee handbook -- clicking an
"OK" button on screen does not constitute a contract.

IINAL, but these banners or warnings are apparently a nuisance at best.

thornton
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Warning Banner

My solution (on Debian, FC1 and FC2):

- For local CLI logins:

Put my message into /etc/issue.

On sane systems, /etc/issue gets displayed every time a user logs in; on
the Fedora systems I had to add a line to /etc/profile so this would
work, like so:

....
/bin/cat /etc/issue
....

- For remote (ssh) logins:

Put my message into /etc/issue.net.

On sane systems, /etc/issue.net gets displayed to remote terminals right
after login. On less sane systems, you need to edit /etc/ssh/sshd_config
and uncomment the line:

Banner /etc/issue.net

Don't forget to restart sshd after that.

- For local GUI logins:

I've installed something called zenity and then created the script
/etc/gdm/PostLogin/Default containing the following:

if [ -f /etc/admin.msg ]
then
zenity --info --info-text "`cat /etc/admin.msg`"
fi

The "Default" script gets run by gdm right after login but before the
actual (usually gnome) session is set up. If there is a file in /etc
called "admin.msg", its contents get displayed in a nice graphical
window. If there is no such file, nothing happens.

I have the message in 3 different files so that I can customize things
depending on the access methods - and also depending on departmental
policies, but that's a different discussion.

Hope this helps

Yuri

Kirkwood, David A wrote:
>>Can you not just add the disclaimer to /etc/issue?
>>Seems the perfect place to me...
>
>
>>What's the ingress route? SSH / Telnet / Terminal / rlogin?
>
>
>>SSH has settings that you can set in it's configuration file located in
>>/etc
>
>
> Ingress route is all inclusive. /etc/issue does not satisfy the requirements
> for X11 greeting
> and user intervention to complete the login process. For the terminal logins
> I know I
> can use a combination of the /etc/login, profile, and so forth, but the
> problem is the X11
> screen criteria...
>
>
>>>How can I add a warning to the login page of a RH Enterprise system
>>>stating that the system is subject to monitoring, etc notifying the user
>>>before he logs in
>>>or completes the login process? The banner must require user intervention
>>>to compete the login process in order to satify tacit complience issues.
>
>
> Dave
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html

--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
Green Center Rm 249
Phone: (303) 273-3503
Fax: (303) 273-3475
Email: ycsapo@mines.edu

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Warning Banner

Thornton Prime wrote:
> Personally, I see little utility in these warnings. My reading of the
> law surrounding computer system access suggests that there is no legal
> weight in these warnings, and that the system owner (company or
> government entity) has the right to monitor or prosecute without such
> warnings. At my last job, one of the lawyers agreed, saying that the
> real weight is in a statement in an employee handbook -- clicking an
> "OK" button on screen does not constitute a contract.
>
> IINAL, but these banners or warnings are apparently a nuisance at best.

From a legal standpoint, of course I agree. On the other hand from my
administrative point of view I find them very useful. I use these things
for everything from helpful hints for users to warnings about recent
updates to the system.

I admin a few hundreds of Linux clients in public labs in a university
setting, I realize not everybody will have this need.

--
Yuri Csapo
Academic Computing & Networking
Colorado School of Mines
Green Center Rm 249
Phone: (303) 273-3503
Fax: (303) 273-3475
Email: ycsapo@mines.edu

Please use the following link to open a service request:
http://helpdesk.mines.edu
===========================================
With a PC, I always felt limited
by the software available.
On Unix, I am limited only by my knowledge.
--Peter J. Schoenster
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html