Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 2 Administering User and System Security

Securing Login Banners
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Login banners are often used to display such system information as the system name, release version, and purpose of the system. This information can help an unauthorized user to learn more about the system. Following are some guidelines for creating more secure login banners:

  • Consult the legal department to determine an appropriate message.

  • Add a warning to the banner message prohibiting unauthorized use.

  • Be consistent in what is displayed in all banners regardless of the login method.

You can modify a banner in the following ways:

  • Modify the login banner defined in /etc/copyright and /etc/motd.

  • Modify the telnet banner defined in/etc/issue. The telnetd -b banner file command defines a custom banner. To use /etc/issue as the login banner, add the following lines to the /etc/inetd.conf file:

    telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -b /etc/issue

    When inetd starts telnetd, the banner in /etc/issue is used. See inetd(1M), telnetd(IM), and inetd.conf(4) for more information.

  • Modify the ftp banner defined in /etc/ftpd/ftpaccess, which is the ftpd configuration file. Other displayed messages are defined in /etc/ftpd/ftpaccess: greeting, banner, host name, and message. See ftpdaccess(4) and ftpd(1M) for more information.

Following is an unsecured telnet example showing a login banner:

# telnet computerAmy

The telnet login banner shows the release version and machine type. If an unauthorized user tries to use telnet to access computerAmy, this might be too much information.

Following is a telnet example showing a more secure login banner:

$ telnet computerMom

Trying...

Connected to computerMom.city.company.com.

Escape character is '^]'.

Local flow control on

Telnet TERMINAL-SPEED option ON

************************************************************** This is a private system operated for Hewlett-Packard company business. Authorization from HP management is required to use this system. Use by unauthorized persons is prohibited. *************************************************************

login: Connection closed by foreign host.



Protecting Against System Access by Remote Devices
  		 


Protecting the root Account  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.