Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 2 Administering User and System Security

Securing Login Banners


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

Login banners are often used to display such system information as the system name, release version, and purpose of the system. This information can help an unauthorized user to learn more about the system. Following are some guidelines for creating more secure login banners:

  • Consult the legal department to determine an appropriate message.

  • Add a warning to the banner message prohibiting unauthorized use.

  • Be consistent in what is displayed in all banners regardless of the login method.

You can modify a banner in the following ways:

  • Modify the login banner defined in /etc/copyright and /etc/motd.

  • Modify the telnet banner defined in/etc/issue. The telnetd -b banner file command defines a custom banner. To use /etc/issue as the login banner, add the following lines to the /etc/inetd.conf file:

    telnet stream tcp nowait root /usr/lbin/telnetd \ telnetd -b /etc/issue

    When inetd starts telnetd, the banner in /etc/issue is used. See inetd(1M), telnetd(IM), and inetd.conf(4) for more information.

  • Modify the ftp banner defined in /etc/ftpd/ftpaccess, which is the ftpd configuration file. Other displayed messages are defined in /etc/ftpd/ftpaccess: greeting, banner, host name, and message. See ftpdaccess(4) and ftpd(1M) for more information.

Following is an unsecured telnet example showing a login banner:

# telnet computerAmy

The telnet login banner shows the release version and machine type. If an unauthorized user tries to use telnet to access computerAmy, this might be too much information.

Following is a telnet example showing a more secure login banner:

$ telnet computerMom


Connected to computerMom.city.company.com.

Escape character is '^]'.

Local flow control on


************************************************************** This is a private system operated for Hewlett-Packard company business. Authorization from HP management is required to use this system. Use by unauthorized persons is prohibited. *************************************************************

login: Connection closed by foreign host.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.