← Rules Catalog
mediumsystemverified rollback-safe

Configure login warning banner

banner-dod-consent · RHEL ≥ 8 · 1 impl

Description

The system must display an authorized-use warning banner before granting local or remote access. The banner text is written to /etc/issue, which sshd displays via the Banner directive (see ssh-banner rule). The check verifies that the file contains meaningful warning text, not just the OS default. Customize the text by setting the banner_text variable in rules/rules.d/.

Rationale

A pre-authentication banner establishes the legal basis for monitoring and prosecution of unauthorized access. Without a warning banner, an attacker may claim they were unaware the system was restricted.

Check → Remediate

Checkcommand
if [ ! -s /etc/issue ]; then
  echo "FAIL: /etc/issue is empty or missing"
  exit 1
fi
# Strip getty escape sequences (\S, \r, \m, \l, etc.) and whitespace
textlen=$(sed 's/\\[[:alpha:]]//g' /etc/issue | tr -d '[:space:]' | wc -c)
if [ "$textlen" -lt 20 ]; then
  echo "FAIL: /etc/issue has no meaningful warning text ($textlen chars after stripping escapes)"
  exit 1
fi
echo "OK: /etc/issue contains warning banner ($textlen meaningful chars)"
expected_exit:
0
Remediatefile_content
path:
/etc/issue
content:
{{ banner_text }}
owner:
root
group:
root
mode:
0644

Framework references

CIS

rhel9 1.7.2rhel8 1.7.2rhel10 1.7.2

STIG

V-281227 / RHEL-10-700040V-257779V-230227

NIST 800-53

AC-8

Live verification

rhel10:checkrhel8:checkrhel9:check
#banner#compliance#login