Something that you really, really don’t want is to have a login banner that says something to the effect of Welcome to our network. I say that because, quite a few years ago, I attended a mentored SANS course on incident handling. Our instructor told us a story about how a company took a suspected network intruder to court, only to get the case thrown out. The reason? The alleged intruder said, “Well, I saw the message that said Welcome to the network, so I thought that I really was welcome there.” Yeah, supposedly, that was enough to get the case thrown out.
A few years later, I related that story to the students in one of my Linux admin classes. One student said, “That makes no sense. We all have welcome mats at our front doors, but that doesn’t mean that burglars are welcome to come in.” I have to confess that he had a good point, and I now have to wonder about the veracity of the story.
At any rate, just to be on the safe side, you do want to set up login messages that make clear that only authorized users are allowed to access the system.
Using the motd file
The /etc/motd file will present a message banner to anyone who logs in to a system through Secure Shell. On your CentOS machine, an empty motd file is already there. On your Ubuntu machine, the motd file isn’t there, but it’s a simple matter to create one. Either way, open the file in your text editor and create your message. Save the file and test it by remotely logging in through Secure Shell. You should see something like this:
firstname.lastname@example.org's password: Last login: Sat Oct 7 20:51:09 2017 Warning: Authorized Users Only! All others will be prosecuted. [maggie@localhost ~]$
motd stands for Message of the Day.
Ubuntu comes with a dynamic MOTD system that displays messages from Ubuntu’s parent company and messages about the operating system. When you create a new motd file in the /etc directory, whatever message you put in it will show up at the end of the dynamic output, like so:
Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-54-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Sat Jul 13 00:21:49 UTC 2019 System load: 0.0 Processes: 89 Usage of /: 20.9% of 20.42GB Users logged in: 1 Memory usage: 14% IP address for enp0s3: 192.168.0.3 Swap usage: 0% * MicroK8s 1.15 is out! It has already been installed on more than 14 different distros. Guess which ones? https://snapcraft.io/microk8s 153 packages can be updated. 25 updates are security updates. Warning!!! Authorized users only! Last login: Sat Jul 13 00:09:30 2019 donnie@packtpub1:~$
The Warning!!! Authorized users only! line is what I placed into the /etc/motd file.
Using the issue file
The issue file, also found in the /etc directory, shows a message on the local terminal, just above the login prompt. A default issue file would just contain macro code that would show information about the machine. Here’s an example from an Ubuntu machine:
Ubuntu 18.04 LTS \n \l
Or, on a Red Hat/CentOS machine, it would look like this:
\S Kernel \r on an \m
On an Ubuntu machine, the banner would look something like this:
Ubuntu 18.04 LTS Linuxconcept tty Hint: Num Lock on linuxconcept login: _
On a CentOS machine, it would look something like this:
CentOS Linux 7 (Core) Kernel 3.10.0-693.2.2.e17.x86_64 on an x86_64 localhost login: _
You could put a security message in the issue file, and it would show up after a reboot:
Warning! Authorized User Only! CentOS Linux 7 (Core) Kernel 3.10.0-693.2.2.e17.x86_64 on an x86_64 localhost login: _
In reality, is there really any point in placing a security message in the issue file? If your servers are properly locked away in a server room with controlled access, then probably not. For desktop machines that are out in the open, this would be more useful.
Using the issue.net file
Just don’t. It’s for telnet logins, and anyone who has telnet enabled on their servers is seriously screwing up. However, for some strange reason, the issue.net file still hangs around in the /etc directory.