HPE Community
Operating System - HP-UX
1854780 Members
23270 Online
104103 Solutions
New Discussion

telnet login banner message (actual text used)

 
SOLVED
Go to solution
Justin Willoughby
Regular Advisor

‎03-31-2003 07:14 AM

‎03-31-2003 07:14 AM

telnet login banner message (actual text used)


I know how to change the telnet banner message. What I would like to know is what others are changing their customer banner message to?

Our security person wanting to put some verbiage about unauthorized use is prohibited. But I am thinking this is sort of like telling someone who is trying to "get in" that there is something of value on this system. I am not sure I want that. Or it's kind of like telling a kid not to do something, in which case they will try even hard to do what they are told not to do.

What are others using for their customer telnet banners message?

Thanks!

- Justin
0 Kudos
Reply
12 REPLIES 12
Donald Kok
Respected Contributor

‎03-31-2003 07:19 AM

‎03-31-2003 07:19 AM

Re: telnet login banner message (actual text used)

Hi Justin,

Our legalpeople want us to put the "prohibited"-line, so they have more legal ways to act at hackers. They were warned.

HTH
Donald
My systems are 100% Murphy Compliant. Guaranteed!!!
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎03-31-2003 07:21 AM

‎03-31-2003 07:21 AM

Re: telnet login banner message (actual text used)

# This is to meet legal requirements...
cat /etc/copyright
# Display the Security Policy Screen
if [ -f /etc/secure_policy ]
then
cat /etc/secure_policy
echo "\t\t\tHit to continue \c"
read
fi
# Message of the Day
if [ -r /etc/motd ]; then
cat /etc/motd
fi


in /etc/profile

live free or die
harry
Live Free or Die
0 Kudos
Reply
Jdamian
Respected Contributor

‎03-31-2003 07:21 AM

‎03-31-2003 07:21 AM

Re: telnet login banner message (actual text used)

The solution is in the telnetd(1M) manual pages:


Options
telnetd has the following options.

-b [bannerfile] Specify a file containing a custom banner. This
option overrides the standard telnetd login
banner. For example, to use /etc/issue as the
login banner, have inetd start telnetd with the
following lines in /etc/inetd.conf (\ provides
line continuation):

telnet stream tcp nowait root /usr/lbin/telnetd telnetd -b/etc/issue

If bannerfile is not specified, telnetd does not
print a login banner.
0 Kudos
Reply
John Poff
Honored Contributor

‎03-31-2003 07:21 AM

‎03-31-2003 07:21 AM

Solution

Re: telnet login banner message (actual text used)

Hi,

When we setup our first Unix systems here five years ago, we started out with some decently strong language thanks to a consultant we had on site. He suggested that there are good legal reasons for posting strong language in the /etc/issue nagger, uh, I mean banner file. Since then, our Security guru had us go to even sterner language.

The idea is that the banner won't stop a hacker, but if you do get hacked and you get to prosecute them, it makes your lawyer's job a bit easier. Our guy also mentioned a case where the hacker was aquitted because the banner had the word 'welcome' in it which was interpreted to mean the site was open for anyone to try. I've never seen the actual case so I can't vouch for it, but it sounds reasonable.

JP
Reply
Duncan Edmonstone
HPE Pro

‎03-31-2003 07:22 AM

‎03-31-2003 07:22 AM

Re: telnet login banner message (actual text used)

Justin,

I vaguely remember a conversation I had with a security expert a few years ago, where he was comparing these system banners to 'Trespassers will be prosecuted' signs... the point he was making was that if you don't make it entirely clear that its illegal to attempt entry to the system and that you will be prosecuted if you do, then in court a cracker can claim that he didn't know he wasn't allowed in!


Here's one I've seen used often:

"NOTICE: Computer Security systems exist that are intended to prevent any person or device from making unauthorised use of this online network system. Legal action may result from unauthorised access attempts."

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
Colin Topliss
Esteemed Contributor

‎03-31-2003 07:22 AM

‎03-31-2003 07:22 AM

Re: telnet login banner message (actual text used)

Your security guy is correct. It's really a legal sort of issue. If you welcome someone to your system, you are effectively saying it is OK to access your system and its data - which is probably not what you want. With an appropriate message saying that unauthorised users will be prosecuted, you have some legal recourse should you want to prosecute someone for illegal access.

Also you'll find that some telnet banners consist of patch information - valuable for a would-be hacker to try and determine if your system has known vulnerabilities.

Kids will be kids - if they want to try and hack a system, they'll have a go no matter what the banner says - make it harder for them by not giving out any more information than you have to.
Reply
BFA6
Respected Contributor

‎03-31-2003 07:26 AM

‎03-31-2003 07:26 AM

Re: telnet login banner message (actual text used)

Hi Justin,

Our telnet banner gives no information about the system - i.e. is it unix, or what version of OS. And has the line Unauthorised access is not permitted.

Regards,

Hilary
0 Kudos
Reply
Marco Santerre
Honored Contributor

‎03-31-2003 07:30 AM

‎03-31-2003 07:30 AM

Re: telnet login banner message (actual text used)

Justin,

we also do a similar thing. And just like everyone else, it's not a matter of saying that something is of value, but it's for the company and/or the lawyers to have more recourses against such a use if that was the case.
Cooperation is doing with a smile what you have to do anyhow.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎03-31-2003 07:35 AM

‎03-31-2003 07:35 AM

Re: telnet login banner message (actual text used)

It's important to add the -b option to telnetd and also to rlogind (it's -B there). The reason is that there is a default banner provided by telnet and it is uname -a which is a bad thing! uname -a provides the type of system (HPUX), the model of the system and the revision of the opsystem--WAY TOO MUCH INFO!

I would put the name of the system and nothing else (except the legal junk) in /etc/issue and make that the banner for rlogind and telnetd (it's automatic for terminals and modems). Don't use the default.


Bill Hassell, sysadmin
Reply
Justin Willoughby
Regular Advisor

‎03-31-2003 12:36 PM

‎03-31-2003 12:36 PM

Re: telnet login banner message (actual text used)


Thanks to all who replied. It does sound like the strong language does need to be there and our security person is right on track.

Thanks again!

- Justin
0 Kudos
Reply
Ron Cornwell
Trusted Contributor

‎03-31-2003 06:06 PM

‎03-31-2003 06:06 PM

Re: telnet login banner message (actual text used)

Here is what we use:

LEGAL NOTICE
--------------------
Authorized users only. Use of this system may be monitored and recorded by systems personnel. Users expressly consent to such monitoring and are advised that suspected criminal activity will be reported to law enforcement
0 Kudos
Reply
Michael Tully
Honored Contributor

‎03-31-2003 06:14 PM

‎03-31-2003 06:14 PM

Re: telnet login banner message (actual text used)

Sometimes this might actually present a challenge to a potential hacker. Why give any information at all?

We use a simple method, the system name only, to tell us what system we are connecting to. These system names only mean something to us.
(KISS principle)
Anyone for a Mutiny ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.