Check: RHEL-09-255025
RHEL 9 STIG:
RHEL-09-255025
(in version v1 r1)
Title
RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a SSH logon. (Cat II impact)
Discussion
The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution. Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088
Check Content
Verify any SSH connection to the operating system displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the system. Check for the location of the banner file being used with the following command: $ sudo grep -i banner /etc/ssh/sshd_config banner /etc/issue This command will return the banner keyword and the name of the file that contains the SSH banner (in this case "/etc/issue"). If the line is commented out, this is a finding.
Fix Text
Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via ssh. Edit the "/etc/ssh/sshd_config" file to uncomment the banner keyword and configure it to point to a file that will contain the logon banner (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor). An example configuration line is: Banner /etc/issue
Additional Identifiers
Rule ID: SV-257981r925930_rule
Vulnerability ID: V-257981
Group Title: SRG-OS-000023-GPOS-00006
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000048 |
The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. |
CCI-001384 |
The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access. |
CCI-001385 |
The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001386 |
The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001387 |
The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
CCI-001388 |
The information system, for publicly accessible systems, includes a description of the authorized uses of the system. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |