Title

RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a SSH logon. (Cat II impact)

Discussion

The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution. Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088

Check Content

Verify that any SSH connection to the operating system displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the system. Check for the location of the banner file currently being used with the following command: $ sudo /usr/sbin/sshd -dd 2>&1 | awk '/filename/ {print $4}' | tr -d '\r' | tr '\n' ' ' | xargs sudo grep -iH '^\s*banner' banner /etc/issue If the line is commented out or if the file is missing, this is a finding.

Fix Text

Configure RHEL 9 to display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via ssh. Edit the "etc/ssh/sshd_config" file or a file in "/etc/ssh/sshd_config.d" to uncomment the banner keyword and configure it to point to a file that will contain the logon banner (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor). An example configuration line is: Banner /etc/issue

Additional Identifiers

Rule ID: SV-257981r1045019_rule

Vulnerability ID: V-257981

Group Title: SRG-OS-000023-GPOS-00006

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.