- On Linux systems, put pre-login banner text in the files /etc/banner, /etc/issue, and /etc/issue.net; and the after-login banner in /etc/motd.
- For OpenSSH servers (e.g. on Linux systems), activate the banner use (by SSH/SFTP/SCP) by including following (uncommented) line in /etc/ssh/sshd_config:
Banner /etc/banner
- TELNET:
- On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
banner = /etc/issue
- Older versions of TELNET may be using /etc/default/telnetd containing the block:
BANNER="\\n nThis should be a telnet banner\\n n"
- On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
- FTP:
- If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
banner = /etc/issue
- If wu-ftpd is used (on Linux), edit /etc/ftpaccess to add following line:
banner = /etc/issue
- FTP may be using /etc/ftpd/banner.msg (or any file external to /etc/ftpd/ftpaccess) by specifying following line:
banner /etc/ftpd/banner.msg
in /etc/ftpd/ftpaccess.
- If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
2012.04.27
Logon Banners
Filed under: infosec, security hardening, web security — Tags: banner, ftp, logon banner, openssh, sftp, ssh, telnet — sandokan65 @ 15:06
Eikonal Blog 
