Lynis says my /etc/issue is weak - how to strengthen?
When hardening my system with Lynis I had information about /etc/issue and /etc/issue.net being found weak.
Lynis redirects me to Enterprise, which is a paid product and a bit overkill for my home server. So, my question:
- wouldn't those be only binding legally, as in, helpful to strengthen the claim that everyone logging in would see it's my system?
- what would you consider "STRONG" in this case?
- what would /l be in /etc/issue? (
man issueandman agettydid not help)
1 answer
The following users marked this post as Works for me:
| User | Comment | Date |
|---|---|---|
| LAFK | (no comment) | Nov 15, 2023 at 21:40 |
It turns out, that Lynis test code lives in /usr/share/lynis/include/test_banners which gave me a way to find what banner is considered good. :-) In my case, it's to have 5 or more specific keywords.
Both banners are being shown to users logging in via SSH, locally or through the network, and yes, these are more on the legal/repudiation/audit side than actual hard defenses.
And the \l is a... getty escape sequence. And man agetty was the right place to search, but not for \l but just for ^ *l, this yielded few hits, among them:
l
Insert the name of the current tty line.
0 comment threads
0 comment threads