Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Lynis says my /etc/issue is weak - how to strengthen?

+1
−0

When hardening my system with Lynis I had information about /etc/issue and /etc/issue.net being found weak.

Lynis redirects me to Enterprise, which is a paid product and a bit overkill for my home server. So, my question:

  1. wouldn't those be only binding legally, as in, helpful to strengthen the claim that everyone logging in would see it's my system?
  2. what would you consider "STRONG" in this case?
  3. what would /l be in /etc/issue? (man issue and man agetty did not help)
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

1 answer

+1
−0

It turns out, that Lynis test code lives in /usr/share/lynis/include/test_banners which gave me a way to find what banner is considered good. :-) In my case, it's to have 5 or more specific keywords.

Both banners are being shown to users logging in via SSH, locally or through the network, and yes, these are more on the legal/repudiation/audit side than actual hard defenses.

And the \l is a... getty escape sequence. And man agetty was the right place to search, but not for \l but just for ^ *l, this yielded few hits, among them:

l
    Insert the name of the current tty line.
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »