5.8 Ensure a Login Window Banner Exists

Information

A Login window banner warning informs the user that the system is reserved for authorized use only. It enforces an acknowledgment by the user that they have been informed of the use policy in the banner if required. The system recognizes either the .txt and the .rtf formats.

Rationale:

An access warning may reduce a casual attacker's tendency to target the system. Access warnings may also aid in the prosecution of an attacker by evincing the attacker's knowledge of the system's private status, acceptable use policy, and authorization requirements.

Impact:

Users will have to click on the window with the Login text before logging into the computer.

Solution

Edit (or create) a PolicyBanner.txt or PolicyBanner.rtf file, in the /Library/Security/ folder, to include the required login window banner text.
Perform the following to set permissions on the policy banner file:

sudo chmod o+r /Library/Security/PolicyBanner.txt

sudo chmod o+r /Library/Security/PolicyBanner.rtf

Note: If your organization uses an .rtfd file to set the policy banner, run sudo chmod -R o+rx /Library/Security/PolicyBanner.rtfd to update the permissions.

See Also

https://workbench.cisecurity.org/files/4004