1.7.1 Ensure message of the day is configured properly

Information

The contents of the /etc/motd file are displayed to users after login and function as a message of the day for authenticated users.

Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who are developing software for a particular OS platform. If mingetty(8) supports the following options, they display operating system information: m - machine architecture r - operating system release s - operating system name v - operating system version

Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. Displaying OS and patch level information in login banners also has the side effect of providing detailed system information to attackers attempting to target specific exploits of a system. Authorized users can easily get this information by running the " uname -a " command once they have logged in.

Solution

Edit the file found in /etc/motd.d/* with the appropriate contents according to your site policy, remove any instances of m r s v or references to the OS platform

- OR -

- IF - the motd is not used, this file can be removed.

Run the following command to remove the motd file:

# rm /etc/motd

Run the following script and review and/or update all returned files' contents to:

- Remove all system information ( v r ; m s )
- Remove any refence to the operating system
- Ensure contents follow local site policy

#!/usr/bin/env bash

{
a_files=()
for l_file in /etc/motd{,.d/*}; do
if grep -Psqi -- "(\v|\r|\m|\s|b$(grep ^ID= /etc/os-release | cut -d= -f2 | sed -e 's/"//g')b)" "$l_file"; then
echo -e "
- File: \"$l_file\" includes system information. Edit this file to remove these entries"
else
a_files+=("$l_file")
fi
done
if [ "${#a_files[@]}" -gt 0 ]; then
echo -e "
- ** Please review the following files and verify their contents follow local site policy **
"
printf '%s
' "${a_files[@]}"
fi
}

See Also

https://workbench.cisecurity.org/benchmarks/18211

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a.

Plugin: Unix

Control ID: 949d27170d858a91bbb0606305b12e3942e5d0f737541f164b7ea1c3400dc078