Browse Source
Configure interactive logon message
This is also covers the following CIS items * CIS 1.7.1.5 Ensure permissions on /etc/issue are configured (Scored) Change-Id: If8c237ff4db7e9ab7ee244278d28f632e73ecb56 Related-Prod: PROD-19166pull/149/head
Dmitry Teselkin
6 years ago
5 changed files with 53 additions and 0 deletions
+ 24
- 0
README.rst
View File
| bash: | bash: | ||||
| preserve_history: true | preserve_history: true | ||||
| Login banner message | |||||
| ~~~~~~~~~~~~~~~~~~~~ | |||||
| /etc/issue is a text file which contains a message or system | |||||
| identification to be printed before the login prompt. It may contain | |||||
| various @char and \char sequences, if supported by the getty-type | |||||
| program employed on the system. | |||||
| Setting logon banner message is easy: | |||||
| .. code-block:: yaml | |||||
| liunx: | |||||
| system: | |||||
| banner: | |||||
| enabled: true | |||||
| contents: | | |||||
| UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED | |||||
| You must have explicit, authorized permission to access or configure this | |||||
| device. Unauthorized attempts and actions to access or use this system may | |||||
| result in civil and/or criminal penalties. | |||||
| All activities performed on this system are logged and monitored. | |||||
| Message of the day | Message of the day | ||||
| ~~~~~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~ | ||||
+ 6
- 0
linux/map.jinja
View File
| }, | }, | ||||
| }, grain='os_family', merge=salt['pillar.get']('linux:system')) %} | }, grain='os_family', merge=salt['pillar.get']('linux:system')) %} | ||||
| {% set banner = salt['grains.filter_by']({ | |||||
| 'BaseDefaults': { | |||||
| 'enabled': false, | |||||
| }, | |||||
| }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %} | |||||
| {% set auth = salt['grains.filter_by']({ | {% set auth = salt['grains.filter_by']({ | ||||
| 'Arch': { | 'Arch': { | ||||
| 'enabled': false, | 'enabled': false, |
+ 10
- 0
linux/system/banner.sls
View File
| {%- from "linux/map.jinja" import banner with context %} | |||||
| {%- if banner.get('enabled', False) %} | |||||
| /etc/issue: | |||||
| file.managed: | |||||
| - user: root | |||||
| - group: root | |||||
| - mode: 644 | |||||
| - contents_pillar: linux:system:banner:contents | |||||
| {%- endif %} |
+ 3
- 0
linux/system/init.sls
View File
| {%- if system.auth is defined %} | {%- if system.auth is defined %} | ||||
| - linux.system.auth | - linux.system.auth | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- if system.banner is defined %} | |||||
| - linux.system.banner | |||||
| {%- endif %} |
+ 10
- 0
tests/pillar/system_banner.sls
View File
| linux: | |||||
| system: | |||||
| enabled: true | |||||
| banner: | |||||
| enabled: true | |||||
| contents: | | |||||
| ================= WARNING ================= | |||||
| This is tcpcloud network. | |||||
| Unauthorized access is strictly prohibited. | |||||
| =========================================== |
Loading…