Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Logon Banner / Message of the day

Follow
Avatar
Michael Crandall

Does anyone know if we can add something when you logon that states "Authorized Users Only"?   Some warning banner before clicking to continue etc.

0

Comments

9 comments

Sort by Date Votes
  • Avatar
    Michael Bierman

    Do you mean login via SSH?

    You could modify the most, though I prefer not to mess with anything I don’t need to since firewalla uses those.

    I don’t k or if a way to require “consent” before ssh.

    are you permitting SSH from outside the network? Who will have ssh from inside your network? What are you trying to safeguard?

    0
    Comment actions Permalink
  • Avatar
    Michael Crandall

    It is more about compliance and meeting a NIST control.   Any logon would be preferred but any pop up that you have to consent to as an authorized user would be fantastic or we can't recommend this product to users that require this simple NIST control.  

    No external access nor any unauthorized (app / website) usage... just a damn control.  

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Can you just disable ssh?

    0
    Comment actions Permalink
  • Avatar
    Michael Crandall

    Yes, but then we can't manage the system.   The control we are looking to meet is:

    Provide privacy and security notices -   These are how that is answered:

      Does the logon screen display notices upon initial logon?

      Does the system display the system use information before granting access?

      Does the system ensure that any references to monitoring, recording, or auditing are consistent with privacy accommodations?

     

      So a basic logon banner would read: 

    This system is for authorized use only.   By entering you consent to monitoring.   

     

    0
    Comment actions Permalink
  • Avatar
    Hold It Down
    • Edited
    • Login with pi username
    • Change to root
    sudo su -
    •  Backup sshd_config file
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
    • Open sshd_config
    vi /etc/ssh/sshd_config
    • Find the commented banner option
    #Banner
    • Press the Insert key to enter insert mode
    <Insert>
    • Uncomment the banner option (remove the #) and determine the path and name where you want the banner.  /etc/banner is commonly used
    Banner /etc/banner
    • Press Esc button to exit Insert mode
    <Esc>
    • Save and exit command and press Enter key
    :x
    <Enter>
    • Create a new file with your banner information 
    echo "WARNING: This system is for authorized use only. Unauthorized use is prohibited and may be subject to criminal and civil penalties. Use of the system may be monitored and recorded." > /etc/banner
    • Restart the sshd service
    systemctl restart sshd

    Test the banner from another session

    Exit root

    Only 34 more NIST AC's to go

    1
    Comment actions Permalink
  • Avatar
    Chris Hewitt

    I wonder how many things will break if CIS Benchmarks are applied (thoughtfully).

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman
    • Edited

    @Hold it Down

    You probably need to add a startup script to make this change permanent, or it may be overwritten at some point.

    https://help.firewalla.com/hc/en-us/articles/360054056754-Customized-Scripting 


    0
    Comment actions Permalink
  • Avatar
    Hold It Down

    @Michael Bierman. I think you meant @Michael Crandall. My post was in response to his question. Thank you.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Hold it Down maybe I'm misunderstanding? You provided steps to answer his question. My suggestion is that for such a change to remain persistant you need to put a script in place or it may be overwritten in the future. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post