What's in Your Issue File? 31
Tony Shepps asks: "A recent story about security kept this question in my mind: what should one really put in the /etc/issue file, for those systems that permit telnet? I know that logins that say "welcome" are a bad idea, but is it necessary to have a ton of legalese there? How about company name? System name? Is one type of login more (or less) attractive to crackers? Does anyone have anything lighthearted or funny there?" How about sweet ANSI banner? Or the proper legalese and disclaimers take away from the intended effect?
My /etc/issue.net (Score:1)
My /etc/issue.net formatted right... (Score:1)
Connected to localhost.
Escape character is '^]'.
Debian GNU/Linux 2.2 ursine.dyndns.org
Unauthorized login is naughty.
ursine login:
how about... (Score:1)
$ telnet xxxx.xxxxx.xx
Trying xxx.xx.xxx.xx...
Connected to xxxx.xxxxx.xx.
Escape character is '^]'.
Dies ist ein Mailserver.
Mit anderen Worten:
Unsere Rechtsabteilung findet es sehr interessant,
was Sie so mit unserem Mailserver machen wollen.
Bis demnächst, vor Gericht
Hochachtungsvoll
Ihre Xxxxx-Xxx Xxxxxxxxxxxxxx GmbH
login:
Login incorrect
Connection closed by foreign host.
translation:
This is a mailserver.
In other words:
Our legaldepartment finds it very interresting,
what you would like to do with our mailserver.
See you in court.
respectfully
your Xxxxx-Xxx Xxxxxxxxxxxxxx GmbH
greetings, eMBee.
--
Some things.. (Score:3)
Some other things to stay away from are:
Some things you should have:
my /etc/issue file (Score:1)
On my Laptop... (Score:2)
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Legal disclaimer needed (Score:1)
I was told several years ago by the lawyers we needed to put the disclaimer in because an under informed judge had ruled you could not prosecute someone if you did not tell them they are not allowed in your system.
While this may seem as silly as requiring me to post signs in my yard "It is illegal to steal from this location" apparently it is because I am merely a layman.
I wonder if this was ever really a case or if an urban legend made its way into legal circles.
Quiz time: Can anyone site the case?
Re:Some things.. (Score:1)
My personal preference is to have two (or more) names for each machine. Like if I had one machine running ftpd, bind, and sendmail, it would be called ftp.randombit.net, dns.randombit.net, and mail.randombit.net, along with a "normal" name like siouxsie or fiona (which the IP address will normally resolve to). That lets you move services from one machine to another with minimal disruption while still getting to use nice names normally.
System status notes. A "We were down last night from 8-12" is a nice notice to have for regular users. Just don't let it get outdated
/etc/motd is generally a better place for that, especially as people ssh'ing will still see it.
Re:Legal disclaimer needed (Score:1)
I don't know the answer, but it's best to err on the side of caution. So (if you really have to run telnet - ick), put something like "NO UNAUTHORIZED ACCESS" into your
Remember... (Score:2)
Though if you're not running telnet (good move), it doesn't matter much either way (I like have a nice issue message on the console, and ssh doesn't display the issue file).
What's in Your Issue File? (Score:2)
a better idea (Score:1)
Here's mine (Score:1)
* This system is for authorized use only. *
***********************************************
This system is for authorized use only. Any resemblance to any operating
system living or dead is purely coincidental. All trademarks are copyleft ())
their respective authors. All rights reversed.
I like it. Yes, you could make a good guess as to my operating system (Linux) based on the content,
but you could find that out with a TCP/IP stack
fingerprinting tool like nmap anyway.
I used to work at a university, where we were
constantly bombarded by script kiddie attacks.
Back then, I used this
***********************************************
* This system is for authorized use only, r0dent! *
***********************************************
Then again, I doubt anyone ever saw it, since the
only service I ran was ssh.
By the way, those messages are padded with enough spaces to make the middle asterisk line up on the
right. Methinks we just stumbled across a very
subtle Slash bug.
Vovida, OS VoIP
Beer recipe: free! #Source
Cold pints: $2 #Product
Re:Here's mine (Score:1)
Yes, a bug called HTML. You just have to put in the appropriate formatting tags...
Re:Legal disclaimer needed (Score:1)
I reminded the Seattle police officer at the headend of the ferry dock, after he had thrown the cutter out of line, that there was a $50.00 fine for cutting in ferry lines.
He said he knew that, but as the cutter had not received formal notification of the law, the law would not be upheld in court if the cutter was cited and challenged the ticket, so the officer wouldn't even bother writing him up!
Apparently, ignorance of the law (some of 'em, anyway...) is an excuse.
I don't know if this is only a Washington State deal, or what.
The Seattle police officer sounded as though this general concept is why so god damn many criminals get off the hook so easily..
His personal perspective, I'm sure...
t_t_b
--
My /etc/issue.net (Score:2)
Here's mine: (Score:2)
..ooOOOOooo....OOOOOOOOO OOOOOOOOOOOOOOOOOOOOOOOOOOOOOP
oOOOOOOOOOOOOOOOOOoo.OOOOOOOOOOOOOOOOOOOOOOOOOO
.OOOOOOOOOOOOOOOOOOOOOOO#OOOOOOOOOOOOOOOOOOOOOO
.OOOOOOOOOOOOOOOOOOOOOOOOOO#OOOOOOOOOOOOOOOOOOO
oOOOOOOOOOOOOOOOOOOOOOOOOOOOO#OOOOOOOOOOOOOOOOO
.OOOOOOOOOOOOOOOOOOOOOOOOOOOOOO#OOOOOOOOOOOOOOO
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOP######O##
OOOOOOOOOOOOOOOOOOOOOOOP#####################..
O#########OP.############################......
O####P..#############.## ###########.######...WWWWWWWWWWWWW
P..########## 
..##########
'..:.......#########.oO#OOo#.#####.#####....###
........########OO###OOOo#####.#####.#.##. ###
.........######OOO##OOOP###.#####.## ##.#.##
...##########oOOOO Oo###.####.##.####.#
#######.....
#######.
Welcome ###.##oO.OOO##
##.#OOO.OOO##+-------------------+
to ##.oOOO.OO#|*-*LINUX*-* |
OOOOOO#| |
tettie.wtower.com OOOOOOO.|-*- 2.0.36-*-|
oOOOOO.+-------------------+
oOOOO.
oO.
I know this will come out looking like shit since it looked fine in preview mode.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Don't remove *too* much! (Score:2)
The problem? Consider the analogy to "stealing a car" in a crowded parking lot. If you drive a white Neon but are trying to get into a blue pickup, you've got some explaining to do. But if you drive a white Neon and you're trying to get into another white Neon - esp. in the same general area as your car - it's an innocent mistake. People aren't required to verify license plates and VINs before driving off, and there have been cases where a person innocently drove off in the wrong car because everything - even the keys - matched.
Of course, we all know that the same thing could never happen on the internet. People never misspell hostnames or IP addresses. The DNS system is never fscked up. (*snort*)
You can probably guess my point now. An "unauthorized access prohibited" message begs the question - *who is authorized*? You seem to leak a little information with
This system is maintained by Megacorp Corp.
Unauthorized access prohibited.
but that information is available to attackers anyway via "whois" on the IP address. (It's also available to people making honest mistakes... but when's the last time you checked the plates on *your* car?!) In the meanwhile, with that additional statement it's *much* harder for someone to argue that they innocently mistook your system for another one. After all, other than the
Beyond that, I agree completely with the minimalist approach. Some people would add a telephone number, but I would usually discourage that.
Re:Legal disclaimer needed (Score:1)
Can't remember what the exact terminology was, it fell right in next to the Habeus Corpus...
What it boiled down to was that you can't be prosecuted for a crime you didn't know you committed...
Say I move into town and I own a poodle. Turns out owning a poodle in that town is punishable by 90 days in the local prison. I didn't know that, should I be sent to jail for some obscure ruling I was unaware of.
Granted everyone should be aware of all laws applied to them, in the case of the ferry cutter that was just indecent.
give very little info, scare the script kiddies (Score:2)
This is the AntiCypher main server, maintained by the European Cryptanalysis Association
You are connecting from %%unauthorised-IP-address%%, your unauthorised access has been traced and logged.
Access to this server is strictly forbidden. All access and hacking attempts are logged for prosecution.
Please disconnect now.
The system administration team, security.alert@anti.co.uk
-------end
With a message like this, you don't give away any information about your system. Certainly the information can be obtained through other means, but why help the script kiddies. You've got the basic "go away" requirement to keep the lawyers happy and if another system manager comes knocking on your door, there is an email address for them to contact. Don't put telephone numbers, you are only asking for trouble.
the AC
IANAL, but here's some advice anyway... :) (Score:2)
Now, not to advocate "security through obscurity", but posting information about the system that is potentially useful to crackers is a Very Bad Idea. Sure, they may very well be able to get it through other means, but the way you make a system unattractive to hackers is to make it harder and more tedious to break into your system than the next system...
Make them fight for every inch.
But this is all somewhat beside the point. There are far more important, fundamental security measures than what your
-JF
Re:Put up no extra info (Score:1)
from a machine at NIH (not telling which one) (Score:2)
WARNING!
This is a U.S. Government computer system, which may be accessed and used only for official Government business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil, and/or administrative action.
All information on this computer system may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Such information includes sensitive data encrypted to comply with confidentiality and privacy requirements.
Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy in this system.
Red Hat Linux release 6.1 (Cartman)
Kernel 2.2.12-20smp on a 2-processor i686
login:
really irrelevant here... (Score:1)
Anyway, lot's of good that warning note will do for you as you try to prosecute a cracker that has attacked your machine from his home in Khazakstan.
Re:really irrelevant here... (Score:1)
Actually, in many countries trespassing isn't trespassing unless there's a sign up saying "Keep out or we sue your ass" (or whatever) OR the owner of the property tells the trespasser to leave and is not obeyed.
Re:Legal disclaimer needed (Score:1)
issues with issue (Score:1)
Other unices (for example, that horrible piece of antiquated cruft HP-UX 11.00) may use telnet daemons that automagically generate the hostname/opsys version header to telnet; these can be fixed by adding a switch to the telnet invocation line in
--Charlie
Confusing ANSI Art, or Punk Pigs (Score:2)
I'm guessing a pig with a mohawk and its right eye hanging out of the socket sticking out it's tongue and saying, "WASSUP!!"
Make sure your courier font is fixed-width. (Score:2)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Simple: "Go Away" (with link!) (Score:1)
I use a very simple, lightly ANSI-fied /etc/issue. It says, in red, blinking letters, "Go Away".
Plain, simple, effective.
Once upon a time, I put up a web simulation of my machine's login sequence. At the time, the machine was named Asylum. You can find the web simulation here, at my old college account [bradley.edu]. You can read more about the Asylum here [bradley.edu]. (It's fun, click the link.) Ahh the memories...
--Joe--
Here's mine! (Score:1)
***********************************************
* WARNING *
* The programs, data and confidential information stored on this *
* computer system are either licensed to or are the property of *
* xxxxx xxxxxxxxxx and its subsidiaries and affiliates. Access *
* to any program, data or confidential information on this system *
* must be specifically authorized by xxxxx xxxxxxxxxx. Unauthorized *
* access to any program, data or confidential information on this *
* system is expressly prohibited. This system may be monitored at *
* any time for operational or security reasons. It is a criminal *
* offence (i) to secure unauthorized access to this computer system, *
* or (ii) to make any unauthorized modifications to the contents of *
* this computer system. Offenders are subject to criminal and civil *
* prosecution. Therefore, if you are not an authorized user, *
* DO NOT ATTEMPT TO LOGON. *
***********************************************
login: