The operating system must display the DoD approved system use notification message or banner for SSH connections.
An XCCDF Rule
Description
<VulnDiscussion>Warning messages inform users who are attempting to log in to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. As implementing a logon banner to deter inappropriate use can provide a foundation for legal action against abuse, this warning content should be set as appropriate.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216159r958390_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
The root role is required.
Edit the SSH configuration file.
# pfedit /etc/ssh/sshd_config