5.2.15 Ensure SSH warning banner is configured (Scored)

Level 1 - Server
Level 1 - Workstation

Description

The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed.

Banners are used to warn connecting users of the particular site's policy regarding connection. Presenting a warning message prior to the normal user login may assist the prosecution of trespassers on the computer system.

Run the following command and verify that output matches:

# grep "^Banner" /etc/ssh/sshd_config 
Banner /etc/issue.net

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

Banner /etc/issue.net

5.2.15 Ensure SSH warning banner is configured (Scored)

Profile Applicability

Description

Rationale

Audit

Remediation

SecScan