{"description": "To enable the warning banner and ensure it is consistent\nacross the system, add or correct the following line in\n\n<tt>/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</tt>:\n\n<pre>Banner /etc/issue.net</pre>\nAnother section contains information on how to create an\nappropriate system-wide warning banner.", "rationale": "The warning message reinforces policy awareness during the logon process and\nfacilitates possible legal action against attackers. Alternatively, systems\nwhose ownership should not be obvious should ensure usage of a banner that does\nnot provide easy attribution.", "severity": "medium", "references": {"cjis": ["5.5.6"], "cobit5": ["DSS05.04", "DSS05.10", "DSS06.10"], "cui": ["3.1.9"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"], "isa-62443-2009": ["4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.2", "SR 1.5", "SR 1.7", "SR 1.8", "SR 1.9"], "iso27001-2013": ["A.18.1.4", "A.9.2.1", "A.9.2.4", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["AC-8(a)", "AC-8(c)", "AC-17(a)", "CM-6(a)"], "nist-csf": ["PR.AC-7"], "srg": ["SRG-OS-000023-GPOS-00006", "SRG-OS-000228-GPOS-00088"], "cis": ["5.1.5"], "stigid": ["UBTU-22-255020"], "stigref": ["SV-260525r958390_rule"]}, "control_references": {"cis": ["5.1.5"], "stigid": ["UBTU-22-255020"]}, "components": [], "identifiers": {}, "ocil_clause": "the required value is not set", "ocil": "To determine how the SSH daemon's <tt>Banner</tt> option is set, run the following command:\n\n<pre>$ sudo grep -i Banner /etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</pre>\n\n\nIf a line indicating <tt>/etc/issue.net</tt> is returned, then the required value is set.\n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Enable SSH Warning Banner", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner_net/rule.yml", "template": {"name": "sshd_lineinfile", "vars": {"parameter": "Banner", "value": "/etc/issue.net", "datatype": "string"}, "backends": {}}}