documentation_complete: true


title: 'Verify permissions on System Login Banner'

description: |-
    {{{ describe_file_permissions(file="/etc/issue", perms="0644") }}}

rationale: |-
    Display of a standardized and approved use notification before granting
    access to the operating system ensures privacy and security notification
    verbiage used is consistent with applicable federal laws, Executive Orders,
    directives, policies, regulations, standards, and guidance.<br />
    Proper permissions will ensure that only root user can modify the banner.

severity: medium

identifiers:
    cce@rhel8: CCE-83348-3
    cce@rhel9: CCE-83551-2
    cce@rhel10: CCE-86812-5
    cce@sle12: CCE-92232-8
    cce@sle15: CCE-91354-1
    cce@slmicro5: CCE-94054-4

references:
    cis@sle12: 1.8.1.5
    cis@sle15: 1.8.1.5

ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/issue", perms="-rw-r--r--") }}}'

ocil: |-
    {{{ ocil_file_permissions(file="/etc/issue", perms="-rw-r--r--") }}}

template:
    name: file_permissions
    vars:
{{%- if product == 'slmicro5' %}}
        filepath: /run/issue
{{%- else %}}
        filepath: /etc/issue
{{%- endif %}}
        filemode: '0644'