From: Levi Ashcol (leviashcol@hotpop.com)
Date: Fri Jan 09 2004 - 17:25:46 EST
Thanks to :
Michael Bucholtz, Rich Copeland, John Lanier, Peter Stern, Spider
Boardman
Charles Richmond, Roberto Romani, Johan Brusche,Jonathan Burelbach
Kalle Flodkvist.
- General consensus is to modify the file /etc/getttydefs as follows:
default# B9600 # B9600 #\r\n\n Levi's Computational Resources\r\n\n#
And take care because Spaces are important, ALSO A BLANK LINE before
the
line with "default". ( I tried this and it worked fine).
- man gettydefs, man teletd, man issue, man issue.net to get more
information about how to create a customized login banner.
- /etc/motd may also contains OS version so you should rather edit the
file
or remove it.
- Another suggestion is to put a usage banner out before people log in
using
tcp_wrappers (www.porcupine.org).
- For ftp logins there is no direct way to change the banner except by
patching the binary.
- Another useful info (Though I did not test it) to change the login
prompt
provided by login when connecting via telnet will require modifying
the
"ENTRY_LOGIN" entry in the appropriate message catalog.
For a US-English system, the message catalog
will be either of the following:
libc.cat
libsec.cat <-- used when running C2, or "Enhanced Security",
The message catalogs can be found:
/usr/lib/nls/msg/en_US.88591
A trace of login shows that it searches for the message catalog in
/usr/lib/nls/msg/C/ directory. If the locale is not set up to support
this search, it will be necessary to create the symbolic link in the
msg
directory to point to en_US.88591. Check to see if the link
"/usr/lib/nls/msg/C" exists and points to the directory where libc.cat
can be found. If the link does not exist, create it and login will find
the catalog
(Example: # ln -s /usr/lib/nls/msg/en_US.88591 /usr/lib/nls/msg/C)
The commands dspcat(1), and gencat(1) can be used to display, modify,
and construct a new catalog.
Overview of the procedure:
1) cd to the catalog directory:
(Example: # cd /usr/lib/nls/msg/C)
2) Make a backup copy of the libc.cat and libsec.cat files.
(Example: # cp libc.cat libc.cat.original)
(Example: # cp libsec.cat libsec.cat.original)
3) Use dspcat(1) to create an editable copy of the catalog files.
(Example: # dspcat -g ./libc.cat > /tmp/libc.cat.txt)
(Example: # dspcat -g ./libsec.cat > /tmp/libsec.cat.txt)
4) Edit the text copies of the catalog files and change the
"ENTRY_LOGIN" from "login:" to "Username:".
Note, the ENTRY_LOGIN entry should be in section 3, entry 1 for
libc.cat.txt) (Example: # vi /tmp/libc.cat.txt)
Note, the ENTRY_LOGIN entry should be in section 3, entry 21 for
libsec.cat.txt) (Example: # vi /tmp/libsec.cat.txt)
5) Recreate the catalog using gencat.
(Example: # gencat libc.cat /tmp/libc.cat.txt)
(Example: # gencat libsec.cat /tmp/libsec.cat.txt)
6) Check out the changes in the library
(Example: # dspcat -g ./libc.cat | grep "Username")
(Example: # dspcat -g ./libisec.cat | grep "Username")
Once this has been done, the login executable will return the desired
prompt instead of the default string, "login:", when invoked by telnetd.
Thanks everybody.
Levi
-----Original Message-----
From: Levi Ashcol [mailto:leviashcol@hotpop.com]
Sent: Wednesday, January 07, 2004 12:07 PM
To: 'tru64-unix-managers@ornl.gov'
Subject: How to remove OS version from telnet/ftp banner?
Hi Managers,
We have GS160 running Tru64 5.1 PK4 at our site. As a security
requirement we need to remove the OS version from telnet/ftp banners.
I have searched google and the list archives but did not find anything
useful. I found an old SUMMARY and tried to do the suggestions in it
but did not work. I also edited the /etc/motd and /etc/issue but
nothing was changed.
Any Guru out there tried this before ?
Thanks, I will summarize.
Levi
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:48 EDT