Linux

Warnings for unwanted users

If you've noticed unwanted users prowling around your Linux systems, Jack Wallen, Jr. shows you how to take advantage of Linux's flexibility to keep your assets safe.

How many times have you noticed unwanted users prowling around your Linux systems? And how many times have you wished you could have at least posted a warning to these users—if only for the purposes of legal liability? Never fear—in this Daily Feature, we'll look at some ways you can take advantage of the well-known flexibility of Linux to keep your assets safe.
The suggestions I’ll make are not, by any means, a replacement for security—they should be used only for legal or user-warning issues.
What we are going to be doing here is altering some of the files that issue names/versions/greetings when users are booting, remotely logging in, or gaining FTP access. The files we’ll modify are:
  • /etc/issue
  • /etc/issue.net

In addition, we will create a banner file for FTP access.

A bit of philosophy
Before we actually get into the editing/creating of these files, I want to take a moment to warn you: Do not taunt possible hackers. The last thing you need is for a hacker or script kiddie to gain access to your server and be greeted with a message such as this:
This is the ABC corporate file server. All those in violation of our
security policy will be prosecuted to the full extent the law will allow.


The above message is bad. Very bad. Ultimately bad. Although it certainly spells out a very clear and concise warning, it also serves as a huge temptation to those who can circumvent most security measures.

Instead, you should think subterfuge and/or subtlety. Instead of announcing who and what you are and which OS you’re using, you might want to think along the lines of creating a smoke screen. By confusing or misleading unwanted users, you might save yourself from being brought down.

Back to the files
The first file we’re going to edit is the /etc/issue file. This file contains the text that appears when the user boots the machine and should be stripped of any information regarding the OS and the kernel.

Open the /etc/issue file. You’ll probably see something like:
Red Hat Linux release 6.2 (Zoot)
Kernel 2.2.16-3 on an i686

Depending on which distribution you’re using, there might even be a large section of binary or escape characters above the actual text (as in Mandrake). For the above distribution, I typically remove the existing text and replace it with either generic user information (such as the office number or the hostname of the machine) or misleading information (you can, for example, change the distribution from Red Hat Linux to Slackware or even Solaris, or you can alter kernel information).

The next file, /etc/issue.net, follows the same format as the /etc/issue file. This file contains the text that will greet incoming traffic when they log in via Telnet, rlogin, etc. Again, you want to use caution when creating this text. This particular file will be seen by anyone who could be deemed undesirable. Avoiding possible threat is tantamount to avoiding disaster.

A banner for the common man
Having an FTP server within a corporation is a very reliable method of exchanging and distributing files. Creating a banner for your FTP server is a sound method of passing along instructions, warnings, and information. Again, you’ll want to exercise great caution when creating this file so as not to directly taunt or tempt unwanted users.

I generally create the file banner and place it in /etc. The file is ASCII and can contain any combination of characters. Create your file (placing any relevant information) as root and then open linuxconf. Once in linuxconf, you need to navigate to the Basic Configuration submenu (under the FTP Server submenu) and enter the entire path to the banner file in the Banner File text box. Once you've done so, the file will appear right above the login prompt, like so:
jlwallen@willow jlwallen]$ ftp giles
Connected to giles.tech.
220-******************************
220-******* THIS IS GILES ********
220-*******  BE KIND  ************
220-******* FOR I AM ONLY ********
220-******* ONE MACHINE **********
220-******************************
220-
220 giles.techrepublic.com FTP server (Version wu-2.6.0(1) Fri Jun 23 09:17:44 EDT 2000) ready.
Name (giles:jlwallen):

Conclusion
Although certainly not a means for security, using intelligently written banner and login text might save the day in some instances. The key to these files is to not create a situation where you might be tempting an unwanted user into acting in an unwanted or unwarranted fashion. Use caution and good sense, and not only will these files help bring your users up to speed (with directions), they will possibly deter unsolicited hackage as well.

Jack Wallen, Jr., editor in chief of Linux content, was thrown out of the "Window" back in 1995, when he grew tired of the "blue screen of death" and realized that "computing does not equal rebooting." Prior to Jack's headfirst dive into the computer industry, he was a professional actor, with film, TV, and Broadway credits (anyone see “The Great Gilly Hopkins”?). Now, Jack is determined to use his skills as a communicator to spread the word—Linux. Ladies and gentlemen, the poster boy for the Linux Generation!

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

0 comments

Editor's Picks