-
Notifications
You must be signed in to change notification settings - Fork 811
This PR follows #14834 and continues addressing issue #8709. #14841
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,33 +8,6 @@ description: |- | |
| default text with a message compliant with the local site policy or a legal | ||
| disclaimer. | ||
|
|
||
| The DoD required text is either: | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as |
||
| <br /><br /> | ||
| <tt>You are accessing a U.S. Government (USG) Information System (IS) that | ||
| is provided for USG-authorized use only. By using this IS (which includes | ||
| any device attached to this IS), you consent to the following conditions: | ||
| <br />-The USG routinely intercepts and monitors communications on this IS | ||
| for purposes including, but not limited to, penetration testing, COMSEC | ||
| monitoring, network operations and defense, personnel misconduct (PM), law | ||
| enforcement (LE), and counterintelligence (CI) investigations. | ||
| <br />-At any time, the USG may inspect and seize data stored on this IS. | ||
| <br />-Communications using, or data stored on, this IS are not private, | ||
| are subject to routine monitoring, interception, and search, and may be | ||
| disclosed or used for any USG-authorized purpose. | ||
| <br />-This IS includes security measures (e.g., authentication and access | ||
| controls) to protect USG interests -- not for your personal benefit or | ||
| privacy. | ||
| <br />-Notwithstanding the above, using this IS does not constitute consent | ||
| to PM, LE or CI investigative searching or monitoring of the content of | ||
| privileged communications, or work product, related to personal | ||
| representation or services by attorneys, psychotherapists, or clergy, and | ||
| their assistants. Such communications and work product are private and | ||
| confidential. See User Agreement for details.</tt> | ||
| <br /><br /> | ||
| OR: | ||
| <br /><br /> | ||
| <tt>I've read & consent to terms in IS user agreem't.</tt> | ||
|
|
||
| rationale: |- | ||
| Display of a standardized and approved use notification before granting | ||
| access to the operating system ensures privacy and security notification | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,10 +4,10 @@ | |
| title: 'Enable the SSH login confirmation banner' | ||
|
|
||
| description: |- | ||
| This rule verifies that that the SSH login confirmation banner is set | ||
| This rule verifies that that the SSH login confirmation banner is set | ||
| correctly. | ||
|
|
||
| The DoD required text is: | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as |
||
| The required text is: | ||
| <br /><br /> | ||
| <tt>if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then<br/> | ||
| while true; do<br/> | ||
|
|
@@ -45,7 +45,7 @@ | |
| access to the operating system ensures privacy and security notification | ||
| verbiage used is consistent with applicable federal laws, Executive Orders, | ||
| directives, policies, regulations, standards, and guidance. | ||
|
|
||
| severity: medium | ||
|
|
||
| ocil_clause: 'it does not display the required banner' | ||
|
|
@@ -54,4 +54,4 @@ | |
| To check if the system motd banner is compliant, | ||
| run the following command: | ||
| <pre>$ less /etc/profile.d/ssh_confirm.sh</pre> | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,33 +8,6 @@ description: |- | |
| Replace the default text with a message compliant with the local site | ||
| policy or a legal disclaimer. | ||
|
|
||
| The DoD required text is either: | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as |
||
| <br /><br /> | ||
| <tt>You are accessing a U.S. Government (USG) Information System (IS) that | ||
| is provided for USG-authorized use only. By using this IS (which includes | ||
| any device attached to this IS), you consent to the following conditions: | ||
| <br />-The USG routinely intercepts and monitors communications on this IS | ||
| for purposes including, but not limited to, penetration testing, COMSEC | ||
| monitoring, network operations and defense, personnel misconduct (PM), law | ||
| enforcement (LE), and counterintelligence (CI) investigations. | ||
| <br />-At any time, the USG may inspect and seize data stored on this IS. | ||
| <br />-Communications using, or data stored on, this IS are not private, | ||
| are subject to routine monitoring, interception, and search, and may be | ||
| disclosed or used for any USG-authorized purpose. | ||
| <br />-This IS includes security measures (e.g., authentication and access | ||
| controls) to protect USG interests -- not for your personal benefit or | ||
| privacy. | ||
| <br />-Notwithstanding the above, using this IS does not constitute consent | ||
| to PM, LE or CI investigative searching or monitoring of the content of | ||
| privileged communications, or work product, related to personal | ||
| representation or services by attorneys, psychotherapists, or clergy, and | ||
| their assistants. Such communications and work product are private and | ||
| confidential. See User Agreement for details.</tt> | ||
| <br /><br /> | ||
| OR: | ||
| <br /><br /> | ||
| <tt>I've read & consent to terms in IS user agreem't.</tt> | ||
|
|
||
| rationale: |- | ||
| Display of a standardized and approved use notification before granting | ||
| access to the operating system ensures privacy and security notification | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we truly removing DOD specific content we should remove the required text.,