From owner-freebsd-security  Fri May 28  5:13:32 1999
Delivered-To: freebsd-security@freebsd.org
Received: from zip.com.au (zipper.zip.com.au [203.12.97.1])
	by hub.freebsd.org (Postfix) with ESMTP id 005EF14CCB
	for <freebsd-security@FreeBSD.ORG>; Fri, 28 May 1999 05:13:27 -0700 (PDT)
	(envelope-from ncb@zip.com.au)
Received: from localhost (ncb@localhost)
	by zip.com.au (8.9.1/8.9.1) with ESMTP id WAA00890;
	Fri, 28 May 1999 22:13:11 +1000
Date: Fri, 28 May 1999 22:13:09 +1000 (EST)
From: Nicholas Brawn <ncb@zip.com.au>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: "Jan B. Koum " <jkb@best.com>, freebsd-security@FreeBSD.ORG
Subject: Re: legal notice for telnet/etc 
In-Reply-To: <671.927888503@axl.noc.iafrica.com>
Message-ID: <Pine.LNX.4.05.9905282206050.32747-100000@zipper.zip.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

For the systems I'm looking at, the main entry points into the system will
be:
- Telnet
- FTP
- SSH
- SFTP/SCP

Telnet and Ftp banners look relatively simple to implement. But it looks a
bit tricky with ssh without displaying until the user has logged in.
Alternatively you could get them to sign a legal document prior to
granting them access to IT resources which discusses what authority they
have over what, which is already a recommendation. If it cannot be
displayed until a user logs in (/etc/motd), nobody's going to die. And if
you say they may be able to quell such notices via .hushlogin, we can add
something to /etc/profile to display notices, or even specify a program as
their shell which does nothing more than displaying the notice before
dropping them into a shell.

At this stage I'm keen to find out what simply solutions there are
available. If I need to tinker, so be it. :)

Thanks to everyone for the input,
Nick

On Fri, 28 May 1999, Sheldon Hearn wrote:

> 
> 
> On Fri, 28 May 1999 03:12:17 MST, "Jan B. Koum " wrote:
> 
> > 	Argh! Hell. There is not good way to get your message across. If
> > l^Huser choose not to read it, they will not read it no matter what. :(
> 
> Nicholas isn't looking for a way to force text upon people who have
> logged into the system. He wants to force text upon people who are
> presented with a login prompt.
> 
> The short and sweet of it is that there is no unified mechanism for
> this. You'll have to identify all entry points and either tickle or
> kludge, depending on the flexibility of each.
> 
> Ciao,
> Sheldon.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message