LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-05-2014, 05:32 PM   #1
nstarz
LQ Newbie
 
Registered: Jun 2010
Posts: 3

Rep: Reputation: 0
Anyway to acknloedge banner before login?


We have a security banner that is implemented by editing:

/etc/motd
/etc/issue
/etc/ssh/sshd_config

Is there a way to acknowledge (like a yes or no) before logging on?
 
Old 11-06-2014, 07:59 AM   #2
JeremyBoden
Member
 
Registered: Nov 2011
Posts: 939

Rep: Reputation: 174Reputation: 174
You don't exist until you have logged on.
 
Old 11-06-2014, 09:51 AM   #3
DJ Shaji
Member
 
Registered: Dec 2004
Distribution: Fedora 22 (Twenty Two!), ArchLinux
Posts: 506
Blog Entries: 15

Rep: Reputation: 106Reputation: 106
Put this in ~/.bashrc :
Code:
read -p "Do you agree? Type yes or no: " reply
if [ $reply == "no" ]
then
        echo "You cannot log on unless you agree."
	exit
fi
That'll be a million dollars.
 
Old 11-06-2014, 05:17 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
Any user can edit their own ~/.bashrc so that's definitely not a million dollars.
 
Old 11-06-2014, 05:27 PM   #5
nstarz
LQ Newbie
 
Registered: Jun 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the help.
 
Old 11-06-2014, 05:35 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530Reputation: 3530
The problem, like JeremyBoden said, is you don't have access to a shell until you log in. Note security standards may force you to display a banner but not to require interaction. A reason for that is that, if you're not careful, you may be blocking non-interactive access or transfers.
 
Old 11-07-2014, 03:09 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,166

Rep: Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751Reputation: 751
Quote:
Originally Posted by unSpawn View Post
Note security standards may force you to display a banner but not to require interaction.
Indeed! That's why you'll find that most are worded along the lines of "Continued use of this system by logging in means you agree to these conditions, blah blah, blah, meaningless legal waffle, blah, blah"
 
Old 11-09-2014, 08:28 AM   #8
DJ Shaji
Member
 
Registered: Dec 2004
Distribution: Fedora 22 (Twenty Two!), ArchLinux
Posts: 506
Blog Entries: 15

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by unSpawn View Post
Any user can edit their own ~/.bashrc so that's definitely not a million dollars.
So put it in /etc/bashrc

Plus either getty or bash can easily be patched to display a license and get a user to accept it before logging in, if it's really required.
 
Old 11-09-2014, 11:57 AM   #9
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Quote:
Originally Posted by DJ Shaji View Post
So put it in /etc/bashrc

Plus either getty or bash can easily be patched to display a license and get a user to accept it before logging in, if it's really required.
That only works AFTER you have logged in.

And that is too late.
 
Old 11-10-2014, 08:53 AM   #10
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 297

Rep: Reputation: 62
Quote:
Originally Posted by DJ Shaji View Post
So put it in /etc/bashrc

Plus either getty or bash can easily be patched to display a license and get a user to accept it before logging in, if it's really required.
By the time /etc/bashrc is executed, you are already logged in.
 
Old 11-10-2014, 10:36 AM   #11
DJ Shaji
Member
 
Registered: Dec 2004
Distribution: Fedora 22 (Twenty Two!), ArchLinux
Posts: 506
Blog Entries: 15

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by jpollard View Post
That only works AFTER you have logged in.

And that is too late.
Why? The user will be logged out when the shell exits. The little snippet I posted will do exactly that. Am I missing something? It's simple and it works. What exactly constitutes logging in anyway? The user won't have a working shell until he accepts the agreement. Isn't that what OP was trying to accomplish?
 
Old 11-10-2014, 01:33 PM   #12
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
Quote:
Originally Posted by DJ Shaji View Post
Why? The user will be logged out when the shell exits. The little snippet I posted will do exactly that. Am I missing something? It's simple and it works. What exactly constitutes logging in anyway? The user won't have a working shell until he accepts the agreement. Isn't that what OP was trying to accomplish?
Legally it is too late - you are already logged in.

The person making the connection needs to have the opportunity to NOT use the system.

Logging in, in any form, is permission to use the system.

Second, you have a security bug in there, and one that allows the user to do anything they want.

Proof left to the reader.... but it has to do with not quoting.

So it doesn't work - AND has a security failure.
 
Old 11-11-2014, 10:30 AM   #13
DJ Shaji
Member
 
Registered: Dec 2004
Distribution: Fedora 22 (Twenty Two!), ArchLinux
Posts: 506
Blog Entries: 15

Rep: Reputation: 106Reputation: 106
Quote:
Originally Posted by jpollard View Post
Legally it is too late - you are already logged in.

The person making the connection needs to have the opportunity to NOT use the system.

Logging in, in any form, is permission to use the system.

Second, you have a security bug in there, and one that allows the user to do anything they want.

Proof left to the reader.... but it has to do with not quoting.

So it doesn't work - AND has a security failure.
I was just pointing out a simple way to accomplish what the OP wants. Of course it has security issues! The user has just to press Ctrl+C to circumvent what I have posted. I was just saying that it is possible. If it really has to be done the right way, getty or something similar needs to be patched. It is login that authenticates the user, and it is login's responsibility to handle security issues. Circumventing a legal warning to gain access isn't really a way of saying "Ha! I managed to get across your warning without saying yes!" Doing so doesn't make access to the system legal. It is understood that anybody who has access to a username/password combination and physical access to the terminal can log in. The point here is to make sure they understand the legalities of gaining access to the system in question. By all means, what the OP is trying to do ought to be implemented using login, which would satisfy your point about it being too late as well. I was merely pointing out one way it can be done, albeit unsecurely.

EDIT: But it does work! The user can circumvent it, but the message says "Type no if you disagree." Not typing no means the user does agree. Q.E.D

Last edited by DJ Shaji; 11-11-2014 at 10:31 AM.
 
Old 11-11-2014, 03:42 PM   #14
arizonagroovejet
Senior Member
 
Registered: Jun 2005
Location: England
Distribution: openSUSE, Fedora, CentOS
Posts: 1,078

Rep: Reputation: 195Reputation: 195
This seems like one of those cases where the OP might get better answers if they explained exactly why they were trying to do what they are trying to do.

If it's to make people agree to some terms before logging in then it seems pointless.

People can only log in to a system if they have a usercode and password that allows them to do so. You can make people agree to whatever before you allow them to have a usercode, or before you configure a particular system to allow that usercode to log in. You can make them sign something and keep it on file, that way they can't claim later on that they didn't agree. If someone has a stolen usercode and password then they don't give a **** about whatever it is you want them to click before you log in.

Anything you pop up on screen and ask someone to click they can simply claim they never saw it and how do you prove them wrong? There may be a log saying they clicked 'Yes', but they could have leant on the Enter key and that could have selected 'Yes' before they'd had a chance to read whatever was on the screen. You watch the average person use a computer. Most things that pop up they just click them to make them go away without bother to read it properly if at all.
 
Old 11-11-2014, 06:53 PM   #15
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
They may HAVE a usercode and password... But it may have been obtained under false pretenses, or "appropriated" from a valid user.

The screen is to tell the person connecting what he is subject to if he continues.

And that PREVENTS him from saying "I didn't see any such notice".

Having a notice AFTER logging in, is a failure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to setup system Login banner and Login message 06-03-05 Linux - Newbie 10 03-11-2015 08:20 PM
SSH login banner/No root login jmoschetti45 Linux - Security 3 01-17-2010 05:51 PM
login screen banner mijohnst Linux - Enterprise 2 04-06-2008 02:00 AM
Login banner triley SUSE / openSUSE 1 06-21-2007 12:01 PM
login banner on RH 8 herrmag Linux - Newbie 1 02-14-2005 01:18 PM


All times are GMT -5. The time now is 01:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration