It is currently Tue, 17 May 2022 02:02:08 GMT

Author Message
 login banner change for Solaris 2.7?
Hi all,

I'd like to make it *less* easy for the hacker wanna-be's
to know what OS I am running and would to get rid of
the banner that says

    SunOS 5.7


Is there a way to disable this default SunOS 5.7 part so you
just get a "login" prompt?


 Sun, 09 Dec 2001 03:00:00 GMT   
 login banner change for Solaris 2.7?

I'm adding the following to my "vfaq" file:

Subject: How do I prevent my machine from announcing OS version, daemon
        version, etc in the banner message?

In unix, find the daemon in question, possibly by finding its line
in /etc/inetd.conf, and read its man page.  For complex config files
(e.g. sendmail), search in the config file for the constant portions of
the string it's outputting (e.g. in find the string "Sendmail"
with a capital 'S').  For telnetd, some systems have "-h" to suppress the
greeting and other systems output the contents of a file called something
like /etc/issue.  (Note that in redhat linux, you really want to modify
/etc/rc.d/rc.local rather than (or in addition to) /etc/issue*, because
it regenerates /etc/issue* upon boot.)

[paragraph repeated from the article I just wrote re sendmail banner:]
But this might not really be a security issue and it might not be worth
your effort.  Suppressing banners probably doesn't restrict any information
which is genuinely useful to an attacker.  If an attacker has some "exploit"
program for sendmail 1.2.3 only, then rather than checking the banner
to see if your machine is in fact running sendmail 1.2.3, they might as
well just run the exploit program, which is a direct check of whether
you're vulnerable.  Whereas the banner suppression *will* interfere with
some kinds of checking of sendmail versions which you yourself may want
to do occasionally.

 Mon, 10 Dec 2001 03:00:00 GMT   
 login banner change for Solaris 2.7?

And in Solaris 7, the in.telnetd manual page says:

     The banner  printed  by  in.telnetd   is  configurable.  The
     default  is  (more  or less) equivalent to "`uname -sr`" and
     will be used if no banner is set  in   /etc/default/telnetd.
     To set the banner, add a line of the form

(Rest deleted to keep the suspense)

Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

 Tue, 11 Dec 2001 03:00:00 GMT   
 login banner change for Solaris 2.7?
in sco, edit /etc/issue or /etc/default/issue. sun? not sure.

 Tue, 11 Dec 2001 03:00:00 GMT   
 login banner change for Solaris 2.7?
Casper....@Holland.Sun.Com (Casper H.S. Dik - Network Security Engineer) writes:

Thanks for the pointer.  I've added:

        For Solaris 2.6 and greater, put "BANNER=" (without the quotes)
        in /etc/default/telnetd.  The telnetd included with Solaris <2.6
        and SunOS can't suppress the banner, but there's no need to use
        that particular software; you could use GNU telnetd, for example;
        or you might edit the binary, as the strings appear in it.

(let me know if I've got anything wrong in there -- it's definitely not in
solaris 2.5, but my version list might still be wrong)

 Tue, 11 Dec 2001 03:00:00 GMT   
 login banner change for Solaris 2.7?

        If the person examining your machine is using something
like nmap to scan it then supressing the banner won't help
since nmap determines the os by its response to certain TCP packets.


Suchandra S. Thapa


 Thu, 13 Dec 2001 03:00:00 GMT   
   [ 6 post ] 

Similar Threads

1. Changing login graphic (was Re: Changing the login banner on Solaris 2.5

2. Changing the login banner on Solaris 2.5

3. CDE, solaris 2.7, tcsh; hangs at login

4. KDE 1.1.2 on Solaris 2.7 login processing

5. NFS changes in Solaris 2.7?

6. Change Login Banner

7. Change login message (banner)?

8. Changing the login banner

9. Changing the login banner + prompt in telnet.

10. changing redhat X login banner?

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software