Add BANNER information in Solaris

Posted November 17, 2003 by indianboy in Solaris security

Many tools on the net help to find the OS and the version of the OS that is used. This is a widely used strategy to open a connection to the server and have add it. This strategy can be used to defend against tools which use the banner grabbing strategy to identify systems. Obviously, this will not help against tools such as NMAP which uses more advanced schemes for identification.

The banner info can be stored on the /etc/issue file in Solaris, by default this file is an empty file. Populate the /etc/issue file with the necessary banner which should at least include the following

1. Unauthorized users accessing the system are not appreciated and they will be prosecuted.
2. All actions on the system are logged and will and will be used as proof in court
3. Only authorized persons are allowed to access the system and all actions will be monitored.

Note : NEVER EVER PUT UP A BANNER SAYING THAT EVERYBODY IS WELCOME or such similar language. There have been cases where a hacker was caught in the act and he couldn’t be charged because the system had some welcome language.

Additionally you can also populate the /etc/motd file so that all users accessing the system can be receive information about impending downtimes, upcoming server shutdowns of the server, or other such helpful information.

The Conversation

Follow the reactions below and share your own thoughts.