Adding BANNER information in Solaris ……

Contributed by indianboy November 17, 2003  
Tagged: Solaris security

Many tools on the net help to find the OS and the version of the OS that is used and a widely used strategy is first to open a connection to the server and there u have it .

This strategy can be used only to defend against tools which uses the banner grabbing strategy to identify systems and will not help against tools such as NMAP etc which uses more advanced schemes for the same …..

Many tools on the net help to find the OS and the version of the OS that is used and a widely used strategy is first to open a connection to the server and there u have all the information that is required such as the OS , version of the OS etc …

This strategy can be used only to defend against tools which use the banner grabbing strategy to identify systems and will not help against tools such as NMAP etc which use more advanced schemes for the same …..

The banner info can be stored on the /etc/issue file in Solaris, by default this file is an empty file. Populate the /etc/issue file with the necessary banner which should at least include the following

1. Unauthorised users accessing the system are not appreciated and also
that they are liable to prosecution.
2. All actions on the system are logged and will and will be used as proof
in court
3. Only authorised persons are allowed to access the system and all
actions will be monitored .

Note : NEVER EVER PUT UP A BANNER SAYING THAT EVERYBODY IS WELCOME OR SOMETHING LIKE THAT …..

There have been cases where a cracker was caught in the act and he couldn’t be charged because the SYSTEM WELCOMED EVERYBODY TO USE THE SYSTEM ….

Additionally you can also populate the /etc/motd file so that all users accessing the system can be communicated impending downtimes or if there is a shutdown of the server also etc …