CCE-91254-3Platform: ubuntu14.04 | Date: (C)2017-03-14 (M)2022-10-10 |
Remove OS Information from Login Warning Banners (Scored)
Unix-based systems have typically displayed information about the OS release and patch level upon logging in to the system. This information can be useful to developers who are developing software for a particular OS platform. If mingetty(8) supports the following options, they display operating system information:
\m - machine architecture (uname -m)
\r - operating system release (uname -r)
\s - operating system name
\v - operating system version (uname -v)
Parameter:
Technical Mechanism:
"Displaying OS and patch level information in login banners also has the side effect of providing detailed system information to attackers attempting to target specific exploits of a system. Authorized users can easily get this information by running the ""uname -a"" command once they have logged in."
Fix:
Edit the /etc/motd, /etc/issue and /etc/issue.net files and remove any lines containing \m, \r, \s or \v.
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:39108 |