Windows/Macintosh
Web
Servers
UNIX
Important
LBNL URLs
<< Back
to Desktop Security
_____________
To
ensure that users are aware of the Laboratory's Authorized
Computer Use policy and to comply with a DOE mandate, a banner
will appear each time a user accesses any Laboratory computer
system. This banner may be displayed automatically by the
system when a user accesses the computer or an adhesive banner
may be attached directly to computer monitors.
Laboratory
policy regarding the banner (including the full required text)
can be found at: http://www.lbl.gov/Workplace/RPM/R9.01.html#RTFToC8
Banner Stickers for your computer
may be obtained from TEID in person by going to Building 46,
Room 139, by contacting TEID's Administrator at 510 486-6765,
or by emailing your request to TEID@lbl.gov.
Instructions for implementing the required warning banners
on various types of systems can be found below.
Windows/Macintosh
Download
Patch and Installation Instructions for computer security
notice from http://www.lbl.gov/download.
There are three download locations on the page: one for WinNT;
another for Win 95 or 98; and the third for the Macintosh.
Uncompress the file and read the readme file for instructions.
After installation the required warning banner will be displayed
whenever the system starts.
Web
Servers
For
web servers we are required to place a link labeled "Notice
to Users" on each page served. The link can be in the header,
in the footer or anywhere on the page. The link should be
to the following site, which displays a copy of the required
notice:
http://www.lbl.gov/ITSD/Security/policies/user-notice.htm
UNIX
The
banners for Unix machines depend on the particular vendor
and service. For many recent systems (Sun, Linux), creating
the file /etc/issue containing the banner text causes the
banner text to be displayed before the console login and before
all interactive logins such as telnet, rsh, and rlogin.
Linux
systems use two such files, /etc/issue for console logins
and /etc/issue.net for telnet logins, so be sure to place
the banner text in both. For other systems and for services
that do not respond to the /etc/issue file, put the banner
text in the file /etc/motd.
The
contents of this file are displayed by the global /etc/.login
and the /etc/profile files, depending on which shell you start
(sh or csh), immediately after a successful login. Displaying
the /etc/motd file immediately after login is also an option
for the Secure Shell daemon (sshd) and is set in the /usr/local/etc/sshd_config
file.
Some versions of the FTP service have been modified to display
after login the contents of the file .login_message found
in the root directory of the FTP tree or in the users home
directory. You will have to try this to see if it works. If
it does not work, you must put a file named NOTICE_TO_USERS
containing the warning text into the root directory of the
anonymous ftp tree and the file or a link to the file into
each user's home directory.
For
machines that do not use these methods for displaying banners,
consult the man pages for each service to see if there is
a banner mechanism available.
IMPORTANT NOTE: If you remove a service from a Unix machine, your
machine will be more secure and you will not have to worry
about placing a banner on that service. If you have open services that you do not need simply remove them.
Important
LBNL URLs
|
