Customizing the authentication banner on the CA API Gateway

Document ID : KB000057308
Last Modified Date : 14/02/2018
Show Technical Document Details

Solution

Background

The CA API Gateway can support a login banner that can display a precomposed message to a user attempting to access the system via SSH or direct console connection. This allows organizations to provide blanket acceptable use or warning messages in accordance with legal or legislative requirements. For example: Linux systems used by US Department of Defense systems must have a login banner that complies with chapter 8 of the National Industry Security Program Operating Manual (NISPOM). This chapter prescribes a login banner that provides a specific warning that indicates that the system belongs the the US government.

Resolution

If an organization or group requires such a message then it can be installed as follows. Please note that this change must be made on a node-by-node basis.

  1. Log in as the ssgconfig user
  2. Select Option #3: Use a privileged shell (root)
  3. Change the permission of the following file:?chmod u+w /opt/SecureSpan/Gateway/runtime/bin/samples/fix_banner.sh
  4. Open the above file in a text editor
  5. Edit the message as appropriate. Be sure to only modify the text between the?cat?and EOF?lines.
  6. Save the file and exit the editor
  7. Execute the?script
  8. Restart the node.

Additionally, an administrator or operator can change the string of text visible from the main menu of the Gateway configuration menu. By default, the main menu is titled "Welcome to the SecureSpan Gateway -? Version X.Y.Z" The string "Version X.Y.Z" can be modified to any desirable string as follows:

  1. Log into the Gateway appliance as the ssgconfig user
  2. Select Option #3: Use a privileged shell (root).
  3. Open the following file in a text editor: /etc/issue
  4. Change the contents of the file as appropriate.
  5. Save the changes and exit the text editor
  6. Exit the root prompt and observe the changes in the main menu