issue #307: add SSH login banner to Docker containers

pull/308/head
David Wilson 6 years ago
parent 336e90c5e3
commit 8ce51ec96c

@ -45,10 +45,12 @@ RUN yum clean all && \
DOCKERFILE = r""" DOCKERFILE = r"""
COPY data/001-mitogen.sudo /etc/sudoers.d/001-mitogen COPY data/001-mitogen.sudo /etc/sudoers.d/001-mitogen
COPY data/docker/ssh_login_banner.txt /etc/ssh/banner.txt
RUN \ RUN \
chsh -s /bin/bash && \ chsh -s /bin/bash && \
mkdir -p /var/run/sshd && \ mkdir -p /var/run/sshd && \
echo i-am-mitogen-test-docker-image > /etc/sentinel && \ echo i-am-mitogen-test-docker-image > /etc/sentinel && \
echo "Banner /etc/ssh/banner.txt" >> /etc/ssh/sshd_config && \
groupadd mitogen__sudo_nopw && \ groupadd mitogen__sudo_nopw && \
useradd -s /bin/bash -m mitogen__has_sudo -G SUDO_GROUP && \ useradd -s /bin/bash -m mitogen__has_sudo -G SUDO_GROUP && \
useradd -s /bin/bash -m mitogen__has_sudo_pubkey -G SUDO_GROUP && \ useradd -s /bin/bash -m mitogen__has_sudo_pubkey -G SUDO_GROUP && \

@ -0,0 +1,21 @@
This banner tests Mitogen's ability to differentiate the word 'password'
appearing in a login banner, and 'password' appearing in a password prompt.
This system is for the use of authorized users only. Individuals using this
computer system without authority or in excess of their authority are subject
to having all of their activities on this system monitored and recorded by
system personnel.
In the course of monitoring this system with regard to any unauthorized or
improper use or in the course of system maintenance the system personnel may
have insights into regular business activity.
Anyone using this system expressly consents to such monitoring and is advised
that if such monitoring reveals possible evidence of improper activity, system
personnel may provide the evidence of such monitoring to internal Compliance
and Security Officers who will - in the case of criminal offences - relay such
incidents to law enforcement officials.
**************************************************************
NOTE: This system is connected to DOMAIN.COM,
please use your password.
Loading…
Cancel
Save