During the monthly compliance meeting, it was pointed out that several servers in the Stratos DC do not have a valid banner. The security team has provided several approved templates which should be applied to the servers to maintain compliance. These will be displayed to the user upon successful login.
Update the message of the day on all application and db servers for Nautilus. Make use of the approved template located at /home/thor/nautilus_banner on jump host
Answer:
#first you need to copy the banner from jump server(home/thor/nautilus_banner) to all the app servers and DB server
#copy the banner using scp command from jumpserver
scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/
* do the above steps to all the app servers and DB server, make sure <user>, <server> should be the respective username and server IP or hostname of each server
Note: when you try this SCP command to copy the banner to DB server, it will fail because on DB server openssh-clients was not installed hence first we need to install it in DB server
#ssh to db server
ssh <user>@<db server>
#switch to root user
sudo su
# install the openssh-clients
yum install openssh-clients
#exit from the db server
exit
exit
#now from the jump server run the scp command again
scp -r /home/thor/nautilus_banner <user>@<server>:/tmp/
* <user> and <server> should be db server user name and db server IP or hostname
# we have copied the banner to app servers and DB server to the path( /tmp/), now we need to login to each app servers and DB server and move the banner
ssh <user>@<server>
cd /tmp/
#move the banner to /etc/motd
mv nautilus_banner /etc/motd
* do the above steps for all the app and DB server
# verify
when to ssh to any app server or DB server from jump host you will see the banner
ssh <user>@<server>
Note: Commands are correct but based on your question the server and user name, other details might differ so please do check.
No comments:
Post a Comment