Accept Banner to log in #15885
Replies: 4 comments
-
|
Is there some specific government requirement etc. for this? This seems rather redundant, and thus I wouldn't want to add more clutter for this -- by seeing the message and logging in anyway you already imply consent. |
Beta Was this translation helpful? Give feedback.
-
|
This is a requirement for Government. This is NIST 800-53 check, AC-8b.
Here is a link to the AC-8 controls (https://www.stigviewer.com/controls/800-53/AC-8).
AC-8b.
Retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system; and
It’s not as easy to implement in Linux.
It would help satisfy this control for those who fall under its purview. For those who don’t full under the purview of 800-53, this configuration item can be ignored.
From: Martin Pitt ***@***.***>
Sent: Sunday, June 6, 2021 9:45 PM
To: cockpit-project/cockpit ***@***.***>
Cc: Paige, David B CTR USARMY NETCOM (USA) ***@***.***>; Author ***@***.***>
Subject: [Non-DoD Source] Re: [cockpit-project/cockpit] Accept Banner to log in (#15885)
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
…_____
Is there some specific government requirement etc. for this? This seems rather redundant, and thus I wouldn't want to add more clutter for this -- by seeing the message and logging in anyway you already imply consent.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub < Caution-#15885 (comment) > , or unsubscribe < Caution-https://github.com/notifications/unsubscribe-auth/AHICQQKH6R33RIEQ2OK6HILTRRFF3ANCNFSM46A3XDYA > . <Caution-https://github.com/notifications/beacon/AHICQQIIVSRCFRIDLUNZTMTTRRFF3A5CNFSM46A3XDYKYY3PNVWWK3TUL52HS4DFWFCGS43DOVZXG2LPNZBW63LNMVXHJKTDN5WW2ZLOORPWSZGOAAGLMFA.gif>
|
Beta Was this translation helpful? Give feedback.
-
|
The DoD memorandum "Policy on Use of Department of Defense (DoD) Information Systems - Standard Consent Banner and User Agreement" [(https://dodcio.defense.gov/Portals/0/Documents/DoDBanner-9May2008-ocr.pdf)] states that "The banner shall be implemented as a click-through banner at logon (to the extent permitted by the operating system), meaning it prevents further activity on the information system unless and until the user executes a positive action to manifest the agreement by clicking on a box indicating "OK."" |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @david-paige-ctr -- so "to the extent possible" is what saves VT and SSH logins for having to do that separate acknowledgement. |
Beta Was this translation helpful? Give feedback.
-
I would like to see the ability to accept the banner before allowing a login. Some systems have a requirement that the user acknowledge the banner, rather than just viewing it.
This could be as simple as as a checkbox. Maybe in the /etc/cockpit/cockpit.conf, add something like:
[Session]
BannerAcknowledge=true
with a default of false.
Beta Was this translation helpful? Give feedback.
All reactions