does someone know how to check the content of the linux banner file /etc/motd ?
Check it how, or for what purpose? I think we’ll need a bit more information on what you are attempting to achieve. We can return it’s contents as a property (or portions of it as desired), or check it’s contents for ‘compliance’ (and even update it if not compliant if desired) via a Fixlet.
Thanks Aram
we want to check the file’s content for compliance. For the time being we are not replacing it if not compliant.
A custom Fixlet can be created to check the file’s contents for compliance using relevance. In case you are looking to tie this into SCM/SCA reporting, the following link might also be helpful:
Are there specific elements or criteria you’d like to check within the file that we might help prepare relevance against?
Checking the existence of ir and the text in the content. We put the same text in all server’s banners.
Thank you, Aram, I really appreciate your help!
If the file is exactly the same, you might be able to check it’s hash (md5, sha1, sha2?) against a known good. Alternatively, you could check for specific textual items for compliance. Below are two simple examples along these lines:
exists file “/etc/motd” AND exists lines whose (it as string as lowercase contains “my custom message of the day”) of file “/etc/motd”
exists file “/etc/motd” AND sha1 of file “/etc/motd” = “5ead4855fe8cc66cbc21c0e0d1ad1b0cda731bfa”
great idea to check the file hash.
But, can I create this relevance filxlet for Linux ? All the fixlet I’ve seen work different. The relevance checks a resutl file previously created and run with the “Deploy and Run Security Checklist”
You certainly can. The other Fixlets you are referring to are specifically in SCM content sites (the patch Fixlets for instance don’t work that way), and take that approach since there aren’t native relevance inspectors for many of the checks performed (and so scripts are used to output the data to a results file, which is then checked via Fixlet).
Great ! It works !
I thought that I have to create scripts like the other fixlet in content sites.
Thank you very much !!!