Linux Banner KodeKloud Engineer Task

 Question :  During the monthly compliance meeting, it was pointed out that several servers in the Stratos DC do not have a valid banner. The security team has provided serveral approved templates which should be applied to the servers to maintain compliance. These will be displayed to the user upon a successful login.

Update the message of the day on all application and db servers for Nautilus. Make use of the approved template located at /tmp/nautilus_banner on jump host

Solution:  

1.  Copy the /tmp/nautilus_banner using scp command from jumpserver to  

all Apps & DB servers.

thor@jump_host /$ ll /tmp/nautilus_banner -rw-r--r-- 1 root root 2531 Jun 26 15:39 /tmp/nautilus_banner thor@jump_host /$ thor@jump_host /$ scp -r  /tmp/nautilus_banner  tony@stapp01:/tmp The authenticity of host 'stapp01 (172.16.238.10)' can't be established. ECDSA key fingerprint is SHA256:C1wj96Q8FEfYPlCvtHftglN5KEYSvaAhbi3hmWcXF/U. ECDSA key fingerprint is MD5:09:36:49:a3:00:da:35:72:e7:b2:2a:97:dd:f3:01:8d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'stapp01,172.16.238.10' (ECDSA) to the list of known hosts. tony@stapp01's password: nautilus_banner                                                                            100% 2531     2.3MB/s   00:00    thor@jump_host /$

2. Login to all the App server  & switch to root user 

    Now move copied file banner  /tmp to /etc/motd 

thor@jump_host /$ ssh tony@stapp01 tony@stapp01's password: [tony@stapp01 ~]$ sudo su -  We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:      #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility.  [sudo] password for tony:  [root@stapp01 ~]# mv /tmp/nautilus_banner  /etc/motd mv: overwrite ‘/etc/motd’? yes [root@stapp01 ~]#

3. Validate the open new terminal and login with user 

thor@jump_host /$ ssh tony@stapp01 tony@stapp01's password: Last login: Sat Jun 26 15:46:03 2021 from jump_host.linux-banner_app_net ################################################################################################   .__   __.      ___      __    __  .___________. __   __       __    __       _______.        #        |  \ |  |     /   \    |  |  |  | |           ||  | |  |     |  |  |  |     /       |   #        |   \|  |    /  ^  \   |  |  |  | `---|  |----`|  | |  |     |  |  |  |    |   (----`   #        |  . `  |   /  /_\  \  |  |  |  |     |  |     |  | |  |     |  |  |  |     \   \       #        |  |\   |  /  _____  \ |  `--'  |     |  |     |  | |  `----.|  `--'  | .----)   |      #        |__| \__| /__/     \__\ \______/      |__|     |__| |_______| \______/  |_______/       #                                                                                                #                                                                                                #                                                                                                #                                                                                                #                                  # #  ( )                                                      #                                   ___#_#___|__                                                 #                               _  |____________|  _                                             #                        _=====| | |            | | |==== _                                      #                  =====| |.---------------------------. | |====                                 #    <--------------------'   .  .  .  .  .  .  .  .   '--------------/                          #      \                                                             /                           #       \_______________________________________________WWS_________/                            #   wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                        # wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                       #    wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                         #                                                                                                #                                                                                                # ################################################################################################ Warning! All Nautilus systems are monitored and audited. Logoff immediately if you are not authorized! [tony@stapp01 ~]$

Please Note :- I have showed only for stapp01. 

You have to do this in all app server stapp01,stapp02, stapp03.

While copying file on DB server you will faced issue due to openssh-clients package not installed.

1. Login on DB server  &  Install openssh-clients

thor@jump_host /$ ssh peter@stdb01 The authenticity of host 'stdb01 (172.16.239.10)' can't be established. ECDSA key fingerprint is SHA256:4DArb3ojuPQXjniJ6ju3HtFHQp+PtG8CVN0qP39Lsyo. ECDSA key fingerprint is MD5:81:1a:82:8a:53:14:a7:dd:61:49:3f:0f:59:73:47:89. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'stdb01,172.16.239.10' (ECDSA) to the list of known hosts. peter@stdb01's password: [peter@stdb01 ~]$ sudo su -  We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:      #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility.  [sudo] password for peter: [root@stdb01 ~]#

2.  Copy the /tmp/nautilus_banner using scp command from jumpserver 

thor@jump_host /$ scp -r  /tmp/nautilus_banner  peter@stdb01:/tmp peter@stdb01's password: nautilus_banner                                                                                                              nautilus_banner                                                                                                                                                            100% 2531     3.2MB/s   00:00    thor@jump_host /$

3. Now move copied file banner  /tmp to /etc/motd 

[root@stdb01 ~]# mv /tmp/nautilus_banner  /etc/motd mv: overwrite ‘/etc/motd’? yes [root@stdb01 ~]#

4.  Validate  login all the server's & check banner implemented successfully as per the task request

thor@jump_host /$ ssh peter@stdb01 peter@stdb01's password: Last login: Sat Jun 26 15:53:55 2021 from jump_host.linux-banner_db_net ################################################################################################   .__   __.      ___      __    __  .___________. __   __       __    __       _______.        #        |  \ |  |     /   \    |  |  |  | |           ||  | |  |     |  |  |  |     /       |   #        |   \|  |    /  ^  \   |  |  |  | `---|  |----`|  | |  |     |  |  |  |    |   (----`   #        |  . `  |   /  /_\  \  |  |  |  |     |  |     |  | |  |     |  |  |  |     \   \       #        |  |\   |  /  _____  \ |  `--'  |     |  |     |  | |  `----.|  `--'  | .----)   |      #        |__| \__| /__/     \__\ \______/      |__|     |__| |_______| \______/  |_______/       #                                                                                                #                                                                                                #                                                                                                #                                                                                                #                                  # #  ( )                                                      #                                   ___#_#___|__                                                 #                               _  |____________|  _                                             #                        _=====| | |            | | |==== _                                      #                  =====| |.---------------------------. | |====                                 #    <--------------------'   .  .  .  .  .  .  .  .   '--------------/                          #      \                                                             /                           #       \_______________________________________________WWS_________/                            #   wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                        # wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                       #    wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww                         #                                                                                                #                                                                                                # ################################################################################################ Warning! All Nautilus systems are monitored and audited. Logoff immediately if you are not authorized! [peter@stdb01 ~]$

5.  Click on Finish & Confirm to complete the task successful

Happy Learning!!!!

Apart from this if you need more clarity,  I have made a  tutorial video on this , please go through and share your comments. Like and share the knowledge