Fichier issue.net, motd et personnalisation sous Linux |
Article original Publié le : 07 septembre 2019
Mise a jour le : – |
Différence entre issue.net et motd,
Les deux fichiers sont utilisés pour afficher une bannière destinée aux connexions SSH
Le fichier issue ou issue.net sera traité a la connexion, idéalement pour prévenir tout accès a un serveur et afficher un message de bienvenue ou d’avertissement.
J’utilise la bannière d’avertissement disponible sur https://wiki.centos.org/fr/TipsAndTricks/BannerFiles
1 2 3 4 5 6 7 8 9 10 11 |
******************************************************************** * * * This system is for the use of authorized users only. Usage of * * this system may be monitored and recorded by system personnel. * * * * Anyone using this system expressly consents to such monitoring * * and is advised that if such monitoring reveals possible * * evidence of criminal activity, system personnel may provide the * * evidence from such monitoring to law enforcement officials. * * * ******************************************************************** |
Pour le motd, il sera traité après la connexion, je m’en sert pour afficher divers infos comme des services a redémarrer
1 2 3 4 5 6 7 8 9 10 11 12 |
*********************************************************** * * * Restart les services Web et Nginx * * systemctl reload php7.3-fpm && systemctl reload nginx * * * * Restart FW * * systemctl restart netfilter-persistent * * * * Bloquer IP * * echo 'deny x.x.x.x;' >> /etc/nginx/blocage_ip.conf * * * *********************************************************** |
Bref ces fichiers sont très utiles et sont assez personnalisables.
Pré requis: doit être déclaré dans le fichier de conf ssh du serveur
1 |
$ sudo vim /etc/ssh/sshd_config |
Puis ajouter ou dé-commenter
1 |
Banner /etc/issue.net |
Il est aussi possible de créer des fichiers dynamiques
Je fais référence a ce site https://www.tomzone.fr/creation-dun-motd-dynamique/ (Il semble down)
Celui ci est constitué de 2 fichiers, je l’ai un peu personnalisé pour mes besoins
Pré-requis
Debian / Ubuntu
1 |
$ sudo apt-get install lsb-release |
RedHat / CentOS
1 |
$ sudo yum install redhat-lsb-core |
Désactiver l’affichage par défaut du motd
1 |
$ sudo sed -i 's/#PrintMotd yes/PrintMotd no/g' /etc/ssh/sshd_config |
Créer et renseigner le script comme ci dessous
1 |
$ sudo vim <span class="crayon-o">/</span><span class="crayon-v">etc</span><span class="crayon-o">/</span><span class="crayon-v">profile</span><span class="crayon-e">.d</span><span class="crayon-o">/</span><span class="crayon-v">dynmotd</span><span class="crayon-e">.sh</span> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
#!/bin/bash # # By Thomas Bourcey # Tomzone.fr # Corrige un problème lors de l'utilisation du scp et de WinSCP # http://winscp.net/forum/viewtopic.php?t=1510 if [ "\$TERM" != "dumb" ]; then # Si un groupe Admin existe alors on active le dynmotd \$( which id ) | grep 'admin' > /dev/null RETURN=\$? if [ \$RETURN = 0 ]; then /usr/local/bin/dynmotd; # Si root se connecte on active le dynmotd elif [ \$EUID = 0 ]; then /usr/local/bin/dynmotd; # Sinon on affiche un message "standard" pour les simples utilisateurs else echo "" echo "" echo "---> Welcome \$USER on \$(hostname)" echo "" echo "###########################################################################" echo "# #" echo "# ALERT! You are entering into a secured area! Your IP, Login Time, #" echo "# Username has been noted and has been sent to the server administrator! #" echo "# This service is restricted to authorized users only. All activities on #" echo "# this system are logged. #" echo "# #" echo "# Unauthorized access will be fully investigated and reported to the #" echo "# appropriate law enforcement agencies. #" echo "# #" echo "###########################################################################" echo "" echo "" fi fi |
Créer le motd dynamique, et y renseigne les variables et services a monitorer au démarrage
1 |
$ sudo vim /usr/local/bin/dynmotd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
#!/bin/bash # # Author : Thomas Bourcey # Version: 1.3 # # Process count PROCCOUNT=$( ps -Afl | wc -l ) PROCCOUNT=$( expr $PROCCOUNT - 5 ) # Uptime UPTIME=$(</proc/uptime) UPTIME=${UPTIME%%.*} SECONDS=$(( UPTIME%60 )) MINUTES=$(( UPTIME/60%60 )) HOURS=$(( UPTIME/60/60%24 )) DAYS=$(( UPTIME/60/60/24 )) # État du système # Nom du serveur (UPPERCASE) HOSTNAME=$( echo $(hostname) | tr '[a-z]' '[A-Z]' ) # Adresse IP (list all ip addresses) IP_ADDRESS=$(echo $(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | sed ':a;N;$!ba;s/\n/ , /g') ) # System : Description of the distribution SYSTEM=$(echo $(lsb_release -d | awk -F':' '{print $2}' | sed 's/^\s*//g') ) # Kernel release KERNEL=$( echo $(uname -r) ) # CPU Info CPU_INFO=$(echo $(more /proc/cpuinfo | grep processor | wc -l ) "x" $(more /proc/cpuinfo | grep 'model name' | uniq |awk -F":" '{print $2}') ) # Mémoire totale MEMORY=$(echo $(free -m |grep Mem: | awk -F " " '{print $2}') MO) # Utilisation mémoire MEMORY_USED=$(echo $(free -m |grep Mem: | awk -F " " '{print $3}') MO) # Etat des services ZIMBRA=$(systemctl status zimbra | awk 'BEGIN { RS = "" } { if ($1) print $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25 " " $26 " " $27} ') IPTABLES=$(systemctl status iptables | awk 'BEGIN { RS = "" } { if ($1) print $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25 " " $26 " " $27} ') OSSEC=$(systemctl status ossec | awk 'BEGIN { RS = "" } { if ($1) print $22 " " $23 " " $24 " " $25 " " $26 " " $27 " " $28 " " $29 " " $30 " " $31 " " $32 " " $33}') echo -e " \033[1;31m+++++++++++++++++: \033[0;37mÉtat du système\033[1;31m :+++++++++++++++++++ + \033[0;37mNom du serveur \033[1;31m= \033[1;32m$HOSTNAME \033[1;31m+ \033[0;37mAdresse IP \033[1;31m= \033[1;32m$IP_ADDRESS \033[1;31m+ \033[0;37mOS \033[1;31m= \033[1;32m$SYSTEM \033[1;31m+ \033[0;37mKernel \033[1;31m= \033[1;32m$KERNEL \033[1;31m+ \033[0;37mUptime \033[1;31m= \033[1;32m$DAYS days, $HOURS hours, $MINUTES minutes, $SECONDS seconds \033[1;31m+ \033[0;37mInfo CPU \033[1;31m= \033[1;32m$CPU_INFO \033[1;31m+ \033[0;37mMémoire totale \033[1;31m= \033[1;32m$MEMORY \033[1;31m+ \033[0;37mUtilisation mémoire \033[1;31m= \033[1;32m$MEMORY_USED \033[1;31m+++++++++++++++++: \033[0;37mInfo utilisateur\033[1;31m :++++++++++++++++++ + \033[0;37mNom d'utilisateur \033[1;31m= \033[1;32mroot \033[1;31m+ \033[0;37mProcess en cours \033[1;31m= \033[1;32m$PROCCOUNT of 278528 MAX \033[1;31m+++++++++++++++++: \033[0;37mService en cours\033[1;31m :++++++++++++++++++ \033[1;31m+ \033[0;37mZimbra \033[1;31m= \033[1;32m$ZIMBRA \033[1;31m+ \033[0;37mIptables \033[1;31m= \033[1;32m$IPTABLES \033[1;31m+ \033[0;37mOssec \033[1;31m= \033[1;32m$OSSEC \033[1;31m+++++++++++++++++++++++++++++++++++++++++++++++++++++++\033[0m" |
Puis on le rend exécutable
1 |
$ sudo chmod +x /usr/local/bin/dynmotd |
Ce qui donne a la connexion au serveur
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<span style="color: #ff0000;">+++++++++++++++++:</span> État du système <span style="color: #ff0000;">:+++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Nom du serveur <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">MON_SERVEUR</span> <span style="color: #ff0000;">+</span> Adresse IP <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">120.xxx.xxx.xxx</span> <span style="color: #ff0000;">+</span> OS <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">CentOS Linux release 7.6.1810 (Core)</span> <span style="color: #ff0000;">+</span> Kernel <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3.10.0-957.10.1.el7.x86_64</span> <span style="color: #ff0000;">+</span> Uptime <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">127 days, 2 hours, 12 minutes, 45 seconds</span> <span style="color: #ff0000;">+</span> Info CPU <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">1 x Intel Core Processor (Haswell, no TSX)</span> <span style="color: #ff0000;">+</span> Mémoire totale <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3854 MO</span> <span style="color: #ff0000;">+</span> Utilisation mémoire <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3080 MO</span> <span style="color: #ff0000;">+++++++++++++++++:</span> Info utilisateur <span style="color: #ff0000;">:++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Nom d'utilisateur <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">root</span> <span style="color: #ff0000;">+</span> Process en cours <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">170 of 278528 MAX</span> <span style="color: #ff0000;">+++++++++++++++++:</span> Service en cours <span style="color: #ff0000;">:++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Zimbra <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">active (running) since Thu 2019-05-02 23:35:28 CEST; 4 months 5 days ago</span> <span style="color: #ff0000;">+</span> Iptables <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">active (running) since Thu 2019-05-02 23:31:35 CEST; 4 months 5 days ago</span> <span style="color: #ff0000;">+</span> Ossec <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">active (running) since Thu 2019-05-02 23:31:44 CEST; 4 months 5 days ago</span> <span style="color: #ff0000;">+++++++++++++++++++++++++++++++++++++++++++++++++++++++</span> |
Pour Zimbra on peut aussi afficher la liste des services mais cela peut prendre jusqu’à 30 secondes a lister, du coup c’est pas optimale surtout en cas d’incident !
1 2 |
# Etat des services ZIMBRA=$(su -l zimbra -c "/opt/zimbra/bin/zmcontrol status") |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<span style="color: #ff0000;">+++++++++++++++++:</span> État du système <span style="color: #ff0000;">:+++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Nom du serveur <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">MON_SERVEUR</span> <span style="color: #ff0000;">+</span> Adresse IP <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">120.xxx.xxx.xxx</span> <span style="color: #ff0000;">+</span> OS <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">CentOS Linux release 7.6.1810 (Core)</span> <span style="color: #ff0000;">+</span> Kernel <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3.10.0-957.10.1.el7.x86_64</span> <span style="color: #ff0000;">+</span> Uptime <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">127 days, 2 hours, 12 minutes, 45 seconds</span> <span style="color: #ff0000;">+</span> Info CPU <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">1 x Intel Core Processor (Haswell, no TSX)</span> <span style="color: #ff0000;">+</span> Mémoire totale <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3854 MO</span> <span style="color: #ff0000;">+</span> Utilisation mémoire <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">3080 MO</span> <span style="color: #ff0000;">+++++++++++++++++:</span> Info utilisateur <span style="color: #ff0000;">:++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Nom d'utilisateur <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">root</span> <span style="color: #ff0000;">+</span> Process en cours <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">170 of 278528 MAX</span> <span style="color: #ff0000;">+++++++++++++++++:</span> Service en cours <span style="color: #ff0000;">:++++++++++++++++++</span> <span style="color: #ff0000;">+</span> Zimbra <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">Host mon_serveur_mail.domaine.tld</span> <span style="color: #00ff00;"> amavis Running</span> <span style="color: #00ff00;"> antispam Running</span> <span style="color: #00ff00;"> antivirus Running</span> <span style="color: #00ff00;"> dnscache Running</span> <span style="color: #00ff00;"> imapd Running</span> <span style="color: #00ff00;"> ldap Running</span> <span style="color: #00ff00;"> logger Running</span> <span style="color: #00ff00;"> mailbox Running</span> <span style="color: #00ff00;"> memcached Running</span> <span style="color: #00ff00;"> mta Running</span> <span style="color: #00ff00;"> opendkim Running</span> <span style="color: #00ff00;"> proxy Running</span> <span style="color: #00ff00;"> service webapp Running</span> <span style="color: #00ff00;"> snmp Running</span> <span style="color: #00ff00;"> spell Running</span> <span style="color: #00ff00;"> stats Running</span> <span style="color: #00ff00;"> zimbra webapp Running</span> <span style="color: #00ff00;"> zimbraAdmin webapp Running</span> <span style="color: #00ff00;"> zimlet webapp Running</span> <span style="color: #00ff00;"> zmconfigd Running</span> <span style="color: #ff0000;">+</span> Iptables <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">active (running) since Thu 2019-05-02 23:31:35 CEST; 4 months 5 days ago</span> <span style="color: #ff0000;">+</span> Ossec <span style="color: #ff0000;">=</span> <span style="color: #00ff00;">active (running) since Thu 2019-05-02 23:31:44 CEST; 4 months 5 days ago</span> <span style="color: #ff0000;">+++++++++++++++++++++++++++++++++++++++++++++++++++++++</span> |
Visuellement c’est propre, et cela permet d’avoir une information pertinente rapidement sur l’état du système et des services qui tourne
Il est possible aussi de mettre une photo en ascii, Il y a pas mal de site comme celui ci https://www.text-image.com, on upload sa photo et on recupere le contenu en ascii
Reste plus qu’a éditer le fichier motd et d’y copier/coller le contenu.
A la connexion cela donne
Bref a chacun sa bannière ..
Quelques liens
https://doc.ubuntu-fr.org/motd
https://logd.fr/personnaliser-motd-sur-linux-debian/
https://www.pihomeserver.fr/en/2013/04/29/personnaliser-votre-message-de-connexion-ssh-avec-motd/
https://wiki.centos.org/fr/TipsAndTricks/BannerFiles