The OS X system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.

From Apple OS X 10.12 Security Technical Implementation Guide

SV-90689r1_rule The OS X system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH.

Vulnerability discussion

Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.The banner must be formatted in accordance with DTM-08-060.Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000024-GPOS-00007

Check content

For systems that allow remote access through SSH, run the following command to verify that "/etc/banner" is displayed before granting access: # /usr/bin/grep Banner /etc/ssh/sshd_config If the sshd Banner configuration option does not point to "/etc/banner", this is a finding.

Fix text

For systems that allow remote access through SSH, modify the "/etc/ssh/sshd_config" file to add or update the following line: Banner /etc/banner

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.