ESXi security / login banner

D

defuseme2k

[H]ard|Gawd
Joined
Oct 7, 2004
Messages
1,074
OK so this one makes me crazy. Being that I'm DoD, it is a very high requirement that we have a "consent" banner display at login. We can do this for vCenter logins by using the MOTD feature.

ESXi can have this done for SSH logins by hacking around with rc.local to create a banner file at each boot (so it persists), which can then be referenced for dropbear in the inetd.conf file. I find all of that way too duck tape and shoe string, and it doesn't appear it would solve the problem if someone logged into either the DCUI or Local Tech Support Mode.

Lopoetve, please fix, thx :).
 
You'd need to modify /etc/motd, which would then work for everything, from what I can tell.
 
you'd have to recompile the changes back into the bootbank, which is something I don't know how to do as much.
 
You can just run auto-backup.sh, once you change the welcome file and restart the DCUI you can run the backup yourself and it'll stick. Thing is... the damn banner message is WAAAAY too long to fit on the DCUI, so we will just have to accept that it can't be done on that particular portion of it. For local and remote tech support modes the motd works fine.

I had to copy the welcome file back from another host when I was done to get the display back like it was. Weird, the emptied file didn't work on its own :).
 
You must log in or register to reply here.
Back
Top