Macintosh OS X Workstation STIG, V1R1
DISA Field Security Operations
15 June 2004
Developed by DISA for the DOD
(OSX1026GEN0011: CAT II) The IAO will ensure the Legal Notice Logon Warning Banner
includes the following five points:
The system is a DOD system.
The system is subject to monitoring.
Monitoring is authorized in accordance with applicable laws and regulations and
conducted for purposes of systems management and protection, protection against
improper or unauthorized use or access, and verification of applicable security
features or procedures.
Use of the system constitutes consent to monitoring.
This system is for authorized US government use only.
3.1.2.1 Logon Warning Banner Implementation
System supplied methods to display logon banners vary. For Mac OS X this will be
implemented in two ways. Using both of these ways will cover the warning banner for both the
Aqua interface and the terminal login.
Add a line to the .plist of the login window to show the Warning Banner text on the same screen
where the user enters their username and password.
By Using the Property List Editor
Open the Property List Editor.
Open the /Library/Prefernces/com.apple.loginwindow.plist file.
Expand
Root.
Highlight Root and Select the New Child Button.
Add LoginwindowText as its name.
Place the Warning Banner Text in the Value Field.
Save the plist file.
Editing the motd file to show the Warning Banner after a terminal session is invoked.
The system displays the contents of this file via the global /etc/.login and the /etc/profile
files, depending on which shell is started.
Edit, or create, /etc/motd.
Insert the banner text.
Write
/etc/motd.
Chmod
444 /etc/motd.
Chown
root
/etc/motd.
Chgrp sys (or bin) /etc/motd.
NOTE: It is important to note that if a service is removed from a Mac OS X machine, the
machine will be more secure and a warning banner will not need to be added on that
12
UNCLASSIFIED