The HYCU virtual appliance must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log in for further access.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-268229	HYCU-ND-000110	SV-268229r1038748_rule		Medium

Description

The banner must be acknowledged by the administrator prior to the device allowing the administrator access to the network device. This provides assurance that the administrator has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the administrator, DOD will not comply with system use notifications required by law.

STIG	Date
HYCU Protege Security Technical Implementation Guide	2024-10-29

Details

Check Text (C-72250r1038644_chk)

Log in to the HYCU VM console and verify the banner setting is in use in the "/etc/ssh/sshd_config" file by executing the following command:
grep Banner /etc/ssh/sshd_config

If the banner is not set to "/etc/issue", this is a finding.

Verify "/etc/issue" contains valid DOD notice text by executing the following command:
sudo cat /etc/issue

If DOD Notice is not present in the "/etc/issue" file, this is a finding.

Open the HYCU Web UI login page and verify the mandatory notice is present on the Welcome page.

If the mandatory notice is not present at HYCU Web UI Welcome page, this is a finding.

Fix Text (F-72153r1038748_fix)

Change the GUI login page welcome message and look of the console/ssh login by following the procedure below:

1. Open a remote session to the HYCU backup controller:
ssh hycu@<HYCUBackupControllerIPAddress>

2. Create the /hycudata/var/branding folder by executing:
sudo mkdir -p /hycudata/var/branding

3. Make the following files available in /hycudata/var/branding:
loginImage.PNG/ JPG - Login screen background (1920 x 1440)

console.txt - Pre-login banner for text-based console

sshd.txt - Pre-login banner for SSH access

4. Update the branding configuration by running the following command:
sudo /opt/grizzly/bin/hycu-branding.sh

5. Perform a hard reload of the HYCU Web UI page in the web browser.

STIG VIEWER