CCE-55008-7Platform: cpe:/o:redhat:enterprise_linux:8,cpe:/o:oracle:linux:7,cpe:/o:oracle:linux:8,cpe:/o:amazon:linux:2,cpe:/o:redhat:enterprise_linux:9,cpe:/o:redhat:enterprise_linux:7,cpe:/o:centos:centos:7 | Date: (C)2024-01-08 (M)2024-04-23 |
The contents of /etc/motd file are displayed to users after login and function as a message of the day for authenticated users.
Rationale:
Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place. Displaying OS and patch level information in login banners also has the side effect of providing detailed system information to attackers attempting to target specific exploits of a system.
Fix:
Edit /etc/motd file with the appropriate contents according to your site policy, remove any instances of \r \s \m \v
Parameter:
[yes/no]
Technical Mechanism:
Edit /etc/motd file with the appropriate contents according to your site policy, remove any instances of \\r \\s \\m \\v
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.4 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 2.5 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96253 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97442 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97210 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97475 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97179 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:97505 |