Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z - Internet FAQ Archives and frequently asked questions
Section - How do I prevent my machine from announcing OS version, daemon version, etc in the banner message?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Houses ]

Top Document: and frequently asked questions
Previous Document: Should I block all ICMP at my firewall/router?
Next Document: How do I recover from forgetting my root password? (Similarly: I messed up the root line in /etc/passwd and can't su or login as
See reader questions & answers on this topic! - Help others by sharing your knowledge

In unix, find the daemon in question, possibly by finding its line
in /etc/inetd.conf, and read its man page.  For complex config files
(e.g. sendmail), search in the config file for the constant portions of the
string it's outputting (e.g. in find the string "Sendmail" with
a capital 'S').  For telnetd, some systems have "-h" to suppress the greeting
and other systems' banners come from a file called something like /etc/issue.
(Note that in redhat linux, you really want to modify /etc/rc.d/rc.local
rather than (or in addition to) /etc/issue*, because it regenerates
/etc/issue* upon boot.)  For Solaris 2.6 and greater, put "BANNER=" (without
the quotes) in /etc/default/telnetd and/or /etc/default/ftpd.  The telnetd
included with Solaris <2.6 and SunOS can't suppress the banner, but there's
no need to use that particular software; you could use GNU telnetd or wu-ftpd,
for example; or you might edit the binary, as the strings appear in it.

But this might not really be a security issue and it might not be worth
your effort.  Suppressing banners probably doesn't restrict any information
which is genuinely useful to an attacker.  If an attacker has some "exploit"
program for sendmail 1.2.3 only, then rather than checking the banner to see
if your machine is in fact running sendmail 1.2.3, they might as well just run
the exploit program, which is a direct check of whether you're vulnerable.
Whereas the banner suppression *will* interfere with some kinds of checking
of daemon versions which you yourself may want to do occasionally.

User Contributions:

Comment about this article, ask questions, or add new information about this topic: