Setup guide

UNCLASSIFIED

Chapter 4 –

Configuring System Settings

6. Open a new terminal window and issue the following command, replacing

<xx> with two random characters and <password> with an appropriate

8-character password:

openssl passwd -salt <xx> <password>

A hash of the password will be displayed after executing the command.

7. Type or paste the password hash where the asterisk was deleted in step 10.

8. Exit, saving changes.

Logon Warning Banners

A logon banner can be used to provide notice of the system’s ownership, warn away

unauthorized users, and remind authorized users of their consent to monitoring.

The text displayed in the logon banner should be determined by site policy. Warning

banners should be displayed on all systems.

Banners should be provided to users logging onto the system locally, and also to any

users logging into services remotely. To provide a logon warning banner to local

(GUI) users:

1. Edit the file

/Library/Preferences/com.apple.loginwindow.plist as an

administrator. To do this, start the Terminal application, found in

/Applications/Utilities, and enter the following command (the entire

command is entered on a single line):

sudo pico

/Library/Preferences/com.apple.loginwindow.plist

2. Immeditately after the <dict> tag, add new lines with a <key> and <string>

entry, as show below in bold. The new <key> tag must contain

LoginwindowText, but the new <string> can contain whatever warning

banner has been indicated by site policy.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST

1.0//EN" "http://www.apple.com/DTDs/PropertyList-

1.0.dtd">

<dict>

<key>LoginwindowText</key>