The HYCU virtual appliance must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-268228	SRG-APP-000068-NDM-000215	HYCU-ND-000100	SV-268228r1038752_rule	2024-10-29	1

Description
Display of the DOD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

ℹ️ Check
Log in to the HYCU VM console and verify the banner setting is in use in the "/etc/ssh/sshd_config" file by executing the following command: grep Banner /etc/ssh/sshd_config If the banner is not set to "/etc/issue", this is a finding. Verify "/etc/issue" contains valid DOD notice text by executing the following command: sudo cat /etc/issue If the DOD notice is not present in the "/etc/issue" file, this is a finding. Open the HYCU Web UI login page and verify the mandatory notice is present on the welcome page. If the mandatory notice is not present at the HYCU Web UI welcome page, this is a finding.

ℹ️ Check

Log in to the HYCU VM console and verify the banner setting is in use in the "/etc/ssh/sshd_config" file by executing the following command: grep Banner /etc/ssh/sshd_config If the banner is not set to "/etc/issue", this is a finding. Verify "/etc/issue" contains valid DOD notice text by executing the following command: sudo cat /etc/issue If the DOD notice is not present in the "/etc/issue" file, this is a finding. Open the HYCU Web UI login page and verify the mandatory notice is present on the welcome page. If the mandatory notice is not present at the HYCU Web UI welcome page, this is a finding.

✔️ Fix
The GUI login page welcome message and look of the console/ssh login can be changed by following the procedure below: 1. Open a remote session to the HYCU backup controller: ssh hycu@<HYCUBackupControllerIPAddress> 2. Create the /hycudata/var/branding folder by executing: sudo mkdir -p /hycudata/var/branding 3. Make the following files available in /hycudata/var/branding: loginImage.PNG/ JPG - Login screen background (1574?×?1920) console.txt - Pre-login banner for text-based console sshd.txt - Pre-login banner for SSH access 3. Update the branding configuration by running the following command: sudo /opt/grizzly/bin/hycu-branding.sh 4. Perform a hard reload of the HYCU Web UI page in the web browser.

✔️ Fix

The GUI login page welcome message and look of the console/ssh login can be changed by following the procedure below: 1. Open a remote session to the HYCU backup controller: ssh hycu@<HYCUBackupControllerIPAddress> 2. Create the /hycudata/var/branding folder by executing: sudo mkdir -p /hycudata/var/branding 3. Make the following files available in /hycudata/var/branding: loginImage.PNG/ JPG - Login screen background (1574?×?1920) console.txt - Pre-login banner for text-based console sshd.txt - Pre-login banner for SSH access 3. Update the branding configuration by running the following command: sudo /opt/grizzly/bin/hycu-branding.sh 4. Perform a hard reload of the HYCU Web UI page in the web browser.