The HYCU virtual appliance must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log in for further access.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-268229	SRG-APP-000069-NDM-000216	HYCU-ND-000110	SV-268229r1038748_rule	2024-10-29	1

Description
The banner must be acknowledged by the administrator prior to the device allowing the administrator access to the network device. This provides assurance that the administrator has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the administrator, DOD will not comply with system use notifications required by law.

ℹ️ Check
Log in to the HYCU VM console and verify the banner setting is in use in the "/etc/ssh/sshd_config" file by executing the following command: grep Banner /etc/ssh/sshd_config If the banner is not set to "/etc/issue", this is a finding. Verify "/etc/issue" contains valid DOD notice text by executing the following command: sudo cat /etc/issue If DOD Notice is not present in the "/etc/issue" file, this is a finding. Open the HYCU Web UI login page and verify the mandatory notice is present on the Welcome page. If the mandatory notice is not present at HYCU Web UI Welcome page, this is a finding.

ℹ️ Check

Log in to the HYCU VM console and verify the banner setting is in use in the "/etc/ssh/sshd_config" file by executing the following command: grep Banner /etc/ssh/sshd_config If the banner is not set to "/etc/issue", this is a finding. Verify "/etc/issue" contains valid DOD notice text by executing the following command: sudo cat /etc/issue If DOD Notice is not present in the "/etc/issue" file, this is a finding. Open the HYCU Web UI login page and verify the mandatory notice is present on the Welcome page. If the mandatory notice is not present at HYCU Web UI Welcome page, this is a finding.

✔️ Fix
Change the GUI login page welcome message and look of the console/ssh login by following the procedure below: 1. Open a remote session to the HYCU backup controller: ssh hycu@<HYCUBackupControllerIPAddress> 2. Create the /hycudata/var/branding folder by executing: sudo mkdir -p /hycudata/var/branding 3. Make the following files available in /hycudata/var/branding: loginImage.PNG/ JPG - Login screen background (1920 x 1440) console.txt - Pre-login banner for text-based console sshd.txt - Pre-login banner for SSH access 4. Update the branding configuration by running the following command: sudo /opt/grizzly/bin/hycu-branding.sh 5. Perform a hard reload of the HYCU Web UI page in the web browser.

✔️ Fix

Change the GUI login page welcome message and look of the console/ssh login by following the procedure below: 1. Open a remote session to the HYCU backup controller: ssh hycu@<HYCUBackupControllerIPAddress> 2. Create the /hycudata/var/branding folder by executing: sudo mkdir -p /hycudata/var/branding 3. Make the following files available in /hycudata/var/branding: loginImage.PNG/ JPG - Login screen background (1920 x 1440) console.txt - Pre-login banner for text-based console sshd.txt - Pre-login banner for SSH access 4. Update the branding configuration by running the following command: sudo /opt/grizzly/bin/hycu-branding.sh 5. Perform a hard reload of the HYCU Web UI page in the web browser.