Here is something that I usually like to do when I set up new servers: create informative Message of the Day that will remind me what this server is all about and where do things live on it and maybe if I set up some special aliases and or shortcuts on that box. For example, when I log into my PogoPlug I’m greeted with something like this:
MOTD on the PogoPlug
Another server I maintain may have a slightly more complex MOTD which looks something like this:
Another MOTD
Note that I’m censoring these pictures mostly to avoid random h4x0ring attempts. Obscurity ain’t security, but posting OP addresses along with configuration details on the internet is just asking for trouble.
When you usually just ssh to one or two servers, which run the same OS and have similar setup then it is easy to keep all the relevant information about them in your head most of the time. When you have a dozen machines under your wings, some of which are work servers and some which are running mostly for fun, managing them might get a bit more confusing. Especially if they are running different OS’s and have been configured in different ways and for different purposes. What really got me into this habit was adding FreeBSD into the mix of my servers.
Prior to my adventures with FreeBSD I would mostly stick to Linux, and more specifically to the Debian/Ubuntu family of Linuxes. BSD, being a Unix behaves a lot differently and there are many subtle differences in the way you accomplish various maintenance tasks. I noticed that every time I logged into that server I had to remind myself where specific config files were, how you gracefully restart the web server, and etc… One day I broke down and simply added all of that stuff into /etc/motd and that was it.
From that point on, I would log into that server and go “Wait, how do I… Oh, never mind – it’s right here”. It also helps when you are not around, and someone else has to apply some updates or tweak some config files on that server. Quite a few people told me they love how the machines I maintain have all the useful relevant info up front, whereas other boxes on our network mostly greet them with a bare bones $ prompt.
To set it up on most systems, all you need to do is to edit the /etc/motd file. Ubuntu an Debian are both a little bit special in this aspect in that they automatically generate that file. In both cases the motd file is actually a link to /var/run/motd which gets overwritten and regenerated based on a script quite frequently.
If you want a custom message of the day on these systems, you need to edit /etc/motd.tail instead. If you happen to be running Ubuntu, then that is all you will need to do. The changes will be picked up automatically next time you log in. On Debian you actually either have to reboot the machine to see the changes, or just run something like:
uname -snrvm > /var/run/motd
[ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
Granted, this advice applies mostly to servers that will only be accessed by administrators. You probably don’t want to set a very detailed and explicit MOTD on multi-user systems that will give shell access to other people you don’t implicitly trust. In those cases, MOTD is best employed to display “Don’t fuck around on this system or you’ll get banned and/or fired” type message. I usually move my detailed setup driven MOTD to my home directory and create a .bash_profile file that basically does:
source .bashrc
[ -f ~/motd ] && cat ~/motd
This still gives me a nice welcome prompt with all the useful information, but does not expose that info to end users.
How do you use the MOTD on your systems? I’m fairly sure there could be some really interesting things I could do with it beyond what I’m using it for right now. Do you make it display useful system information? Diagnostics? Do you ignore it? Let me know in the comments.
Definitely don’t rely on obscurity in your design — that’s security through obscurity and bad design. However, even if your design is perfect, the implementation is almost certainly not, so you definitely want to give attackers as little information as possible. That’s not security through obscurity; that’s layered defense.
May be best not to rely on a blur to hide things you want hidden – can be easier than expected to figure out what the original text was, given the limited pool of options (easiest being picking out which of 10 digits the blurred result came from).
Haven’t peered closely enough at your images to know if it’s a possibility here, but you really can’t go wrong with a solid black bar over the ‘secret’ bits… no clues through that, so long as you don’t fail hilariously.
@ Chris Wellons:
Exactly. I’m going to use “layered defense” instead of “just a precaution” from now on. :)
@ Matt`:
Yeah, I’m aware that blurring isn’t optimal. I think there is an algorithm for unscrambling Photoshop blur somewhere out there as well. But I figured that if someone actually puts that much effort into deciphering my redacted screenshots I’m fucked anyway. This was more of a “stave off the temptation” kind of move. Cause I know I will get that sometimes – I will be reading a blog post, see some IP addresses or domain names and get the inkling to ping them just to see if they are real. :P
I’m not a fan of MOTDs. Usually I keep jumping in and out off SSH servers all day, so the less fuss and noise, the better. Granted, I’m spoiled since all the machines I manage are Debian or derivatives, but even if they weren’t, I’d rather just keep a “tips” file in the $HOME.
By the way, any particular reason for using FreeBSD? I tried it for a while, but I kept asking myself why would I use it. Besides ZFS, which I had no particular need for,
I never found any good reason to stick with it. Learning alternatives to the mainstream is always good, but if it’s for the educational value, I’d rather learn something particularly different like Plan9. FreeBSD just seems too similar, yet annoyingly different.
@ IceBrain:
The FreeBSD thing was a call of the network guys. I was like “Can I has debian facing web?” and they were like “NO, FreeBSD or GTFO!” Allegedly it’s more stable, more secure, etc, etc.. Ultimately all I needed on there was Apache and PHP so I didn’t really care what OS it was running as long as it was not Windows. :P
Taking me back some years…
…used to tinker with MOTD on all the *nix boxes (was rarely Linux — HPUX, AIX, Sun).
Only memory that stands out was appending dictionary.com WotD and weather and recall that the typical web http libraries were not functional for whatever reason and had to write Perl socket code to actually fetch the HTML data.