diff --git a/Dockerfile b/Dockerfile
index 8d435d1..15c32df 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,9 +20,10 @@ COPY bashgen/templates/ ./templates/
# Copy banner markdown files
# Use templates directory as source, copy to workingscope in container
-COPY bashgen/templates/loginbanner.md.template bashgen/templates/postloginbanner.md.template /tmp/
+COPY bashgen/templates/loginbanner.md.template bashgen/templates/loginbanner_dod_cmmc.md.template bashgen/templates/postloginbanner.md.template /tmp/
RUN mkdir -p /app/workingscope && \
cp /tmp/loginbanner.md.template /app/workingscope/loginbanner.md && \
+ cp /tmp/loginbanner_dod_cmmc.md.template /app/workingscope/loginbanner_dod_cmmc.md && \
cp /tmp/postloginbanner.md.template /app/workingscope/postloginbanner.md
# Expose port
diff --git a/app.py b/app.py
index e92113c..0bfa412 100644
--- a/app.py
+++ b/app.py
@@ -42,6 +42,7 @@ def generate(
ssh_harden: str | None = Form(default=None),
install_fail2ban: str | None = Form(default=None),
prelogin_banner: str | None = Form(default=None),
+ banner_type: str = Form(default="default"), # "default" or "dod_cmmc"
postlogin_banner: str | None = Form(default=None),
ssh_2fa: str | None = Form(default=None),
@@ -90,19 +91,26 @@ def generate(
app_path = Path(__file__).parent
base_path = app_path.parent
+ # Determine which pre-login banner to use based on banner_type
+ banner_filename = "loginbanner_dod_cmmc.md.template" if banner_type == "dod_cmmc" else "loginbanner.md.template"
+
# Priority order: 1) workingscope directory, 2) templates directory, 3) Docker workingscope
prelogin_banner_path = base_path / "workingscope" / "loginbanner.md"
postlogin_banner_path = base_path / "workingscope" / "postloginbanner.md"
# Fallback to templates directory (for repository templates)
if not prelogin_banner_path.exists():
- prelogin_banner_path = app_path / "templates" / "loginbanner.md.template"
+ prelogin_banner_path = app_path / "templates" / banner_filename
if not postlogin_banner_path.exists():
postlogin_banner_path = app_path / "templates" / "postloginbanner.md.template"
# Final fallback: Docker container workingscope directory
if not prelogin_banner_path.exists():
- prelogin_banner_path = Path("workingscope") / "loginbanner.md"
+ # Try DOD CMMC banner if selected, otherwise default
+ if banner_type == "dod_cmmc":
+ prelogin_banner_path = Path("workingscope") / "loginbanner_dod_cmmc.md"
+ else:
+ prelogin_banner_path = Path("workingscope") / "loginbanner.md"
if not postlogin_banner_path.exists():
postlogin_banner_path = Path("workingscope") / "postloginbanner.md"
diff --git a/templates/index.html b/templates/index.html
index 191a5be..8357a8a 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -36,6 +36,10 @@
+
+
+
+
diff --git a/templates/loginbanner_dod_cmmc.md.template b/templates/loginbanner_dod_cmmc.md.template
new file mode 100644
index 0000000..77f050e
--- /dev/null
+++ b/templates/loginbanner_dod_cmmc.md.template
@@ -0,0 +1,54 @@
+********************************************************************************
+* *
+* OFFICIAL USE ONLY – RESTRICTED SYSTEM *
+* *
+********************************************************************************
+* *
+* This information system is the private property of the system owner and *
+* is provided for authorized use only. *
+* *
+* Access is limited to individuals who have been explicitly granted *
+* authorization by the system owner or designated authority. *
+* *
+* Unauthorized access, use, or modification of this system is prohibited *
+* and may result in disciplinary action, civil liability, termination of *
+* access rights, and criminal or civil prosecution where applicable. *
+* *
+********************************************************************************
+* *
+* MONITORING AND LOGGING NOTICE *
+* *
+* This system is subject to continuous monitoring. *
+* *
+* Information monitored and recorded may include, but is not limited to: *
+* • Source and destination IP addresses *
+* • Authentication attempts (successful and unsuccessful) *
+* • Session timestamps and duration *
+* • User activity and system interactions *
+* *
+* All data collected may be reviewed by authorized personnel and may be *
+* used for security operations, incident response, compliance verification, *
+* and legal proceedings. *
+* *
+* Records generated by this system may be used as evidence in administrative,*
+* civil, or criminal proceedings. *
+* *
+********************************************************************************
+* *
+* By accessing or continuing to use this system, you acknowledge and *
+* consent to the monitoring, recording, and auditing of all activity. *
+* *
+* If you do not agree to these conditions, you must disconnect immediately. *
+* *
+********************************************************************************
+* *
+* System Caretaker / Technical Administration: *
+* ScardusTech L.L.C. *
+* https://scardustech.com *
+* *
+* System Owner: *
+* Name: [OWNER_NAME] *
+* Website: [OWNER_WEBSITE] *
+* Email: [OWNER_EMAIL] *
+* *
+********************************************************************************