avni.ademi/bashgen
avni.ademi/bashgen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add DOD CMMC approved pre-login banner option

Browse Source
This commit is contained in:
Avni Ademi 2026-01-27 19:01:27 +01:00
parent d4b8c2350b
commit 81895181e9
4 changed files with 70 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@ -20,9 +20,10 @@ COPY bashgen/templates/ ./templates/
# Copy banner markdown files # Copy banner markdown files
# Use templates directory as source, copy to workingscope in container # Use templates directory as source, copy to workingscope in container
COPY bashgen/templates/loginbanner.md.template bashgen/templates/postloginbanner.md.template /tmp/ COPY bashgen/templates/loginbanner.md.template bashgen/templates/loginbanner_dod_cmmc.md.template bashgen/templates/postloginbanner.md.template /tmp/
RUN mkdir -p /app/workingscope && \ RUN mkdir -p /app/workingscope && \
cp /tmp/loginbanner.md.template /app/workingscope/loginbanner.md && \ cp /tmp/loginbanner.md.template /app/workingscope/loginbanner.md && \
cp /tmp/loginbanner_dod_cmmc.md.template /app/workingscope/loginbanner_dod_cmmc.md && \
cp /tmp/postloginbanner.md.template /app/workingscope/postloginbanner.md cp /tmp/postloginbanner.md.template /app/workingscope/postloginbanner.md
# Expose port # Expose port

10
app.py
View File

@ -42,6 +42,7 @@ def generate(
ssh_harden: str | None = Form(default=None), ssh_harden: str | None = Form(default=None),
install_fail2ban: str | None = Form(default=None), install_fail2ban: str | None = Form(default=None),
prelogin_banner: str | None = Form(default=None), prelogin_banner: str | None = Form(default=None),
banner_type: str = Form(default="default"), # "default" or "dod_cmmc"
postlogin_banner: str | None = Form(default=None), postlogin_banner: str | None = Form(default=None),
ssh_2fa: str | None = Form(default=None), ssh_2fa: str | None = Form(default=None),
@ -90,18 +91,25 @@ def generate(
app_path = Path(__file__).parent app_path = Path(__file__).parent
base_path = app_path.parent base_path = app_path.parent
# Determine which pre-login banner to use based on banner_type
banner_filename = "loginbanner_dod_cmmc.md.template" if banner_type == "dod_cmmc" else "loginbanner.md.template"
# Priority order: 1) workingscope directory, 2) templates directory, 3) Docker workingscope # Priority order: 1) workingscope directory, 2) templates directory, 3) Docker workingscope
prelogin_banner_path = base_path / "workingscope" / "loginbanner.md" prelogin_banner_path = base_path / "workingscope" / "loginbanner.md"
postlogin_banner_path = base_path / "workingscope" / "postloginbanner.md" postlogin_banner_path = base_path / "workingscope" / "postloginbanner.md"
# Fallback to templates directory (for repository templates) # Fallback to templates directory (for repository templates)
if not prelogin_banner_path.exists(): if not prelogin_banner_path.exists():
prelogin_banner_path = app_path / "templates" / "loginbanner.md.template" prelogin_banner_path = app_path / "templates" / banner_filename
if not postlogin_banner_path.exists(): if not postlogin_banner_path.exists():
postlogin_banner_path = app_path / "templates" / "postloginbanner.md.template" postlogin_banner_path = app_path / "templates" / "postloginbanner.md.template"
# Final fallback: Docker container workingscope directory # Final fallback: Docker container workingscope directory
if not prelogin_banner_path.exists(): if not prelogin_banner_path.exists():
# Try DOD CMMC banner if selected, otherwise default
if banner_type == "dod_cmmc":
prelogin_banner_path = Path("workingscope") / "loginbanner_dod_cmmc.md"
else:
prelogin_banner_path = Path("workingscope") / "loginbanner.md" prelogin_banner_path = Path("workingscope") / "loginbanner.md"
if not postlogin_banner_path.exists(): if not postlogin_banner_path.exists():
postlogin_banner_path = Path("workingscope") / "postloginbanner.md" postlogin_banner_path = Path("workingscope") / "postloginbanner.md"

4
templates/index.html
View File

@ -36,6 +36,10 @@
<label><input type="checkbox" name="ssh_harden" checked /> SSH hardening (disable root, key-only option)</label> <label><input type="checkbox" name="ssh_harden" checked /> SSH hardening (disable root, key-only option)</label>
<label><input type="checkbox" name="install_fail2ban" checked /> Install Fail2ban (intrusion prevention)</label> <label><input type="checkbox" name="install_fail2ban" checked /> Install Fail2ban (intrusion prevention)</label>
<label><input type="checkbox" name="prelogin_banner" /> Pre-login banner (SSH)</label> <label><input type="checkbox" name="prelogin_banner" /> Pre-login banner (SSH)</label>
<div style="margin-left: 24px; margin-top: 4px; margin-bottom: 8px;">
<label><input type="radio" name="banner_type" value="default" checked /> Default banner</label>
<label style="margin-left: 16px;"><input type="radio" name="banner_type" value="dod_cmmc" /> DOD CMMC Approved banner</label>
</div>
<label><input type="checkbox" name="postlogin_banner" /> Post-login banner (MOTD)</label> <label><input type="checkbox" name="postlogin_banner" /> Post-login banner (MOTD)</label>
<label><input type="checkbox" name="ssh_2fa" /> SSH 2FA (Google Authenticator PAM)</label> <label><input type="checkbox" name="ssh_2fa" /> SSH 2FA (Google Authenticator PAM)</label>
</fieldset> </fieldset>

54
templates/loginbanner_dod_cmmc.md.template Normal file
View File

@ -0,0 +1,54 @@
********************************************************************************
* *
* OFFICIAL USE ONLY RESTRICTED SYSTEM *
* *
********************************************************************************
* *
* This information system is the private property of the system owner and *
* is provided for authorized use only. *
* *
* Access is limited to individuals who have been explicitly granted *
* authorization by the system owner or designated authority. *
* *
* Unauthorized access, use, or modification of this system is prohibited *
* and may result in disciplinary action, civil liability, termination of *
* access rights, and criminal or civil prosecution where applicable. *
* *
********************************************************************************
* *
* MONITORING AND LOGGING NOTICE *
* *
* This system is subject to continuous monitoring. *
* *
* Information monitored and recorded may include, but is not limited to: *
* • Source and destination IP addresses *
* • Authentication attempts (successful and unsuccessful) *
* • Session timestamps and duration *
* • User activity and system interactions *
* *
* All data collected may be reviewed by authorized personnel and may be *
* used for security operations, incident response, compliance verification, *
* and legal proceedings. *
* *
* Records generated by this system may be used as evidence in administrative,*
* civil, or criminal proceedings. *
* *
********************************************************************************
* *
* By accessing or continuing to use this system, you acknowledge and *
* consent to the monitoring, recording, and auditing of all activity. *
* *
* If you do not agree to these conditions, you must disconnect immediately. *
* *
********************************************************************************
* *
* System Caretaker / Technical Administration: *
* ScardusTech L.L.C. *
* https://scardustech.com *
* *
* System Owner: *
* Name: [OWNER_NAME] *
* Website: [OWNER_WEBSITE] *
* Email: [OWNER_EMAIL] *
* *
********************************************************************************