The simplest method is at the text user interface. All that's required is to edit the /etc/issue file and you're done. Any text user interface login method, including SSH, by default (when uncommenting Banner in /etc/sshd_config), will display the contents of the referred to file.
Example:
# cat /etc/issue
You are accessing a COMPANY
Information System (IS) that is for authorized use only.
By using this IS (including any device attached to it),
you consent to the following conditions:
- COMPANY
routinely intercepts and monitors this IS
for purposes including, but not limited to,
penetration testing, monitoring, network
operations and defense, personnel misconduct (PM),
law enforcement (LE), and counterintelligence (CI)
investigations.
- At any time, COMPANY may
inspect and seize data stored on this IS.
- Communications using, or data stored on, this IS
are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used
for any COMPANY-authorized purpose.
- This IS includes security measures
(e.g., authentication and access controls) to protect
COMPANY interests —
not for your personal benefit or privacy.
- Not withstanding the above, using this IS
does not constitute consent to PM, LE or CI
investigative searching or monitoring of
the content of privileged communications,
or work product, related to personal representation
or services by attorneys, psychotherapists,
or clergy, and their assistants.
Such communications and work product
are private and confidential.
But in text mode, such a long message may be very inconvenient and ineffective unless the access is remote, such as via SSH. The problem is that text consoles probably don't accommodate all the text in a single screen and what's scrolled beyond will probably escape from sight. For this reason I believe a shorter message (note the spacing around the text, before, after and to the left) is more appropriate, such as:
# cat /etc/issue
You are accessing a COMPANY
Information System (IS) that is for authorized use only.
By using this IS (including any device attached to it),
you consent and agree to the IS policy & conditions.
Nevertheless, for a variety of reasons, it may be necessary or convenient to explicitly override the Banner keyword of a server's /etc/ssh/sshd_config as previously shown. This is achieved by the DisableBanner keyword on the user's home directory ~/.ssh/config or client's /etc/ssh/ssh_config or even with the -o option. See ssh_config(4) for more detail.
client# ssh -o DisableBanner=in-exec-mode server remote-command
For the graphical user interface, things are a bit more complicated. There is more than one method but I prefer the following one which I believe is more integrated into the user interface. The main disadvantage is that it's not preserved across system updates, so special care must be taken to reestablish the banner after updating the system.
The first step is to enable the banner and create a message placeholder, which must be done under the gdm special account, using the gconftool-2 (pkg://solaris/gnome/config/gconf):
$ su -
# su - gdm
gdm@desktop-1 $ gconftool-2
--direct
--config-source=xml:readwrite:$HOME/StaticSeat1/.gconf
--type bool
--set /apps/gdm/simple-greeter/banner_message_enable
true
gdm@desktop-1 $ gconftool-2
--direct
--config-source=xml:readwrite:$HOME/StaticSeat1/.gconf
--type string
--set /apps/gdm/simple-greeter/banner_message_text_nochooser
"placeholder"
Fully edit the message within the appropriate <stringvalue> markups. Pay attention that for the graphical user interface, as opposite to the text one, it's advisable to enlarge the text width and shrink its height.
gdm@desktop-1 $ cd StaticSeat1/.gconf/apps/gdm/simple-greeter
gdm@desktop-1 $ vim %gconf.xml
Then, check the editing:
gdm@desktop-1 $ gconftool-2
--direct
--config-source=xml:readwrite:$HOME/StaticSeat1/.gconf
--get /apps/gdm/simple-greeter/banner_message_text_nochooser
You are accessing a COMPANY Information System (IS) that is for authorized use only.
By using this IS (including any device attached to it), you consent to the following conditions:
* COMPANY
routinely intercepts and monitors this IS for purposes including, but not limited to,
penetration testing, monitoring, network operations and defense, personnel misconduct (PM),
law enforcement (LE), and counterintelligence (CI) investigations.
* At any time, COMPANY
may inspect and seize data stored on this IS.
* Communications using, or data stored on, this IS are not private, are subject to
routine monitoring, interception, and search, and may be disclosed or used
for any COMPANY-authorized purpose.
* This IS includes security measures (e.g., authentication and access controls)
to protect COMPANY interests ---
not for your personal benefit or privacy.
* Not withstanding the above, using this IS does not constitute consent to PM, LE or CI
investigative searching or monitoring of the content of privileged communications,
or work product, related to personal representation or services by attorneys,
psychotherapists, or clergy, and their assistants. Such communications
and work product are private and confidential.
The final step consists on minor layout adjustments on the user interface login dialog in order to make it more presentable to the user. To graphically edit as root I'll use the notes from X11 & SSH & SU.
$ xauth list
desktop-1/unix:0 MIT-MAGIC-COOKIE-1 ...
$ su -
# cd /usr/share/gdm
# cp -p gdm-greeter-login-window{,-backup}.ui
# cp -p logo{,-backup}.png
Replace the logo with a more appropriate .PNG of at most 195 x 66 pixels.
Don't forget to use transparency for a better look & feel.
# cp /tmp/company_logo.png ./logo.png
# cp logo{,-site}.png
Open the Glade user interface dialog definition (gdm-greeter-login-window.ui) and edit the auth-banner-label, setting its justification to left and its text flow to normal text.
# xauth add desktop-1/unix:0 MIT-MAGIC-COOKIE-1 ...
# export DISPLAY=:0.0
# glade-3 gdm-greeter-login-window.ui 2> /dev/null &
# cp -p gdm-greeter-login-window{,-site}.ui
# xauth remove desktop-1/unix:0
# ^D
The final result is something such as:
It may be required a few text editing cycles for reaching the desired text contents and layout. In order to help the interactive process, things can be accomplished remotely via SSH and, at each step, GDM can be conveniently restarted as:
# svcadm restart gdm
