Forum Discussion
Blue_whale
Cirrocumulus
CirrocumulusF5 login banner - GUI/CLI
Hello Team ,
I would like to set the login banner , Can you please confirm if the below command works ? Will this applicable for both GUI nad CLI banner ?
tmsh modify sys global-settings console-inactivity-timeout 900
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
tmsh modify cli global-settings idle-timeout 15
Hi Sarovani,
For the command help that you have asked please see below
Task 1
tmsh modify sys global-settings console-inactivity-timeout 900
Task 2tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Task 3tmsh modify cli global-settings idle-timeout 15
So in general here are the options available for SYS GOBAL-Settings options
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
Options:
all-properties one-line
non-default-properties |
Properties:
aws-access-key
aws-api-max-concurrency
aws-secret-key
console-inactivity-timeout
custom-addr
description
failsafe-action
file-blacklist-path-prefix
file-blacklist-read-only-path-prefix
file-local-path-prefix
file-whitelist-path-prefixgui-audit
gui-expired-cert-alert
gui-security-banner
gui-security-banner-text
gui-setup
host-addr-mode
hostname
hosts-allow-include
lcd-display
led-locator
mgmt-dhcpnet-reboot
password-prompt
quiet-boot
remote-host
ssh-max-session-limit
ssh-max-session-limit-per-user
ssh-root-session-limit
ssh-session-limit
username-promptTASK 1 (IN TMSH Mode)
=======
tmsh modify sys global-settings console-inactivity-timeout 900
======
Please take ucs backup before making changes .
First use list command to note the default settings in case you need to rever back or for your history purpose
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
sys global-settings {
console-inactivity-timeout 0
}The command you need in TMSH Mode
list sys global-settings console-inactivity-timeout
modify sys global-settings console-inactivity-timeout 900
Task 2 (IN TMSH Mode) - This will apply onnly on the GUI
=======
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
sys global-settings {
gui-security-banner enabled
}root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
sys global-settings {
gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.Log in with your username and password using the fields on the left."
}Modify Command
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#Test /List again after changing banner
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
gui-security-banner-text "THIS IS A TEST MACHINE"
}TASK 3(IN TMSH Mode)
=========
tmsh modify cli global-settings idle-timeout 15
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
cli global-settings {
idle-timeout disabled
}list cli global-settings idle-timeout
tmsh modify cli global-settings idle-timeout 15
So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles
a pre-login or post-login message banner for the BIG-IP
https://my.f5.com/manage/s/article/K6068
Configure an advisory banner for the BIG-IP system
https://my.f5.com/manage/s/article/K42313219Hope this helps
š
ā
Hi Sarovani,
For the command help that you have asked please see below
Task 1
tmsh modify sys global-settings console-inactivity-timeout 900
Task 2tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Task 3tmsh modify cli global-settings idle-timeout 15
So in general here are the options available for SYS GOBAL-Settings options
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings
Options:
all-properties one-line
non-default-properties |
Properties:
aws-access-key
aws-api-max-concurrency
aws-secret-key
console-inactivity-timeout
custom-addr
description
failsafe-action
file-blacklist-path-prefix
file-blacklist-read-only-path-prefix
file-local-path-prefix
file-whitelist-path-prefixgui-audit
gui-expired-cert-alert
gui-security-banner
gui-security-banner-text
gui-setup
host-addr-mode
hostname
hosts-allow-include
lcd-display
led-locator
mgmt-dhcpnet-reboot
password-prompt
quiet-boot
remote-host
ssh-max-session-limit
ssh-max-session-limit-per-user
ssh-root-session-limit
ssh-session-limit
username-promptTASK 1 (IN TMSH Mode)
=======
tmsh modify sys global-settings console-inactivity-timeout 900
======
Please take ucs backup before making changes .
First use list command to note the default settings in case you need to rever back or for your history purpose
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings console-inactivity-timeout
sys global-settings {
console-inactivity-timeout 0
}The command you need in TMSH Mode
list sys global-settings console-inactivity-timeout
modify sys global-settings console-inactivity-timeout 900
Task 2 (IN TMSH Mode) - This will apply onnly on the GUI
=======
tmsh modify sys gui-security-banner-text "THIS IS A TEST MACHINE."
Here you need to check 2 command that GUI Security Banner should be enabled if not you have to modify and make it enable also to use the second part of this command.
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner
sys global-settings {
gui-security-banner enabled
}root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text
sys global-settings {
gui-security-banner-text "Welcome to the BIG-IP Configuration Utility.Log in with your username and password using the fields on the left."
}Modify Command
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE"
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)#Test /List again after changing banner
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list sys global-settings gui-security-banner-text sys global-settings {
gui-security-banner-text "THIS IS A TEST MACHINE"
}TASK 3(IN TMSH Mode)
=========
tmsh modify cli global-settings idle-timeout 15
root@(F5-Design_Engg02)(cfg-sync Standalone)(Active)(/Common)(tmos)# list cli global-settings idle-timeout
cli global-settings {
idle-timeout disabled
}list cli global-settings idle-timeout
tmsh modify cli global-settings idle-timeout 15
So leftover task is to set a Banner for pre login and post login on CLI please refer the following 2 articles
a pre-login or post-login message banner for the BIG-IP
https://my.f5.com/manage/s/article/K6068
Configure an advisory banner for the BIG-IP system
https://my.f5.com/manage/s/article/K42313219Hope this helps
š
ā
Hi Sarovani,
GUI Banner:
tmsh modify sys global-settings gui-security-banner-text "THIS IS A TEST MACHINE."CLI Banner:
tmsh modify sys sshd banner enabled banner-text "THIS IS A TEST MACHINE."Impact of procedure: These changes may not be present after an upgrade or re-installation. Therefore, F5 does not officially recommend these changes. However, if the changes are required due to a security policy, ensure that the changes are verified after any upgrades. In addition, these changes may not propagate to HA peers and you must perform this procedure to all devices in the device group if required.
