*** Bug 1751337 has been marked as a duplicate of this bug. ***

Patternfly4 is going to implement something similar called "banner" which should be called the same thing in Gnome. This way we broaden its usage beyond just government to healthcare, telco, etc.

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Created attachment 1782853 [details]
Requested screenshot of banner

This is a screenshot of the basic idea of what we're looking for, with the option to have the hostname/classification/username across the top of the screen (with a banner across the bottom of the screen as well). Thanks.

Hey Chad,
Thank you for the upload.  Are there any formal government processes that you need to adhere to?  I am trying to track down anything official for color coding these messages.  So far I have found this site **Warning, not a Red Hat website** https://www.stigviewer.com/stig/keyboard_video_and_mouse_switch/2015-06-30/finding/V-6680:

"Modify the screen backgrounds for each information system attached to the KVM switch to comply with information below.


These banners will state the overall classification level of the information system in large bold type.

These banners will have a solid background color assigned using the following scheme:
Yellow for Sensitive Compartmented Information (SCI).
Orange for Top Secret (TS).
Red for Secret.
Blue for Confidential.
Green for Unclassified."

But this is nothing official AFAICT.

-Steve

The official colors can be found here: https://github.com/SecurityCentral/classification-banner/#examples

Hi Steve,
The closest that I've been able to find to an official color scheme is what the US GPO uses for the classification stickers we also use. This link is to a contract that they released a few years ago to have the stickers printed. In section two, they specify the Pantone color values: https://www.gpo.gov/docs/default-source/contract-pricing/contract-pricing/dallas/ab1724s.pdf (PMS 356C for Unclassified; PMS 186C for Secret, etc.) In my decades of doing this, we've always tried to match the GPO stickers. The summary that Kenyon points to on GitHub comes from the contract listed above.

There is also http://everyspec.com/MIL-STD/MIL-STD-1400-1499/download.php?spec=MIL-STD-1472H.057041.pdf which defines "green=unclassified", "red=secret", "orange=top secret", etc. (page 390 of the pdf)

For the banner text and how systems should be marked, that comes directly from DoD policy: https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol2.pdf  (page 20)

Hey Chad/Kenyon,
Thank you both for the links provided.  I think we have a good list of what is needed here.  I will reach out to you if there is anything else we need.

For those trying to get https://github.com/fcaviggia/classification-banner to work with RHEL8.4, we discovered that by using Python 2.7 and Version 1.7.0 of classification-banner from 2018, the banner works as expected with no workarounds.

Initial upstream work for this: https://gitlab.gnome.org/GNOME/gnome-shell-extensions/-/merge_requests/193

(In reply to August from comment #28)
> For those trying to get https://github.com/fcaviggia/classification-banner
> to work with RHEL8.4, we discovered that by using Python 2.7 and Version
> 1.7.0 of classification-banner from 2018, the banner works as expected with
> no workarounds.

Can you please provide more information? What steps were used to install and run? I was not able to get this working on RHEL 8.4, using python 2.7.18 and version 1.7.0 of classification-banner. 
I installed from source with "python setup.py install" which installed it in /usr/bin/classification-banner. I created /etc/classification-banner with the text and color codes. But when I run classification-banner, it does not work. No banner is shown.

https://gitlab.gnome.org/GNOME/gnome-shell-extensions/-/merge_requests/193 is actually more for bug 1651378 than this bug, although there is certainly some overlap.

(In reply to jon.wesel from comment #39)
> (In reply to August from comment #28)
> > For those trying to get https://github.com/fcaviggia/classification-banner
> > to work with RHEL8.4, we discovered that by using Python 2.7 and Version
> > 1.7.0 of classification-banner from 2018, the banner works as expected with
> > no workarounds.
> 
> Can you please provide more information? What steps were used to install and
> run? I was not able to get this working on RHEL 8.4, using python 2.7.18 and
> version 1.7.0 of classification-banner. 
> I installed from source with "python setup.py install" which installed it in
> /usr/bin/classification-banner. I created /etc/classification-banner with
> the text and color codes. But when I run classification-banner, it does not
> work. No banner is shown.

To get classification-banner to work with rhel 8.4 you need the following packages installed:
python2
pygtk2
libcanberra-gtk2

After those are installed you can run "python2 setup.py install" and execute "classification-banner" to load the banner. The banner is a little buggy if you are trying to use multiple monitors and the escape to hide function (banner randomly moves to the middle of the screen).

(In reply to linux.duzt from comment #41)
> To get classification-banner to work with rhel 8.4 you need the following
> packages installed:
> python2
> pygtk2
> libcanberra-gtk2
> 
> After those are installed you can run "python2 setup.py install" and execute
> "classification-banner" to load the banner. The banner is a little buggy if
> you are trying to use multiple monitors and the escape to hide function
> (banner randomly moves to the middle of the screen).

Thank you! This worked. I was missing pygtk2.

The classification banner works as expected withing a session and on the lock screen using: gnome-shell-extensions-3.32.1-27.el8. We will need to come up with some instructions to enable the extension for the GDM user in order to get it working on the login screen. fmuellner: afaics, that's only possible via a dconf override for the 'enabled-extensions' key in /org/gnome/shell.

Using gnome-shell-extensions-3.32.1-27.el8, you can easily program a classification banner within the running session, lock screen and the login screen.

To create a banner in the session and lock screen simply install the extension then customize the extension using one of the many ways, it works perfectly running gnome-shell-extension-prefs.

To create a red banner with white text on the login screen do the following (obviously this can be tailored by the user):

1. Install gnome-shell-extension-classification-banner-3.32.1-27.el8 and at least gnome-shell-3.32.2-39.el8
2. Create file called /etc/dconf/db/gdm.d/99-class-banner

[org/gnome/shell]
enabled-extensions=['classification-banner.github.com']

[org/gnome/shell/extensions/classification-banner]
background-color='rgba(200,16,46,0.75)'
message='TOP SECRET'
top-banner=true
bottom-banner=true
system-info=true
color='rgb(255,255,255)'

3. dconf update as root
4. reboot

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (gnome-shell-extensions bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1807