GEN:SID 1:1371
Message WEB-ATTACKS /etc/motd access
Summary This event is generated when an attempt is made to access the message of the day (motd) via the web
Impact Attempt to gain information about the system on a webserver
Detailed Information This is an attempt to gain intelligence about the system hosting a webserver. The motd is used to display system information on a UNIX or Linux based system. The attacker could possibly gain information needed for other attacks on the host.
Affected Systems  
Attack Scenarios The attacker can make a standard HTTP request that contains '/etc/motd' in the URI.
Ease of Attack Simple HTTP request.
Corrective Action Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This file may also be requested on a command line should the attacker gain access to the machine. Making the file read only by the superuser on the system will disallow viewing of the file by other users.
Additional References