An HTTP server is enabled on the device-paloaltonetworks-panos

An HTTP server is enabled on the device-paloaltonetworks-panos
0

An HTTP server is enabled on the device-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will check if a device has the HTTP service enabled. HTTP is not encrypted and is therefore a security risk.

Remediation Steps:
Disable the HTTP server on the device.

How does this work?
This script pulls the Palo Alto Networks firewall’s active configuration and extracts the configured services from there.

Why is this important?
HTTP is an unsecure protocol and should not be used. Users may enable HTTP unintentionally and should be alerted if they do so.

Without Indeni how would you find this?
An administrator may write a script to pull this data from devices and compare against a gold configuration.

panos-show_config_running-monitoring-xml

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-config-running-m/show-config-running-m.ind.yaml

cross_vendor_http_server_enabled

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_http_server_enabled() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_http_server_enabled",
  ruleFriendlyName = "All Devices: An HTTP server is enabled on the device",
  ruleDescription = "Indeni will check if a device has the HTTP service enabled. HTTP is not encrypted and is therefore a security risk.",
  metricName = "http-server-enabled",
  alertDescription = "The HTTP server allows unencrypted control traffic to network devices. It transmits all data in clear text, including passwords and other potentially confidential information.",
  baseRemediationText = "Disable the HTTP server on the device.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("http-server-enabled").asSingle().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Disable the HTTP server on the device. You can do so by using the "no feature http-server" configuration command.
      |2. You can verify that HTTP has been disabled by using the "show http-server" command.""".stripMargin
)