Configured SSH timeout too high-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Indeni will alert when a device’s configured SSH timeout is too high
Remediation Steps:
Reconfigure the device’s SSH timeout setting. You may also change the alert’s threshold, or disable the alert completely, if not needed.
|
|1. SSH to the device.
|2. Use the “configure” command to enter into the configuration mode.
|3. Run the “set deviceconfig setting management idle-timeout [timeout]” to configure the SSH timeout setting of the device.
|4. Run the “commit” command to make the change take effect.
How does this work?
This script uses the Palo Alto Networks API to retrieve the SSH idle timeout configuration.
Why is this important?
Tracking SSH idle timeout can help prevent security risks exposed by user leaving the ssh terminal idle for too long.
Without Indeni how would you find this?
An administrator can login to the SSH terminal and run ‘show cli idle-timeout’ to view the configured idle timeout setting. The challenge would be to have to check regularly to make sure the setting is in compliance.
panos-show-cli-idle-timeout
name: panos-show-cli-idle-timeout
description: Fetch cli idle timeout
type: monitoring
monitoring_interval: 59 minutes
requires:
vendor: paloaltonetworks
os.name: panos
product: firewall
comments:
ssh-timeout:
why: |
Tracking SSH idle timeout can help prevent security risks exposed by user leaving the ssh terminal idle for too long.
how: |
This script uses the Palo Alto Networks API to retrieve the SSH idle timeout configuration.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: HTTP
command: /api?type=op&cmd=<show><cli><idle-timeout></idle-timeout></cli></show>&key=${api-key}
parse:
type: XML
file: panos-show-cli-idle-timeout.parser.1.xml.yaml
CrossVendorSshTimeoutHighRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorSshTimeoutHighRule.scala