Debug mode enabled-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.
Remediation Steps:
Turn off the debug as soon as possible.
Log into the device using SSH, type “debug " and then begin typing the items listed above. Usually the last term in the command can be replaced with a “show” or something similar to identify the current settings.\nFor a list of debug commands and purpose, refer to this table: https://indeni.atlassian.net/wiki/spaces/IKP/pages/536117271/Palo+Alto+Networks+Debugs+Cheat+Sheet”,
panos-debug-status-management-server-show
name: panos-debug-status-management-server-show
description: Grab the debug status of management-server
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: paloaltonetworks
os.name: panos
product: firewall
comments:
debug-status:
why: |
When troubleshooting a system, debug flags are often enabled. If they are left in that state, they will use extra resources that can create service interruptions or reduced throughput.
how: |
This script logs into the Palo Alto Networks firewall through SSH and runs the "debug management-server show" command.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: debug management-server show
parse:
type: AWK
file: debug-status-management-server-show.parser.1.awk
cross_vendor_debug_on
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_debug_on.scala