DNS servers configured do not match requirement-cisco-asa

Knowledge
, , ,
#1

DNS servers configured do not match requirement-cisco-asa

Vendor: cisco

OS: asa

Description:
Indeni can verify that certain DNS servers are configured on a specific device.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
This script login into the ASA using SSH and retrieves the DNS servers configuration by using the output of the “show running-config dns” command. The output includes the list of the device’s DNS configured servers.

Why is this important?
This metric shows the list of the configured DNS servers. DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP’s and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.

Without Indeni how would you find this?
An administrator would need to login into the device and use the “show running-config dns” command to identify if the DNS servers are configured.

cisco-asa-dns-servers

name: cisco-asa-dns-servers
description: ASA dns configured servers
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: cisco
    os.name: asa
    privileged-mode: 'true'
comments:
  dns-servers:
    why: |
        This metric shows the list of the configured DNS servers. DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP's and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.
    how: |
        This script login into the ASA using SSH and retrieves the DNS servers configuration by using the output of the "show running-config dns" command. The output includes the list of the device's DNS configured servers.
    can-with-snmp: false
    can-with-syslog: false

steps:
-   run:
      type: SSH
      file: asa-dns-servers.remote.1.bash
    parse:
      type: AWK
      file: asa-dns-servers.parser.1.awk

crossvendor_compliance_check_dns_servers

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/compliance/crossvendor_compliance_check_dns_servers.scala