DNS servers used do not match across cluster members-fortinet-FortiOS

DNS servers used do not match across cluster members-fortinet-FortiOS
0

DNS servers used do not match across cluster members-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Indeni will identify when two devices are part of a cluster and alert if the DNS servers they are using are different.

Remediation Steps:
Review the DNS configuration on each device to ensure they match.

How does this work?
Using the built-in “get system dns” command, lists each configured DNS server on the device.

Why is this important?
DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP’s and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.

Without Indeni how would you find this?
An administrator could login and manually run the command. Showing the configured DNS servers is normally only available on the CLI or via WebUI.

fortios-get-system-dns

name: fortios-get-system-dns
description: display the configured DNS servers in the Indeni UI
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    dns-servers:
        why: |
            DNS allows a device to resolve a name to an IP address. For example, an application or website may be associated with many IP's and DNS allows the client to use a name or FQDN to reach it. If a device is clustered then it would be expected to have the same DNS servers configured on all members of the cluster.
        how: |
            Using the built-in "get system dns" command, lists each configured DNS server on the device.
        without-indeni: |
            An administrator could login and manually run the command. Showing the configured DNS servers is normally only available on the CLI or via WebUI.
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: get system dns
    parse:
        type: AWK
        file: get_system_dns.parser.1.awk

cross_vendor_dns_servers_comparison

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

/**
  *
  */
case class cross_vendor_dns_servers_comparison() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_dns_servers_comparison",
  ruleFriendlyName = "Clustered Devices: DNS servers used do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the DNS servers they are using are different.",
  severity = AlertSeverity.WARN,
  metricName = "dns-servers",
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same DNS servers used. Review the differences below.",
  baseRemediationText = "Review the DNS configuration on each device to ensure they match.")()