Local administrators configured with no password profile.-paloaltonetworks-panos

Local administrators configured with no password profile.-paloaltonetworks-panos
0

Local administrators configured with no password profile.-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert if any of the local accounts does not have a password profile attached.

Remediation Steps:
It is ok to have two local Admin login accounts as a backup mechanism to access the management of the devices. Local accounts are recommended to have password profiles attached and help to keep the account active and up to date so that inactive ones gets expired naturally.

How does this work?
This alert uses the Palo Alto Networks API interface to parse through local admin accounts and alert the admin if any of the accounts is not meeting the requirements: password-complexity, password-profile, maximum two local accounts (authentication profile = none).

Why is this important?
Administrator accounts need to be controlled and provided the right and sufficient access to resources as necessary. Password profiles help to keep the account active and up to date so that inactive ones gets expired naturally.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Device” -> “Administrators”.

panos-local-account

name: panos-local-account
description: Ensure local accounts meet security requirements.
type: monitoring
monitoring_interval: 59 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
comments:
    local-admin-account:
        why: |
            Administrator accounts need to be controlled and provided the right and sufficient access to resources as necessary.
            Password profiles help to keep the account active and up to date so that inactive ones gets expired naturally.
        how: |
            This alert uses the Palo Alto Networks API interface to parse through local admin accounts and alert the admin if any of the accounts is not meeting the requirements: password-complexity, password-profile, maximum two local accounts (authentication profile = none).
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /api/?type=config&action=get&xpath=/config/mgt-config&key=${api-key}
    parse:
        type: XML
        file: panos-local-admin.parser.1.xml.yaml
-   run:
        type: HTTP
        command: /api/?type=config&action=get&xpath=/config/mgt-config/users/entry[@name='${admin_name}']&key=${api-key}
    parse:
        type: XML
        file: panos-local-admin.parser.2.xml.yaml

PanosLocalAdminRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanosLocalAdminRule.scala