Login banner mismatch across cluster members-juniper-junos

error
high-availability
junos
juniper
Login banner mismatch across cluster members-juniper-junos
0

#1

Login banner mismatch across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the login banner setting is different.

Remediation Steps:
Review the settings of each device in the cluster and ensure they are the same.

How does this work?
This script retrieves the login banner by running the command “show configuration system login message” command via SSH connection the the device.

Why is this important?
The login banner is used to warn any illegal login attempt.

Without Indeni how would you find this?
An administrator can log in the device to run the same command to retrieve this information.

junos-show-configuration-login-message

#! META
name: junos-show-configuration-login-message
description: JUNOS show the login message in the configuration
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos

#! COMMENTS
login-banner:
    why: |
        The login banner is used to warn any illegal login attempt.
    how: |
        This script retrieves the login banner by running the command "show configuration system login message" command via SSH connection the the device.
    without-indeni: |
        An administrator can log in the device to run the same command to retrieve this information.
    can-with-snmp: false 
    can-with-syslog: false

#! REMOTE::SSH
show configuration system login message 

#! PARSER::AWK
/^(message ")/ {
    message = trim($0)
    sub(/^(message )/, "", message)
    sub(/;$/, "", message)
}

END {
  gsub(/["]/, "", message)
  writeComplexMetricString("login-banner", null, message)
}

cross_vendor_compare_login_banner

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}


/**
  *
  */
case class cross_vendor_compare_login_banner(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "cross_vendor_compare_login_banner",
  ruleFriendlyName = "Clustered Devices: Login banner mismatch across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the login banner setting is different.",
  metricName = "login-banner",
  isArray = false,
  alertDescription = "The members of a cluster of devices must have the same login banner settings.",
  baseRemediationText = "Review the settings of each device in the cluster and ensure they are the same.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Use the "show banner mtod" command to display the configured MOTD banner.
      |2. Review the output of each device in the cluster and ensure that are same across the cluster.
      |3. For more information please review  the following CISCO Configuration guide:
      |https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/banner-motd.html""".stripMargin
)