No NTP servers configured-fortinet-FortiOS

No NTP servers configured-fortinet-FortiOS
0

No NTP servers configured-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.

Remediation Steps:
Configure one or more NTP servers to be used by this device for clock synchronization.

  |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
  |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
  |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
  |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
  |5. Make sure NTP authentication keys match on both ends. Review the next link for more information: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
  |6. More NTP configuration information can be found at http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.

How does this work?
This script logs into the FortiGate using SSH and retrieves the NTP servers configuration status information using the output of the “diagnose sys ntp status” command. The output includes the device’s servers configuration status as well as information about the NTP configured parameters.

Why is this important?
This metric shows if at least a NTP server is configured. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is allowed through the firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the link below for more information about NTP config in FortiOS: http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266

Without Indeni how would you find this?
An administrator would need to log into the device and use the “diagnose sys ntp status” command to identify if the NTP servers are reachable from the device.

fortios-diagnose-sys-ntp-status

name: fortios-diagnose-sys-ntp-status
description: FortiGate Diagnose ntp status
type: monitoring
monitoring_interval: 20 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    ntp-is-synchronized:
        why: |
            It checks if the device is sync via NTP. NTP servers are used to sync the time across all hosts and network
            devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to
            set the date and time if possible.  However, it is important to ensure the NTP UDP port is allowed through the
            firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the link below for
            more information about NTP config in FortiOS:
            http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
        how: |
            This script logs into the FortiGate using SSH and retrieves the NTP sync status information using the output of
            the "diagnose sys ntp status" command. The output includes the device's ntp sync status as well as information
            about all the NTP configured parameters.
        without-indeni: |
            An administrator would need to log into the device and use the "diagnose sys ntp status" command to identify if
            NTP is synchronized.
        can-with-snmp: false
        can-with-syslog: false
    ntp-sync-is-enabled:
        why: |
            This metric monitors if the use of NTP is enabled. NTP servers are used to sync the time across all hosts and
            network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol
            (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is allowed
            through the firewalls on your network. FortiToken synchronization requires NTP in many situations. Check the
            link below for more information about NTP config in FortiOS:
            http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
        how: |
            This script logs into the FortiGate using SSH and retrieves the NTP sync status information using the output of
            the "diagnose sys ntp status" command. The output includes the device's ntp sync status as well as information
            about the NTP configured parameters.
        without-indeni: |
            An administrator would need to log into the device and use the "diagnose sys ntp status" command to identify if
            the NTP is enabled.
        can-with-snmp: false
        can-with-syslog: false
    ntp-server-mode:
        why: |
            This metric shows if the device is used as NTP server. This is applicable starting with FortiOS 5.0. NTP
            servers are used to sync the time across all hosts and network devices. This is critical for things such as
            event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible.  However,
            it is important to ensure the NTP UDP port is allowed through the firewalls on your network. FortiToken
            synchronization requires NTP in many situations. Check the link below for more information about NTP config in
            FortiOS: http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
        how: |
            This script logs into the FortiGate using SSH and retrieves the NTP server status information using the output
            of the "diagnose sys ntp status" command. The output includes the device's server status as well as information
            about the NTP configured parameters.
        without-indeni: |
            An administrator would need to log into the device and use the "diagnose sys ntp status" command to identify if
            the device is configured as NTP server.
        can-with-snmp: false
        can-with-syslog: false
    ntp-server-state:
        why: |
            This metric shows if the NTP servers used by the FortiGate are reachable. NTP servers are used to sync the
            time across all hosts and network devices. This is critical for things such as event correlation and logging.
            Use Network Time Protocol (NTP) to set the date and time if possible.  However, it is important to ensure the
            NTP UDP port is allowed through the firewalls on your network. FortiToken synchronization requires NTP in many
            situations. Check the link below for more information about NTP config in FortiOS:
            http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
        how: |
            This script logs into the FortiGate using SSH and retrieves the NTP servers readhabilty status information
            using the output of the "diagnose sys ntp status" command. The output includes the device's server reachability
            status as well as information about the NTP  configured  parameters.
        without-indeni: |
            An administrator would need to log into the device and use the "diagnose sys ntp status" command to identify if
            the NTP servers are reachable from the device.
        can-with-snmp: false
        can-with-syslog: false
    ntp-servers:
        why: |
            This metric shows if at least a NTP server is configured. NTP servers are used to sync the time across all
            hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time
            Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port is
            allowed through the firewalls on your network. FortiToken synchronization requires NTP in many situations.
            Check the link below for more information about NTP config in FortiOS:
            http://kb.fortinet.com/kb/documentLink.do?externalID=FD40266
        how: |
            This script logs into the FortiGate using SSH and retrieves the NTP servers configuration status information
            using the output of the "diagnose sys ntp status" command. The output includes the device's servers
            configuration status as well as information about the NTP configured  parameters.
        without-indeni: |
            An administrator would need to log into the device and use the "diagnose sys ntp status" command to identify if
            the NTP servers are reachable from the device.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: diagnose sys ntp status
    parse:
        type: AWK
        file: diagnose_sys_ntp_status.parser.1.awk

cross_vendor_no_ntp_servers

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_no_ntp_servers() extends MultiSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_no_ntp_servers",
  ruleFriendlyName = "All Devices: No NTP servers configured",
  ruleDescription = "Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps. Indeni will alert when a device has no NTP servers configured.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  alertDescription = "This system does not have an NTP server configured. Many odd and complicated outages occur due to lack of clock synchronization between devices. In addition, logs may have the wrong time stamps.",
  baseRemediationText = "Configure one or more NTP servers to be used by this device for clock synchronization.",
  complexCondition = RuleEquals(RuleHelper.createEmptyComplexArrayConstantExpression(), SnapshotExpression("ntp-servers").asMulti().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_F5 -> "Log into the Web interface and navigate to System -> Configuration -> Device -> NTP. Add the desired NTP servers and click \"update\".",
  RemediationStepCondition.VENDOR_FORTINET ->
    """
      |1. Login via ssh to the Fortinet firewall and execute the FortiOS “execute time” and “execute date” commands to check the current date/time and the last date of NTP sync.
      |2. Login via ssh to the Fortinet firewall and execute the FortiOS “diagnose sys ntp status” to review the status of the NTP servers and configuration.
      |3. NTP uses UDP protocol (17) and port 123 to communicate between the client and the servers.  Make sure that the firewall rules allow these UDP ports and can route toward the NTP servers.
      |4. Login via ssh to the Fortinet firewall and execute the FortiOS debug commands “diag debug application ntpd -1” and “diag debug enable” and review the debug messages.
      |5. Make sure NTP authentication keys match on both ends. Review the next link for more information: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33783.
      |6. More NTP configuration information can be found at http://help.fortinet.com/cli/fos50hlp/56/Content/FortiOS/fortiOS-cli-ref-56/config/system/ntp.htm.""".stripMargin
)