NTP servers configured do not match requirement-cisco-asa

NTP servers configured do not match requirement-cisco-asa
0

NTP servers configured do not match requirement-cisco-asa

Vendor: cisco

OS: asa

Description:
Indeni can verify that certain NTP servers are configured on a specific device.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
This script login into the ASA using SSH and retrieves the NTP servers configuration status information using the output of the “show ntp associations” command. The output includes the list of the device’s NTP configured servers.

Why is this important?
This metric shows the list of the configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port and IP address is allowed through the firewalls on your network. Check the link below for more information about NTP config in Cisco ASA: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_hostname_pw.html

Without Indeni how would you find this?
An administrator would need to login into the device and use the “show ntp associations” command to identify if the NTP servers are configured.

cisco-asa-ntp-servers

name: cisco-asa-ntp-servers
description: ASA ntp configured servers
type: monitoring
monitoring_interval: 59 minutes
requires:
    vendor: cisco
    os.name: asa
comments:
  ntp-servers:
    why: |
        This metric shows the list of the configured NTP servers. NTP servers are used to sync the time across all
        hosts and network devices. This is critical for things such as event correlation and logging. Use Network Time
        Protocol (NTP) to set the date and time if possible. However, it is important to ensure the NTP UDP port and IP address is
        allowed through the firewalls on your network.
        Check the link below for more information about NTP config in Cisco ASA:
        https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_hostname_pw.html
    how: |
        This script login into the ASA using SSH and retrieves the NTP servers configuration status information
        using the output of the "show ntp associations" command. The output includes the list of the device's NTP configured servers.
    without-indeni: |
        An administrator would need to login into the device and use the "show ntp associations" command to identify if
        the NTP servers are configured.
    can-with-snmp: false
    can-with-syslog: false
steps:
-   run:
      type: SSH
      command: show ntp associations
    parse:
      type: AWK
      file: asa-ntp-servers.parser.1.awk

crossvendor_compliance_check_ntp_servers

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_ntp_servers() extends MultiSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_ntp_servers",
  ruleFriendlyName = "Compliance Check: NTP servers configured do not match requirement",
  ruleDescription = "Indeni can verify that certain NTP servers are configured on a specific device.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  itemKey = "ipaddress",
  alertDescription = "The list of NTP servers configured on this device does not match the requirement. Please review the list below.",
  baseRemediationText = "Update the configuration of the device to match the requirement.",
  requiredItemsParameterName = "NTP Servers",
  requiredItemsParameterDescription = "Enter the NTP servers required, each one on its own line."
)()