SNMPv2c/v1 used-checkpoint-secureplatform
Vendor: checkpoint
OS: secureplatform
Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.
Remediation Steps:
Configure SNMPv3 instead.
How does this work?
Parse the /etc/snmp/snmpd.conf file and retreive the currently configuration for SNMP.
Why is this important?
If SNMP is not using encryption to retrieve data from devices, the data could be intercepted. Authentication data such as passwords used to login and get the data could also be compromised.
Without Indeni how would you find this?
An administrator could log in and manually run the command.
chkp-secureplatform-snmpd-conf
name: chkp-secureplatform-snmpd-conf
description: displays SNMP information
type: monitoring
monitoring_interval: 60 minute
requires:
vendor: checkpoint
os.name: secureplatform
comments:
snmp-enabled:
why: |
To ensure the snmp is enbaled for the gateway
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-version:
why: |
To check the snmp-version to check if all the SNMP features are applicable
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-contact:
why: |
If the wrong contact is specified in the SNMP settings, the network monitoring team might not have the information they need to notify the administrator when needed.
how: |
Parse the /etc/snmp/snmpd.conf file and retreive the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-location:
why: |
The SNMP location should be set correctly, since it gives the administrator a fast and easy way to determine where the device is located.
how: |
Parse the /etc/snmp/snmpd.conf file and retreive the currently configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-communities:
why: |
If the default SNMP communities are configured, like "public" or "private" it could allow unauthorized clients to poll the device.
how: |
Parse the /etc/snmp/snmpd.conf file and retreive the currently configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
unencrypted-snmp-configured:
why: |
If SNMP is not using encryption to retrieve data from devices, the data could be intercepted. Authentication data such as passwords used to login and get the data could also be compromised.
how: |
Parse the /etc/snmp/snmpd.conf file and retreive the currently configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 snmp service stat && cat /etc/snmp/snmpd.conf
parse:
type: AWK
file: snmpd-conf.parser.1.awk
cross_vendor_snmp_v2
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_snmp_v2.scala