SNMPv2c/v1 used-f5-all
Vendor: f5
OS: all
Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.
Remediation Steps:
Configure SNMPv3 instead.
How does this work?
This alert uses the iControl REST interface to extract SNMP configuration.
Why is this important?
Version 1 and 2 of the SNMP protocol is unencrypted. This could potentially allow an attacker to obtain valuable information about the infrastructure.
Without Indeni how would you find this?
Login to the device’s web interface and click on “System” -> “SNMP” -> “Agent” -> " Access (v1, v2c)". This would show a list of configured access for SNMP version 1 and 2c.
f5-rest-mgmt-tm-sys-snmp-communities
name: f5-rest-mgmt-tm-sys-snmp-communities
description: Determine if any SNMP communities for SNMPv1 or SNMPv2 has been configured
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: f5
product: load-balancer
rest-api: 'true'
comments:
unencrypted-snmp-configured:
why: |
Version 1 and 2 of the SNMP protocol is unencrypted. This could potentially allow an attacker to obtain valuable information about the infrastructure.
how: |
This alert uses the iControl REST interface to extract SNMP configuration.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: HTTP
command: /mgmt/tm/sys/snmp/communities
parse:
type: JSON
file: rest-mgmt-tm-sys-snmp-communities.parser.1.json.yaml
cross_vendor_snmp_v2
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_snmp_v2.scala