SNMPv2c/v1 used-f5-all

SNMPv2c/v1 used-f5-all
0

SNMPv2c/v1 used-f5-all

Vendor: f5

OS: all

Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.

Remediation Steps:
Configure SNMPv3 instead.

How does this work?
This alert uses the iControl REST interface to extract SNMP configuration.

Why is this important?
Version 1 and 2 of the SNMP protocol is unencrypted. This could potentially allow an attacker to obtain valuable information about the infrastructure.

Without Indeni how would you find this?
Login to the device’s web interface and click on “System” -> “SNMP” -> “Agent” -> " Access (v1, v2c)". This would show a list of configured access for SNMP version 1 and 2c.

f5-rest-mgmt-tm-sys-snmp-communities

name: f5-rest-mgmt-tm-sys-snmp-communities
description: Determine if any SNMP communities for SNMPv1 or SNMPv2 has been configured
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: f5
    product: load-balancer
    rest-api: 'true'
comments:
    unencrypted-snmp-configured:
        why: |
            Version 1 and 2 of the SNMP protocol is unencrypted. This could potentially allow an attacker to obtain valuable information about the infrastructure.
        how: |
            This alert uses the iControl REST interface to extract SNMP configuration.
        without-indeni: |
            Login to the device's web interface and click on "System" -> "SNMP" -> "Agent" -> " Access (v1, v2c)". This would show a list of configured access for SNMP version 1 and 2c.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /mgmt/tm/sys/snmp/communities
    parse:
        type: JSON
        file: rest-mgmt-tm-sys-snmp-communities.parser.1.json.yaml

cross_vendor_snmp_v2

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_snmp_v2() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_snmp_v2",
  ruleFriendlyName = "All Devices: SNMPv2c/v1 used",
  ruleDescription = "As SNMPv2 is not very secure, Indeni will alert if it is used.",
  severity = AlertSeverity.WARN,
  metricName = "unencrypted-snmp-configured",
  alertDescription = "Older versions of SNMP do not use encryption. This could potentially allow an attacker to obtain valuable information about the infrastructure.",
  baseRemediationText = "Configure SNMPv3 instead.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("unencrypted-snmp-configured").asSingle().mostRecent().value().noneable)
)(RemediationStepCondition.VENDOR_F5 -> "Review https://support.f5.com/csp/article/K13625")