SNMPv2c/v1 used-juniper-junos

SNMPv2c/v1 used-juniper-junos
0

SNMPv2c/v1 used-juniper-junos

Vendor: juniper

OS: junos

Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.

Remediation Steps:
Configure SNMPv3 instead.

How does this work?
This script retrieves how the snmp is configured on the SRX device by running the command “show configuration snmp” via SSH connection to a device.

Why is this important?
The SRX device can be configured to allow snmp query or set, and also send traps to trap receivers.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show configuration snmp” to collect the same information.

junos-show-configuration-snmp

name: junos-show-configuration-snmp
description: JUNOS SRX retrieving snmp configuration information
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    snmp-enabled:
        skip-documentation: true
    snmp-version:
        skip-documentation: true
    snmp-location:
        skip-documentation: true
    snmp-communities:
        skip-documentation: true
    snmp-traps-status:
        skip-documentation: true
    snmp-traps-receiver:
        skip-documentation: true
    snmp-users:
        skip-documentation: true
    unencrypted-snmp-configured:
        skip-documentation: true
        why: |
            The SRX device can be configured to allow snmp query or set, and also send traps to trap receivers.
        how: |
            This script retrieves how the snmp is configured on the SRX device by running the command "show configuration snmp" via SSH connection to a device.
        without-indeni: |
            An administrator could log on to the device to run the command "show configuration snmp" to collect the same information.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: The commamnd line is available to retrieve this
            information
steps:
-   run:
        type: SSH
        command: show configuration snmp | display set
    parse:
        type: AWK
        file: show-configuration-snmp.parser.1.awk

cross_vendor_snmp_v2

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_snmp_v2() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_snmp_v2",
  ruleFriendlyName = "All Devices: SNMPv2c/v1 used",
  ruleDescription = "As SNMPv2 is not very secure, Indeni will alert if it is used.",
  severity = AlertSeverity.WARN,
  metricName = "unencrypted-snmp-configured",
  alertDescription = "Older versions of SNMP do not use encryption. This could potentially allow an attacker to obtain valuable information about the infrastructure.",
  baseRemediationText = "Configure SNMPv3 instead.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("unencrypted-snmp-configured").asSingle().mostRecent().value().noneable)
)(RemediationStepCondition.VENDOR_F5 -> "Review https://support.f5.com/csp/article/K13625")