Telnet is enabled on the device-checkpoint-gaia

Telnet is enabled on the device-checkpoint-gaia
0

Telnet is enabled on the device-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.

Remediation Steps:
Disable Telnet on the device.

How does this work?
If “telnet” is enabled on the device, it is recommanded to disable it and enable “ssh” to remediate the security risks.

Why is this important?
The system service “telnet” should be disabled on the device for security reasons.

Without Indeni how would you find this?
An administrator could log on to the device to identify whether telnet is enabled.

chkp-gaia-telnet-enabled

name: chkp-gaia-telnet-enabled
description: Identify whether or not telnet is enabled
type: monitoring
monitoring_interval: 30 minute
requires:
    vendor: checkpoint
    os.name: gaia
comments:
    telnet-enabled:
        why: |
            The system service "telnet" should be disabled on the device for security reasons.
        how: |
            If "telnet" is enabled on the device, it is recommanded to disable it and enable "ssh" to remediate the security risks.
        without-indeni: |
            An administrator could log on to the device to identify whether telnet is enabled.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 grep telnet /config/active; ${nice-path} -n 15
            clish -c "show net-access telnet"
    parse:
        type: AWK
        file: gaia-telnet-enabled.parser.1.awk

cross_vendor_telnet_enabled

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_telnet_enabled() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_telnet_enabled",
  ruleFriendlyName = "All Devices: Telnet is enabled on the device",
  ruleDescription = "Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.",
  metricName = "telnet-enabled",
  alertDescription = "Telnet allows unencrypted control traffic to network devices. It transmits all data in clear text, including passwords and other potentially confidential information.",
  baseRemediationText = "Disable Telnet on the device.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("telnet-enabled").asSingle().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Disable Telnet by using the "no feature telnet" NX-OS configuration command.
      |2. Run the "show telnet server" to view the status of the telnet service.""".stripMargin,
    RemediationStepCondition.VENDOR_FORTINET ->
      """|
        |1. Login via ssh to the Fortinet firewall and run the FortiOS command “show system interface”. The command output lists all the interfaces and if the telnet protocol is enabled.  
        |2. It is highly recommended to enable the secure SSH instead of Telnet protocol on the network interface associated with the physical network ports. You can achieve this with the next commands:
        |config system interface
        |edit <interface_str>
        |set allowaccess <protocols_list e.g. ssh>
        |3. To confirm the configuration, enter the command to display the network interface’s settings “show system interface <interface_str>”
        |4.  Detailed information and configuration guide can be found here: https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-getting-started/using-the-CLI/enabling-access-to-CLI.htm
      """.stripMargin
)