Telnet is enabled on the device-fortinet-FortiOS

Telnet is enabled on the device-fortinet-FortiOS
0

Telnet is enabled on the device-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.

Remediation Steps:
Disable Telnet on the device.
|
|1. Login via ssh to the Fortinet firewall and run the FortiOS command “show system interface”. The command output lists all the interfaces and if the telnet protocol is enabled.
|2. It is highly recommended to enable the secure SSH instead of Telnet protocol on the network interface associated with the physical network ports. You can achieve this with the next commands:
|config system interface
|edit <interface_str>
|set allowaccess <protocols_list e.g. ssh>
|3. To confirm the configuration, enter the command to display the network interface’s settings “show system interface <interface_str>”
|4. Detailed information and configuration guide can be found here: https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-getting-started/using-the-CLI/enabling-access-to-CLI.htm

How does this work?
This script is connected remotely to the Fortigate using SSH and retrieves the current state of the telnet service with the “show system interface | grep telnet” FortiOS command.

Why is this important?
Capture whether or not Telnet is enabled on the device. Telnet sends information, including passwords, in clear text. It is highly recommeneded that it is disabled. If Indeni finds that Telnet is enabled on an interface, an alert will be triggered. More information can be found here: https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-getting-started/using-the-CLI/enabling-access-to-CLI.htm

Without Indeni how would you find this?
The administrator will have to manually to login to the device and check if Telnet is enabled. It is also possible to detect if TCP port 23 is open by using a port-scanning software like nmap.

fortios-show-system-status-telnet

name: fortios-show-system-status-telnet
description: FortiGate Telnet status
type: monitoring
monitoring_interval: 59 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    telnet-enabled:
        why: |
            Capture whether or not Telnet is enabled on the device. Telnet sends information, including passwords, in clear text. It is highly recommeneded that it is disabled. If Indeni finds that Telnet is enabled on an interface, an alert will be triggered. More information can be found here: https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-getting-started/using-the-CLI/enabling-access-to-CLI.htm
        how: |
            This script is connected remotely to the Fortigate using SSH and retrieves the current state of the telnet service with the "show system interface | grep telnet" FortiOS command.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show system interface | grep telnet
    parse:
        type: AWK
        file: show_system_telnet.parser.1.awk

cross_vendor_telnet_enabled

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_telnet_enabled.scala