Telnet is enabled on the device-juniper-junos

Telnet is enabled on the device-juniper-junos
0

Telnet is enabled on the device-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.

Remediation Steps:
Disable Telnet on the device.

junos-show-configuration-system-services

name: junos-show-configuration-system-services
description: identify whether telnet and http services are enabled
type: monitoring
monitoring_interval: 10 minute
requires:
    vendor: juniper
    os.name: junos
comments:
    telnet-enabled: null
    http-server-enabled:
        why: |
            The system services "telnet" and "http" are not recommanded to enable on the device for security reasons.
        how: |
            If "telnet" and "http" are enabled on the device, it is recommanded to disable them and enable "ssh" and "https" instead to remediate the security risks.
        without-indeni: |
            An administrator could log on to the device to identify whether telnet and http are enabled.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show configuration system services | display set
    parse:
        type: AWK
        file: show-configuration-system-services.parser.1.awk

cross_vendor_telnet_enabled

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_telnet_enabled() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_telnet_enabled",
  ruleFriendlyName = "All Devices: Telnet is enabled on the device",
  ruleDescription = "Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.",
  metricName = "telnet-enabled",
  alertDescription = "Telnet allows unencrypted control traffic to network devices. It transmits all data in clear text, including passwords and other potentially confidential information.",
  baseRemediationText = "Disable Telnet on the device.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("telnet-enabled").asSingle().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Disable Telnet by using the "no feature telnet" NX-OS configuration command.
      |2. Run the "show telnet server" to view the status of the telnet service.""".stripMargin,
    RemediationStepCondition.VENDOR_FORTINET ->
      """|
        |1. Login via ssh to the Fortinet firewall and run the FortiOS command “show system interface”. The command output lists all the interfaces and if the telnet protocol is enabled.  
        |2. It is highly recommended to enable the secure SSH instead of Telnet protocol on the network interface associated with the physical network ports. You can achieve this with the next commands:
        |config system interface
        |edit <interface_str>
        |set allowaccess <protocols_list e.g. ssh>
        |3. To confirm the configuration, enter the command to display the network interface’s settings “show system interface <interface_str>”
        |4.  Detailed information and configuration guide can be found here: https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-getting-started/using-the-CLI/enabling-access-to-CLI.htm
      """.stripMargin
)