Telnet is enabled on the device-juniper-junos

Telnet is enabled on the device-juniper-junos

Telnet is enabled on the device-juniper-junos

Vendor: juniper

OS: junos

Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.

Remediation Steps:
Disable Telnet on the device.


name: junos-show-configuration-system-services
description: identify whether telnet and http services are enabled
type: monitoring
monitoring_interval: 10 minute
    vendor: juniper junos
    telnet-enabled: null
        why: |
            The system services "telnet" and "http" are not recommanded to enable on the device for security reasons.
        how: |
            If "telnet" and "http" are enabled on the device, it is recommanded to disable them and enable "ssh" and "https" instead to remediate the security risks.
        without-indeni: |
            An administrator could log on to the device to identify whether telnet and http are enabled.
        can-with-snmp: false
        can-with-syslog: false
-   run:
        type: SSH
        command: show configuration system services | display set
        type: AWK
        file: show-configuration-system-services.parser.1.awk


// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

case class cross_vendor_telnet_enabled() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_telnet_enabled",
  ruleFriendlyName = "All Devices: Telnet is enabled on the device",
  ruleDescription = "Indeni will check if a device has Telnet enabled. Telnet is not encrypted and is therefore a security risk.",
  metricName = "telnet-enabled",
  alertDescription = "Telnet allows unencrypted control traffic to network devices. It transmits all data in clear text, including passwords and other potentially confidential information.",
  baseRemediationText = "Disable Telnet on the device.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("telnet-enabled").asSingle().mostRecent().value().noneable))(
  RemediationStepCondition.VENDOR_CISCO ->
      |1. Disable Telnet by using the "no feature telnet" NX-OS configuration command.
      |2. Run the "show telnet server" to view the status of the telnet service.""".stripMargin,
    RemediationStepCondition.VENDOR_FORTINET ->
        |1. Login via ssh to the Fortinet firewall and run the FortiOS command “show system interface”. The command output lists all the interfaces and if the telnet protocol is enabled.  
        |2. It is highly recommended to enable the secure SSH instead of Telnet protocol on the network interface associated with the physical network ports. You can achieve this with the next commands:
        |config system interface
        |edit <interface_str>
        |set allowaccess <protocols_list e.g. ssh>
        |3. To confirm the configuration, enter the command to display the network interface’s settings “show system interface <interface_str>”
        |4.  Detailed information and configuration guide can be found here: