2023-03-16 17:34:50 +00:00
|
|
|
|
id: password-protected-consolemenu
|
|
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
|
name: Configure Password Protected on Console Menu
|
|
|
|
|
|
author: pussycat0x
|
|
|
|
|
|
severity: info
|
|
|
|
|
|
description: |
|
|
|
|
|
|
An unattended computer with an open Console Menu session to the device could allow an unauthorized user access to the firewall’s management.
|
|
|
|
|
|
reference: |
|
|
|
|
|
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
2023-03-22 19:15:33 +00:00
|
|
|
|
metadata:
|
|
|
|
|
|
verified: true
|
2023-03-16 17:34:50 +00:00
|
|
|
|
tags: firewall,config,audit,pfsense,file
|
|
|
|
|
|
|
|
|
|
|
|
file:
|
|
|
|
|
|
- extensions:
|
|
|
|
|
|
- xml
|
|
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
|
matchers:
|
|
|
|
|
|
- type: word
|
|
|
|
|
|
words:
|
|
|
|
|
|
- "<disableconsolemenu>"
|
|
|
|
|
|
- "<disableconsolemenu>1</disableconsolemenu>"
|
|
|
|
|
|
condition: or
|
|
|
|
|
|
negative: true
|
|
|
|
|
|
|
|
|
|
|
|
- type: word
|
|
|
|
|
|
words:
|
2023-03-22 19:01:22 +00:00
|
|
|
|
- "<pfsense>"
|
2023-03-16 17:34:50 +00:00
|
|
|
|
- "<webgui>"
|
2023-03-22 19:15:33 +00:00
|
|
|
|
- "<system>"
|
|
|
|
|
|
condition: and
|
