Pfsense -audit

file/audit/pfsense/configure-dns-server.yaml

@@ -0,0 +1,26 @@
+id: configure-dns-server
+
+info:
+  name: Configure DNS Server
+  author: pussycat0x
+  severity: info
+  description: |
+     The purpose DNs server is to perform the resolution of system hostnames to Internet Protocol (IP) addresses.
+  reference: |
+    https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
+  tags: firewall,config,audit,pfsense,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<dnsserver>"
+        negative: true
+
+      - type: word
+        words:
+          - "<system>"

file/audit/pfsense/configure-session-timeout.yaml

@@ -0,0 +1,29 @@
+id: configure-session-timeout
+
+info:
+  name: Configure Sessions Timeout
+  author: pussycat0x
+  severity: info
+  description: |
+    Indefinite or even long session timeout window increase the risk of attackers abusing abandoned sessions.
+  reference: |
+    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
+  tags: firewall,config,audit,pfsense,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<session_timeout>"
+          - "<session_timeout>0</session_timeout>"
+        condition: or
+        negative: true
+
+      - type: word
+        words:
+          - "<webgui>"
+          - "<system>"

file/audit/pfsense/enable-https-protocol.yaml

@@ -0,0 +1,28 @@
+id: enable-https-protocol
+
+info:
+  name: Enable HTTPS on Web Management
+  author: pussycat0x
+  severity: info
+  description: |
+    Web Admin Management Portal should only be accessed using HTTPS Protocol.HTTP transmits all data (including passwords) in clear text over the network and
+    provides no assurance of the identity of the hosts involved.
+  reference: |
+    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
+  tags: firewall,config,audit,pfsense,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<webgui>"
+          - "<protocol>https</protocol>"
+        negative: true
+
+      - type: word
+        words:
+          - "<system>"

file/audit/pfsense/password-protected-consolemenu.yaml

@@ -0,0 +1,29 @@
+id: password-protected-consolemenu
+
+info:
+  name: Configure Password Protected on Console Menu
+  author: pussycat0x
+  severity: info
+  description: |
+    An unattended computer with an open Console Menu session to the device could allow an unauthorized user access to the firewall’s management.
+  reference: |
+    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
+  tags: firewall,config,audit,pfsense,file
+
+file:
+  - extensions:
+      - xml
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<disableconsolemenu>"
+          - "<disableconsolemenu>1</disableconsolemenu>"
+        condition: or
+        negative: true
+
+      - type: word
+        words:
+          - "<webgui>"
+          - "<system>"