FortiGate config-audit (#4275)
* Add files via upload * Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] 🤖 * Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] 🤖 * moving templates into jolokia directory * duplicate of jolokia-unauthenticated-lfi * merged similar templates into one with updated matchers * Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] 🤖 * Delete .new-additions * Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] 🤖 * conflict update * Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] 🤖 * Auto Generated New Template Addition List [Wed Mar 23 10:26:51 UTC 2022] 🤖 * Add files via upload * Auto Generated New Template Addition List [Thu Apr 28 11:25:25 UTC 2022] 🤖 * Auto Generated CVE annotations [Thu Apr 28 11:25:55 UTC 2022] 🤖 * Update and rename sucuri-webs-firewall-default-page-detect.yaml to sucuri-notconfigured-page-detect.yaml * Auto Generated New Template Addition List [Thu Apr 28 20:25:56 UTC 2022] 🤖 * mise update * Create config-audit * Delete config-audit * Add files via upload * matcher fixes / ext update / typos update Co-authored-by: GitHub Action <action@github.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>patch-1
parent
72f42be11f
commit
a8f5c98f2c
|
@ -1,26 +0,0 @@
|
|||
cves/2021/CVE-2021-25111.yaml
|
||||
cves/2021/CVE-2021-25118.yaml
|
||||
cves/2021/CVE-2021-36356.yaml
|
||||
cves/2021/CVE-2021-39312.yaml
|
||||
cves/2022/CVE-2022-0165.yaml
|
||||
cves/2022/CVE-2022-0201.yaml
|
||||
cves/2022/CVE-2022-0288.yaml
|
||||
cves/2022/CVE-2022-0422.yaml
|
||||
cves/2022/CVE-2022-0540.yaml
|
||||
cves/2022/CVE-2022-0543.yaml
|
||||
cves/2022/CVE-2022-0591.yaml
|
||||
cves/2022/CVE-2022-1439.yaml
|
||||
cves/2022/CVE-2022-26352.yaml
|
||||
cves/2022/CVE-2022-26564.yaml
|
||||
exposed-panels/bigip-rest-panel.yaml
|
||||
exposed-panels/cyberoam-ssl-vpn-panel.yaml
|
||||
exposed-panels/oracle-containers-panel.yaml
|
||||
exposed-panels/oracle-enterprise-manager-login.yaml
|
||||
exposed-panels/ruijie/rg-uac-panel.yaml
|
||||
exposed-panels/supermicro-bmc-panel.yaml
|
||||
exposed-panels/xoops/xoops-installation-wizard.yaml
|
||||
exposed-panels/zoneminder-login.yaml
|
||||
exposures/files/desktop-ini-exposure.yaml
|
||||
technologies/sucuri-firewall.yaml
|
||||
vulnerabilities/ruijie/ruijie-password-leak.yaml
|
||||
vulnerabilities/wordpress/health-check-lfi.yaml
|
|
@ -7,12 +7,11 @@ info:
|
|||
description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
|
||||
reference:
|
||||
- https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
|
||||
tags: cve,cve2021,avalanche,traversal
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.50
|
||||
cve-id: CVE-2021-30497
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2021,avalanche,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
id: auto-usb-install
|
||||
|
||||
info:
|
||||
name: Auto USB Installation Enabled
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: If USB installation is not disabled, an attacker with physical access to a FortiGate could load a new configuration or firmware using the USB port.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set auto-install-config disable"
|
||||
- "set auto-install-image disable"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,28 @@
|
|||
id: heuristic-scan
|
||||
|
||||
info:
|
||||
name: Heuristic scanning is not configured
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message will be forwarded to the recipient. Blocked files are quarantined if quarantine is enabled.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "config antivirus heuristic"
|
||||
- "set mode block"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: inactivity-timeout
|
||||
|
||||
info:
|
||||
name: Inactivity Timeout Not Implemented
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set admin-console-timeout"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: maintainer-account
|
||||
|
||||
info:
|
||||
name: Maintainer Account Not Implemented
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: If the FortiGate is compromised and Password is not recoverable. A maintainer account can be used by an administrator with physical access to log into CLI..
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set admin-maintainer"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: password-policy
|
||||
|
||||
info:
|
||||
name: Password Policy not Set
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: The Administrative Password Policy is not set. Use the password policy feature to ensure all administrators use secure passwords that meet your organization's requirements.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "config system password-policy"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: remote-auth-timeout
|
||||
|
||||
info:
|
||||
name: Remote Authentication timeout not set
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set remoteauthtimeout"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: scp-admin
|
||||
|
||||
info:
|
||||
name: Admin-SCP Disabled
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Disable SCP by default. Enabling SCP allows downloading the configuration file from the FortiGate as an alternative method of backing up the configuration file.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set admin-scp enable"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
|
@ -0,0 +1,27 @@
|
|||
id: strong-ciphers
|
||||
|
||||
info:
|
||||
name: HTTPS/SSH Strong Ciphers Not Enabled
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
|
||||
reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
|
||||
tags: fortigate,config,audit,firewall
|
||||
|
||||
file:
|
||||
- extensions:
|
||||
- conf
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "set strong-crypto enable"
|
||||
negative: true
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- "config system"
|
||||
- "config router"
|
||||
- "config firewall"
|
||||
condition: or
|
Loading…
Reference in New Issue