34 lines
840 B
YAML
34 lines
840 B
YAML
id: enable-https-protocol
|
|
|
|
info:
|
|
name: Enable HTTPS on Web Management
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
Web Admin Management Portal should only be accessed using HTTPS Protocol.HTTP transmits all data (including passwords) in clear text over the network and
|
|
provides no assurance of the identity of the hosts involved.
|
|
reference: |
|
|
https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
|
|
metadata:
|
|
verified: true
|
|
tags: firewall,config,audit,pfsense,file
|
|
|
|
file:
|
|
- extensions:
|
|
- xml
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<webgui>"
|
|
- "<protocol>https</protocol>"
|
|
condition: and
|
|
negative: true
|
|
|
|
- type: word
|
|
words:
|
|
- "<pfsense>"
|
|
- "<system>"
|
|
condition: and
|