37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
id: configure-dns-server
|
|
|
|
info:
|
|
name: DNS Server Not Implemented - Detect
|
|
author: pussycat0x
|
|
severity: info
|
|
description: |
|
|
DNS is recommended to be configured over TLS. This prevents intermediate parties and potential attackers from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers.
|
|
reference: |
|
|
https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
|
cvss-score: 0
|
|
cwe-id: CWE-200
|
|
metadata:
|
|
verified: true
|
|
tags: firewall,config,audit,pfsense,file
|
|
|
|
file:
|
|
- extensions:
|
|
- xml
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<dnsserver>"
|
|
negative: true
|
|
|
|
- type: word
|
|
words:
|
|
- "<pfsense>"
|
|
- "<system>"
|
|
condition: and
|
|
|
|
# Enhanced by md on 2023/05/04
|
|
# digest: 4a0a00473045022033cb74c6b00552467f5bc077d514ea4991e3a3222666f07b004e0d7bd978098f022100a10c92466915077df2b21b37b18aabc5d0122bb34af9bec017432af9736b0238:922c64590222798bb761d5b6d8e72950 |