SNMP traps enabled settings do not match across cluster members-juniper-junos

SNMP traps enabled settings do not match across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.

Remediation Steps:
Ensure all of the SNMP settings are configured correctly on all cluster members.
|1. On the device command line interface execute “show configuration snmp” command to review SNMP configuration.
|2. For security reasons, it is highly recommended to use SNMP version 3.
|3. Check if the community string is not set to "public

junos-show-configuration-snmp

name: junos-show-configuration-snmp
description: JUNOS SRX retrieving snmp configuration information
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    snmp-enabled:
        skip-documentation: true
    snmp-version:
        skip-documentation: true
    snmp-location:
        skip-documentation: true
    snmp-communities:
        skip-documentation: true
    snmp-traps-status:
        skip-documentation: true
    snmp-traps-receiver:
        skip-documentation: true
    snmp-users:
        skip-documentation: true
    unencrypted-snmp-configured:
        skip-documentation: true
        why: |
            The SRX device can be configured to allow snmp query or set, and also send traps to trap receivers.
        how: |
            This script retrieves how the snmp is configured on the SRX device by running the command "show configuration snmp" via SSH connection to a device.
        without-indeni: |
            An administrator could log on to the device to run the command "show configuration snmp" to collect the same information.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: The commamnd line is available to retrieve this
            information
steps:
-   run:
        type: SSH
        command: show configuration snmp | display set
    parse:
        type: AWK
        file: show-configuration-snmp.parser.1.awk

cross_vendor_snmp_traps_enabled_comparison

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class CrossVendorSnmpTrapsEnabledComparison() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_snmp_traps_enabled_comparison",
  ruleFriendlyName = "Clustered Devices: SNMP traps enabled settings do not match across cluster members",
  severity = AlertSeverity.INFO,
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.",
  metricName = "snmp-traps-status",
  isArray = true,
  alertDescription = "Devices that are part of a cluster should have the same SNMP configuration. Review the differences below.",
  baseRemediationText = "Ensure all of the SNMP settings are configured correctly on all cluster members.")(
  RemediationStepCondition.VENDOR_JUNIPER ->
    """|1. On the device command line interface execute "show configuration snmp" command to review SNMP configuration.
       |2. For security reasons, it is highly recommended to use SNMP version 3.
       |3. Check if the community string is not set to "public".  This is commonly used as a default for SNMP community string and presents a security vulnerability.
       |4. Review the following article on Juniper TechLibrary for more information: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/snmpv3-community-configuring-junos-nm.html">Configuring the SNMPv3 Community</a>.""".stripMargin
)