Checking mechanism
The openNetaudit uses a structure of Tests and Rules to verify configuration parameters in network devices. One test can have multiple rules associated to it, and a boolean logic is applied to verify if the test passes or fails, according to multiple parameters configured in json files, described in detail below.
Rules
Rules are structures that contains parameters to match against a device configuration.
Example:
{
"rule_name": "ftp_enabled",
"description": "Check if ftp service is enabled.",
"strings_match": ["ftp server enable"],
"match_same_line": 1,
"logic": "and",
"string_present": 0,
"exact_match": 0
}
rule_name: name of the rule. This name is called at the test structure.
description: descriptive matter.
strings_match: list of one or more strings to be matched in the device configuration.
match_same_line: use True (1) if the strings to be matched have to be in the same line of configuration, if not use False (0).
logic: if there are more than one strings_match, the logic AND/OR has to be used. If at least one string has to be present, use OR, but if all the strings have to be present, use AND. If the list has only one string, any logic can be choosen.
string_present: if the string has to be present in the configuration, use 'True' (1), but if the string has not to be present, use 'False' (0).
exact_match: when this is 'True', it is a strict mode of comparison, the entire line has to be equal to the string_match (even blank spaces!). If the string to be matched must be contained in the matched line, this value is set to 'False' (0).
Tests
Tests are structures that calls rules as components of checking parameters. A rule will return True of False during the execution of a Test. A Test can have one or more rules.
{
"test_name": "ftp",
"description": "Check if ftp service is enabled.",
"rules": ["ftp_enabled"],
"logic": "or",
"severity": 9.8,
"message_ok": "FTP is disabled.",
"message_nok": "FTP is enabled. Prefer using SCP.",
"solution": "undo ftp enable"
}
test_name: name of the test.
description: descriptive matter.
rules: List of rules to be executed. During the execution of each rule, a True or False value is returned.
logic: If at least one rule must return True, use OR, but it all the rules must return True, use AND. If the list has only one rule, any logic can be choosen.
severity: Severity level. Recommended to use the standard CVSS code.
message_ok: The message displayed when the test passes.
message_nok: The message displayed when the test fails.
solution: If the test fails, it displays the command line to resolve the problem.