haughki
commented
6 years ago Here's another different source file with another, different equals false positive.
Closed haughki closed 6 years ago
haughki
commented
6 years ago Here's another different source file with another, different equals false positive.
haughki
commented
6 years ago I think this is a new one:
#Subject = CN=lab-CPVSXR7730-1_VSW,O=lab-CPMGMTR7730..9uifq5
/^Subject = / {
split($0, name_array, "=") <-- highlights the "="
epacke
commented
6 years ago Any ideas on how to solve it? Maybe using pattern for some unit tests is not good enough (we might have to do some additional logic that does not involve regex)?
haughki
commented
6 years ago I keep planning to work on this -- I will get to it. For now, here's another one:
#! META
name: nexus-show-password-strength-check
description: Nexus show password strength-check
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: "cisco"
os.name: "nxos"
#! COMMENTS
password-strength-status:
why: |
Cisco NX-OS has the built-in capability to optionally enforce strong password checking when a password is set or entered. This feature is enabled by default and will prevent the selection of a trivial or weak password by requiring the password to match the following criteria. It is Cisco Configuration best practise this feature to be enabled
how: |
This script logins into the Cisco Nexus switch using SSH and retrieves the output of the "show password strength-check " command. The output of this command shows the status of this feature.
without-indeni: |
It is not possible to poll this data through SNMP or Syslog.
can-with-snmp: false
can-with-syslog: false
#! REMOTE::SSH
show password strength-check
#! PARSER::AWK
BEGIN {
is_enabled = 0
}
#Password strength check enabled
#Password strength check not enabled
#Password strength check is disabled
#Password strength check is enabled
/Password strength check/ {
is_enabled = !(($0 ~ /not enabled/) || ($0 ~ /disabled/))
}
END {
tags["name"] = "Status"
writeDoubleMetricWithLiveConfig("password-strength-status", tags, "gauge", 300, is_enabled, "Password Strength Policy", "state", "name")
}Another FP:
name: ios-show-ip-interface-proxy description: IOS show ip interface (line|Proxy) type: monitoring monitoring_interval: 60 minute requires: vendor: "cisco" os.name: "ios"
proxy-arp-status: why: | Proxy arp increases the amount of ARP traffic on a network segment. In addtion, hosts need larger ARP tables in order to handle IP-to-MAC address mappings. finally, security can be undermined since a machine can claim to be another in order to intercept packets, an act called "spoofing. So, it is recommended by the vendor in most cases to disable the disable ip proxy arp. For more info review the next link: https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html how: | This script logs in to the Cisco IOS network device using SSH and retrieves the ip proxy arp status by using the "show ip interface | i line|Proxy" command. The output includes a complete report of the proxy arp status per interface. without-indeni: | The administrator would have to login to the device and use the "show ip interface | i line|Proxy" command to easily identify the interfaces where the ip proxy arp is enabled. can-with-snmp: false can-with-syslog: false
local-proxy-arp-status: why: | This feature is used to enable an interface-local proxying of ARP requests. Activation will make the router answer all ARP requests on configured subnet, even for clients that shouldn't normally need routing. Local proxy ARP requires that proxy ARP is active. Proxy arp increases the amount of ARP traffic on a network segment. In addtion, hosts need larger ARP tables in order to handle IP-to-MAC address mappings. finally, security can be undermined since a machine can claim to be another in order to intercept packets, an act called "spoofing. So, it is recommended by the vendor in most cases to disable the disable ip proxy arp. For more info review the next link: https://supportforums.cisco.com/t5/network-infrastructure-documents/local-proxy-arp/ta-p/3115944 how: | This script logs in to the Cisco IOS network device using SSH and retrieves the ip local proxy arp status by using the "show ip interface | i line|Proxy" command. The output includes a complete report of the local proxy arp status per interface. without-indeni: | The administrator would have to login to the device and use the "show ip interface | i line|Proxy" command to easily identify the interfaces where the ip local proxy arp is enabled. can-with-snmp: false can-with-syslog: false
show ip interface | i line|Proxy
BEGIN {
# Set stat "proxy_arp" and "local_proxy_arp" to "1" when needed
array_size = 0}
!/\s(Proxy ARP |Local Proxy )/{
# New interface, increase table size and store it
array_size++
# The interface name is in the first column
interface_table[array_size, "interface"] = $1
# Set default flag values (proxy_arp & local_proxy_arp) to 0
interface_table[array_size, "proxy_arp"] = 0
interface_table[array_size, "local_proxy_arp"] = 0}
/\s(Proxy ARP |Local Proxy )/ {
# Identify if the flag is "proxy_arp" or "local_proxy_arp"
if ($1 == "Proxy") {
interface_table[array_size, "proxy_arp"] = ($NF == "enabled")
} else if ($1 == "Local") {
interface_table[array_size, "local_proxy_arp"] = ($NF == "enabled")
}}
END {
# For each row/interface publish two metrics.
for (i = 1; i < array_size + 1; i++) {
tags_to_publish["name"] = interface_table[i, "interface"]
writeDoubleMetric("proxy-arp-status", tags_to_publish, "gauge", 60, interface_table[i, "proxy_arp"])
writeDoubleMetric("local-proxy-arp-status", tags_to_publish, "gauge", 60, interface_table[i, "local_proxy_arp"])
}}
haughki
commented
6 years ago See commit messages
copy paste into the code quality app:
error_example.ind.txt