Tenable Research Release Highlights

Forum Discussion

bmcsulla's avatar
bmcsulla
4 years ago

New ZTE ROSNG Compliance Plugin and Audit Summary Customers...

New ZTE ROSNG Compliance Plugin and Audit

Summary

Customers can now measure compliance against ZTE ROSNG devices with new plugin ID 144328. This plugin retrieves target data with 'show' commands to evaluate actual values against a given audit policy.

Target Release Date

April 16, 2021

Additional Notes:

A Tenable Best Practice audit will be released along with the plugin. This audit checks for many common security items, such as: Telnet disabled, strong password requirements, anti-riot protection, acceptable encryption types, proxy arp configuration, and more.

Information about creating your own custom ZTE checks will be added to the Compliance documentation here in the coming days.

Example audit structure:

<check_type:"ZTE_ROSNG">

<custom_item>

  type            : CONFIG_CHECK

  description : "Verify SSH version 2 is enabled"

  section       : "ssh"

  item            : "ssh server version 2"

</custom_item>

<custom_item>

  type            : CONFIG_CHECK

  description : "Verify LLDP is enabled"

  context       : "lldp"

  item            : "lldp-(rx|tx) enable"

  max_occurrences : "2"

</custom_item>

</check_type>

The first example uses a new tag 'section'. When viewing ZTE device configuration, this will isolate any section between !<ssh> and !</ssh>. The second example uses 'context', which can be used to isolate any section that is space/tab delimited under its major heading.

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.

Tenable
ZTE

1 Reply

  • omerfaruk_ates's avatar
    omerfaruk_ates
    Connect Contributor
    2 years ago

    hello

    i want to share scan debug and audit file. when running CMD_EXEC "show running" there is no output. scaning device has more then 60 sec timeout.

    <custom_item>

     type : CMD_EXEC

     description : "1.2 Disable the FTP service."

     cmd     : "show running-config ftp all" //running no problem

     expect    : ".*"

    </custom_item>

    <custom_item>

     type : CONFIG_CHECK

     description : "1.2 Disable the FTP service."

     item    : "hostname .*" //there is no output

    </custom_item>

    <custom_item>

     type : CMD_EXEC

     description : "1.3 show run"

     cmd     : "show running-config" /there is no output

     expect    : ".*"

    </custom_item>

    **********************************************************************************

    debug output for ssh_get_info2. scaning device has more then 60 sec timeout.

    [2024-02-05 06:05:42] set_error(): Connection timed out (probably ok)

    [2024-02-05 06:05:42] session.sshrecv_until(): 60-second cmd_timeout reached

    [2024-02-05 06:05:42] set_error(): ios_shell_handler [channel 0]: Unable to return to command prompt after last command.

    [2024-02-05 06:05:42] set_error(): Command did not complete due to timeout or other error.

    [2024-02-05 06:05:42] session.run_shell_command(): The command "show running-config" did not complete due to timeout or error.

    Could this error be occurring because the "show running" command output is too large? Could it be that it cannot be completed because we cannot send the "terminal length 0" command?