topic Re: Commands for baseline security in General Topics

Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 11:26:12 GMT

Hello Guys,

I'm working on the firewall's security baseline using the algosec tool, where one of the requirements is to execute the commands below:

more $FWDIR/conf/objects.C | grep rlogin_max_auth_allowed

more $FWDIR/conf/objects.C | grep telnet_max_auth_allowed

As for the objects.C file was found, but not the part of "rlogin_max_auth_allowed" and telnet_max_auth_allowed

Do you know where to find these parameters?

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 11:45:18 GMT

You are looking in the wrong file. Use $FWDIR/conf/objects_5_0.C

Also, correct me if I am wrong, but this guidance is for R77 and below. What version of Check Point are you running?

Re: Commands for baseline security

G_W_Albrecht — Wed, 12 Jan 2022 11:53:45 GMT

Nice to get output, but what is the reason? On a firewall module R80.40 i get:

:comments ("Remote login (rlogin)")

On R81.10 SMS:

[Expert@SMS8110:0]# more $FWDIR/conf/objects.C | grep rlogin

:rlogin_transparent_server_connection (true)

:rlogin_max_auth_allowed (3)

:rlogin_msg ()

:rlogin_use_fwnetso (true)

[Expert@SMS8110:0]# more $FWDIR/conf/objects.C | grep telnet

:telnet_transparent_server_connection (true)

: (FW1_clntauth_telnet

: (telnet

: FW1_clntauth_telnet

: telnet

:handler (telnet_env_cmd_block)

: (solaris_telnet

:protocol_name (solaris_telnet)

:handler (solaris_telnet_block_code)

:handler (telnet_reflection_code)

:telnet_use_fwnetso (true)

:telnet_msg ()

:telnet_max_auth_allowed (3)

Re: Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 11:59:11 GMT

Exactly, algosec asks to check this objects_5_0.C file but it doesn't exist, I think.

The files found were:
objects.C and objects.C_41

My firewall version is R80.30

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 12:01:52 GMT

Yes it does exist 🙂

Show us your "ls -la $FWDIR/conf/ grep object" output

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 12:02:28 GMT

Exactly, the guidance is for the MGMT side here

Re: Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 12:06:10 GMT

On my firewalll don't appear, look:

1-MGT:0]# more $FWDIR/conf/objects.C | grep telnet
: (FW1_clntauth_telnet
: FW1_clntauth_telnet
: (telnet
: telnet

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 12:27:54 GMT

Are you looking on the GW or management?

Re: Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 12:54:09 GMT

-rw-rw---- 1 admin root 0 Sep 23 2020 nku_from_gw
-rw-r----- 1 admin bin 519 May 12 2020 notify_cert_revocation_vsx.conf
-rw-r----- 1 admin bin 61245 May 12 2020 objects.C
-rw-r----- 1 admin bin 36876 May 12 2020 objects.C_41
-rw-r----- 1 admin bin 3 May 12 2020 observable_overrides.C
-rw-r----- 1 admin bin 10772 May 12 2020 osfingerprint.eng
-rw-r----- 1 admin bin 6885 May 12 2020 outbound_and_encrypted.W_vpnddcate
-rw-r----- 1 admin bin 148878 May 12 2020 parserTopicToSdTopicMappings.C

Re: Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 12:57:23 GMT

GW, because algosec collects the command data about the GWs.

Re: Commands for baseline security

G_W_Albrecht — Wed, 12 Jan 2022 12:59:39 GMT

Did you read my post ? GW only gives the output:

:comments ("Remote login (rlogin)")

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 13:00:31 GMT

You misread their guidance rules. Those GW parameters are defined on the MGMT server and not directly on those GWs

Re: Commands for baseline security

G_W_Albrecht — Wed, 12 Jan 2022 13:03:48 GMT

AFAIK, Algosec connects to the SMS using OPSEC and communicates using the Management API - but not with the GW...

Re: Commands for baseline security

G_W_Albrecht — Wed, 12 Jan 2022 14:28:11 GMT

It only exists on the SMS:

# more $FWDIR/conf/objects_5_0.C | grep rlogin_max_auth_allowed

:rlogin_max_auth_allowed (3)

Which AlgoSec product and version are you using, looks rather old from the details you mention...

Re: Commands for baseline security

Paulo_Feitosa — Wed, 12 Jan 2022 16:35:32 GMT

Folks,

In this case, where can I get this data in GW?

more $FWDIR/conf/objects_5_0.C | grep rlogin_max_auth_allowed

more $FWDIR/conf/objects_5_0.C | grep telnet_max_auth_allowed

Re: Commands for baseline security

_Val_ — Wed, 12 Jan 2022 17:11:05 GMT

I think we have answered this question three times already 🙂 These queries should be done on your management server and not on the GWs.