0 Replies Latest reply: Jul 8, 2013 6:35 AM by njones RSS

NetApp Data ONTAP Best Practices Audit

njones

Synopsis:

 

NetApp Data ONTAP Best Practices audit

 

Description:

 

This audit file implements most of the recommendations provided by the Best Practices for Secure Configuration of Data ONTAP 7G available at http://www.netapp.com/us/media/tr-3649.pdf along with several of the subsystem configuration guides referenced within it.

 

The checks in this audit utilize the NetApp CONFIG_CHECK item as described in https://discussions.nessus.org/message/21395#21395.

Where applicable the Nessus checks in the audit file have been created such that local environmental values can be easily integrated. For example, the Best Practices guide recommends that SSH be limited only to known, trusted hosts. The included check allows for the user to customize this check to validate the correct values for the local environment. Below is an example of the included samples to assist in this customization:

 

# example expect
# expect    : "ssh.access[\\s\\t]+192.168.0.0/24"
expect        : "ssh.access[\\s\\t]+{SSH_ACCESS}"

 

Here is a screenshot of some sample results:

 

NetApp-BP-Summary.png

NetApp-BP-PASS.png

NetApp-BP-FAIL.png


Total Checks:

 

130+

 

Covered Settings:

 

- Installation & Configuration
- Secure Admin Access
- Review of Default Accounts
- Unnecessary Services
- Password Security
- Autologout
- Logging
- Network & IP Options
- Protocol Access Controls
- Additional Licensed Protocol Configuration

 

See Also:

 

The Best Practices for Secure Configuration of Data ONTAP 7G recommendation documents can be downloaded from http://www.netapp.com/us/media/tr-3649.pdf
Additional subsystem configuration guides and documentation is available in the NetApp Library at http://www.netapp.com/us/library/

 

Files Included:

 

NetApp_Data_ONTAP_Best_Practices.audit

Location:

 

Tenable Support Portal - under "Tenable Configuration Audits"