DescriptionIndeni will check if a device has the HTTP service enabled. HTTP is not encrypted and is therefore a security risk.
Remediation StepsDisable the HTTP server on the device.
1. Disable the HTTP server on the device. You can do so by using the "no feature http-server" configuration command.
2. You can verify that HTTP has been disabled by using the "show http-server" command.
How does this work?This script logs into the Cisco Nexus switch using SSH and retrieves the current state of the telnet server by using the "show http-server" command.
Why is this important?Capture whether the HTTP server is enabled on the device. HTTP sends information, including passwords, in clear text. It is highly recommeneded that it is disabled. If the HTTP server is detected to be enabled an alert would be triggered.
Without Indeni how would you find this?The administrator will have to manually log in to the device and check if the HTTP server is enabled. It is also possible to detect TCP port 80 open by using a port-scanning software.
View Source Code