Debug mode enabled for F5

Vendor

F5

Description

Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.

Remediation Steps

Turn off the debug as soon as possible.

Follow the applicable remediation steps. mcpd-force-reload: Delete the file /service/mcpd/forceload (https://support.f5.com/csp/article/K13030), tm.rstcause.log: https://support.f5.com/csp/article/K13223, tm.rstcause.pkt: https://support.f5.com/csp/article/K13223

How does this work?

This alert logs into the F5 unit via iControl REST and retrieves the status of the tm.rstcause.pkt flag.

Why is this important?

This alert logs into the F5 unit via iControl REST and retrieves the status of the tm.rstcause.pkt flag.

Without Indeni how would you find this?

An administrator would be able to see if the flag is on by logging into the device through SSH, entering TMSH and issuing the command "list sys db tm.rstcause.pkt".


View Source Code