reorganized 3_interfaces folder (#71)

* removing ruleset files

* adding 3_interface rules and refs

* Revert "adding 3_interface rules and refs"

This reverts commit 6ec630d.

* added 3_interfaces rules and refs again

* added 4_protocols tests

* restrctured 3_interfaces folder

---------

Co-authored-by: mailsanjayhere <mailsanjayhere@gmail.com>

Author: netpicker

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_1_ensure_caller_id_is_set.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_3_1_1_ensure_caller_id_is_set',
+      platform=['juniper'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_1_ensure_caller_id_is_set(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_1_ensure_caller_id_is_set.ref

@@ -0,0 +1,18 @@
+.rule_3_1_1_ensure_caller_id_is_set
+
+Reference: Guide, Juniper Networks](http://www.juniper.net/techpubs/software/junos-
+security/junos-security95/junos-security-admin-guide/config-usb-modem-
+chapter.html#config-usb-modem-chapter)
+
+Remediation: If you have configured a dialer interface to accept incoming calls, you should restrict the
+allowable Caller ID by entering the following command under the [edit interfaces dln unit 0
+dialer-options] hierarchy (where n is the dialer interface number);
+
+
+
+[edit interfaces dln unit 0 dialer-options]
+user@host#set incoming-map caller <Approved CallerID Number>
+Up to 15 caller numbers may be configured on a dialer interface, repeat the command
+above for each number you wish to add.
+
+.

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_2_ensure_access_profile_is_set_to_use_chap.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_3_1_2_ensure_access_profile_is_set_to_use_chap',
+      platform=['juniper'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_2_ensure_access_profile_is_set_to_use_chap(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_2_ensure_access_profile_is_set_to_use_chap.ref

@@ -0,0 +1,21 @@
+.rule_3_1_2_ensure_access_profile_is_set_to_use_chap
+
+Reference: Guide, Juniper Networks
+
+Remediation: If you have configured a dialer interface to accept incoming calls, you should configure
+CHAPS authentication using the following commands from the indicated hierarchy (where
+n is the interface number);
+
+
+
+[edit access]
+user@host#set profile <profile name> client <username> chap-secret <password>
+
+user@host#top
+user@host#edit interface dl <n> unit 0
+
+[edit interfaces dl <n> unit 0]
+user@host#set ppp-options chap access-profile <profile name>
+Repeat the first command for each user that is required.
+
+.

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_3_forbid_dial_in_access.py

@@ -0,0 +1,10 @@
+from comfy.compliance import low
+
+
+@low(
+      name='rule_3_1_3_forbid_dial_in_access',
+      platform=['juniper'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_1_3_forbid_dial_in_access(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Junos/3_interfaces/3_1_dln_dialer_interfaces/rule_3_1_3_forbid_dial_in_access.ref

@@ -0,0 +1,18 @@
+.rule_3_1_3_forbid_dial_in_access
+
+Reference: Guide, Juniper Networks (http://www.juniper.net/techpubs/software/junos-
+security/junos-security95/junos-security-admin-guide/config-usb-modem-
+chapter.html#config-usb-modem-chapter)
+Requirement 8.3
+
+Remediation: If you have configured a dialer interface to accept incoming calls, you should disable it
+using the following commands from the [edit interfaces] hierarchy (where n indicates
+the interface number);
+[edit interfaces]
+user@host#delete interface dl <n>
+
+
+
+
+
+.

CIS/Junos/3_interfaces/3_2_family_inet_vrrp_group/rule_3_10_ensure_inbound_firewall_filter_is_set_for_loopback_interface.py

@@ -0,0 +1,10 @@
+from comfy.compliance import low
+
+
+@low(
+      name='rule_3_10_ensure_inbound_firewall_filter_is_set_for_loopback_interface',
+      platform=['juniper'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_10_ensure_inbound_firewall_filter_is_set_for_loopback_interface(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Junos/3_interfaces/3_2_family_inet_vrrp_group/rule_3_10_ensure_inbound_firewall_filter_is_set_for_loopback_interface.ref

@@ -0,0 +1,10 @@
+.rule_3_10_ensure_inbound_firewall_filter_is_set_for_loopback_interface
+
+Reference: Security Agency (NSA)
+
+Remediation: To apply a firewall filter to the loopback interface enter the following command from the
+[edit interfaces] hierarchy:
+[edit interfaces]
+user@host#set lo0 unit 0 family inet filter input <filter name>
+
+.

CIS/Junos/3_interfaces/3_2_family_inet_vrrp_group/rule_3_2_1_ensure_vrrp_authentication_key_is_set.py

@@ -0,0 +1,10 @@
+from comfy.compliance import low
+
+
+@low(
+      name='rule_3_2_1_ensure_vrrp_authentication_key_is_set',
+      platform=['juniper'],
+      commands=dict(chk_cmd='')
+)
+def rule_3_2_1_ensure_vrrp_authentication_key_is_set(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Junos/3_interfaces/3_2_family_inet_vrrp_group/rule_3_2_1_ensure_vrrp_authentication_key_is_set.ref

@@ -0,0 +1,17 @@
+.rule_3_2_1_ensure_vrrp_authentication_key_is_set
+
+Reference: Configuration Guide, Juniper Networks
+(http://www.juniper.net/techpubs/software/junos/junos92/swconfig-system-
+basics/archival.html%23id-11141986)
+
+Remediation: If you have configured VRRP on one or more interfaces you should configure authentication
+using the following commands from the [edit interfaces <interface name> unit
+<unit number> family inet address <ip address>] hierarchy;
+
+
+
+[edit interfaces `<interface name> unit <unit number> family inet address <ip
+address>`]
+user@host#set vrrp-group <group number> authentication-key <key>
+
+.