id: enable-https-protocol

info:
  name: Enable HTTPS on Web Management
  author: pussycat0x
  severity: info
  description: |
    Web Admin Management Portal should only be accessed using HTTPS Protocol.HTTP transmits all data (including passwords) in clear text over the network and
    provides no assurance of the identity of the hosts involved.
  reference: |
    https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
  tags: firewall,config,audit,pfsense,file

file:
  - extensions:
      - xml

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<webgui>"
          - "<protocol>https</protocol>"
        condition: and  
        negative: true

      - type: word
        words:
          - "<system>"