Create separate finding for Microsoft RDP port

[stephanie0x00]

Changes

This PR updates the findings DB and tweaks the bit for port classification such that when a Microsoft RDP port is detected, a separate finding is created for this. From a security perspective it is good to know if this point is present in the attack surface.

If an open RDP port is detected, the finding is given a 'medium' severity, as there is no immediate risk per se. A recommendation severity would also be possible, however RDP is often the root cause for ransomware attacks, thus that feels a bit low. Other ideas for an appropriate severity are welcome.

Issue link

Partial solution for #3837

Demo

QA notes

• Perform a nmap scan against a server with an open RDP port, e.g. run nc -l 3389 locally or use the IP from the screenshot (this is a Google server).
• Perform nmap tcp scan against the IP.
• Somehow the finding Type didn't resolve properly, thus the finding remained pending. This can be resolved by triggering the Finding type boefje manually.

---

Code Checklist

• All the commits in this PR are properly PGP-signed and verified.
• This PR only contains functionality relevant to the issue.
• I have written unit tests for the changes or fixes I made.
• I have checked the documentation and made changes where necessary.
• I have performed a self-review of my code and refactored it to the best of my abilities.

• Tickets have been created for newly discovered issues.
• For any non-trivial functionality, I have added integration and/or end-to-end tests.
• I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
• I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

---

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

---

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

[noamblitz]

I think its a good idea to add this to the Question as well since all other port configs are also asked there. For the rest this looks good!

[stephanie0x00]

I've updated the Question schema 👍

[ammar92]

Nice work! Just a few tiny things to complete this PR:

• Since one of the recommendation strings has been updated; it affected the test_port_classification_tcp_22 test in Octopoes. Meaning "should not be open" should be changed to "should possibly not be open."
• Format error in the JSON file, can be fixed by running pre-commit

[Rieven]

Checklist for QA:

• I have checked out this branch, and successfully ran a fresh make reset.
• I confirmed that there are no unintended functional regressions in this branch:
  • I have managed to pass the onboarding flow
  • Objects and Findings are created properly
  • Tasks are created and completed properly
• I confirmed that the PR's advertised feature or hotfix works as intended.
• I checked the logs for errors and/or warnings and made issues where necessary

What works:

It works

[noamblitz]

Checklist for QA:

• I have checked out this branch, and successfully ran a fresh make reset.

• I confirmed that there are no unintended functional regressions in this branch:

  • I have managed to pass the onboarding flow
  • Objects and Findings are created properly
  • Tasks are created and completed properly

• I confirmed that the PR's advertised feature or hotfix works as intended.

• I checked the logs for errors and/or warnings and made issues where necessary

What works:

It works

I love this. "What works?" "IT works."

[sonarcloud]

Quality Gate failed

Failed conditions
38.5% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud