Hello
What is sensitive policy in mikrotik for user groyps?
What is regarded as sensitive in mikrotik? Is there a complete list?
The list is quite brief. passwords (e.g. in /ppp secret rows), passphrases (e.g. in wireless/capsman security profiles), and secrets (in IPsec identities) are “sensitive”. Usernames, public IP addresses, MAC addresses, and serial numbers are not treated as “sensitive”. Nor is anything in scripts.
Passwords of user accounts (those you use to log in to Mikrotik itself) are “write-only”, they are never shown or exported.
Is there an official list available somewhere? I would for example like to know whether the change in behaviour or bug is a security issue. The following script for example periodically resolves DNS FQDNs and then updates configured RADIUS authentication servers:
/radius set [find comment=radius1:] address=[:resolve radius1.redacted.com];
/radius set [find comment=radius2:] address=[:resolve radius2.redacted.com];
RouterOS 7 requires the following policies:
- read
- write
- test
- policy
RouterOS 6 works with the above or the following policies:
- read
- write
- test
- sensitive
Is anyone aware of a Wiki article that possibly details these policies?