Critical configuration files mismatch across cluster members-checkpoint-ipso

Critical configuration files mismatch across cluster members-checkpoint-ipso
0

Critical configuration files mismatch across cluster members-checkpoint-ipso

Vendor: checkpoint

OS: ipso

Description:
Indeni will identify when two devices are part of a cluster and alert if critical configuration files are different.

Remediation Steps:
Correct any differences found to ensure a complete match between device members.

How does this work?
Compare all configuration lines in important configuration files across cluster members. Some lines in the files are, however, member or time specific, so these lines are excluded. All comments (lines starting with #) and blank lines are ignored. For the local.arp file, MAC addresses are removed because these are device values that change on each device.

Why is this important?
Making sure members of a cluster have the same settings is critical. In this process comparing the actual contents of important files is needed.

Without Indeni how would you find this?
An administrator could login to all cluster members and manually check differences between config files in all cluster members, but would also need to know which lines in the files to exempt.

chkp-os-file-diff-ipso

name: chkp-os-file-diff-ipso
description: Populates a complex metric array with all relevant config for a list
    of files
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    high-availability: true
    os.name: ipso
comments:
    lines-config-files:
        why: |
            Making sure members of a cluster have the same settings is critical. In this process comparing the actual contents of important files is needed.
        how: |
            Compare all configuration lines in important configuration files across cluster members. Some lines in the files are, however, member or time specific, so these lines are excluded. All comments (lines starting with #) and blank lines are ignored. For the local.arp file, MAC addresses are removed because these are device values that change on each device.
        without-indeni: |
            An administrator could login to all cluster members and manually check differences between config files in all cluster members, but would also need to know which lines in the files to exempt.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: This is only accessible from the command line
            interface.
steps:
-   run:
        type: SSH
        file: chkp-os-file-diff.remote.1.bash
    parse:
        type: AWK
        file: chkp-os-file-diff.parser.1.awk

CrossVendorCompareConfigurationFilesRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
/**
  *
  */
case class CrossVendorCompareConfigurationFilesRule() extends SnapshotComparisonTemplateRule(
  ruleName = "CrossVendorCompareConfigurationFilesRule",
  ruleFriendlyName = "Clustered Devices: Critical configuration files mismatch across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if critical configuration files are different.",
  metricName = "lines-config-files",
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same settings in their critical configuration files. Review the differences below.",
  baseRemediationText = "Correct any differences found to ensure a complete match between device members.",
  alertItemsHeader = "Mismatching File Paths and Values")()