Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso

warn
checkpoint
best-practices
gaiasecureplatformip
Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso
0

#1

Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso

Vendor: checkpoint

OS: gaia,secureplatform,ipso

Description:
Indeni can verify that only certain hotfixes are installed on a specific device and that others shouldn’t be.

Remediation Steps:
Install the required hotfixes and remove the redundant ones.

How does this work?
Using the Check Point command “cpinfo” we retreive the currently installed hotfixes.

Why is this important?
It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-os-cpinfo_y_all

#! META
name: chkp-os-cpinfo_y_all
description: run "cpinfo -y -all" to get hotfix information
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    or:
        -
            os.name: gaia
        -
            os.name: secureplatform
        -
            os.name: ipso
            
#! COMMENTS
hotfixes:
    why: |
        It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
    how: |
        Using the Check Point command "cpinfo" we retreive the currently installed hotfixes.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: |
        Listing installed hotfixes is only available from the command line interface, and in some cases also via the WebUI and SmartUpdate.

#! REMOTE::SSH
${nice-path} -n 15 cpinfo -y -all

#! PARSER::AWK

############
# Caveats: As cpuse is used more and more, we might want to get information that way in the future.
###########

/HOTFIX/ {
    # We store it in this associative array first because some hotfixes will appear
    # multiple times. We'll later convert it into the format the ComplexMetric function expects
    hotfixesbyname[trim($0)] = "true"
}

END {
    for (hotfix in hotfixesbyname) {
        ihotfix++
        hotfixes[ihotfix, "name"]=hotfix
    }
	writeComplexMetricObjectArrayWithLiveConfig("hotfixes", null, hotfixes, "Installed Hotfixes")
}

crossvendor_compliance_check_hotfixes_installed

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_hotfixes_installed(context: RuleContext) extends MultiSnapshotComplianceCheckTemplateRule(context,
  ruleName = "crossvendor_compliance_check_hotfixes_installed",
  ruleFriendlyName = "Compliance Check: Hotfixes installed do not match requirement",
  ruleDescription = "Indeni can verify that only certain hotfixes are installed on a specific device and that others shouldn't be.",
  severity = AlertSeverity.WARN,
  metricName = "hotfixes",
  itemKey = "name",
  alertDescription = "The list of hotfixes installed on this device does not match the requirement. Please review the list below.",
  baseRemediationText = "Install the required hotfixes and remove the redundant ones.",
  requiredItemsParameterName = "Hotfixes",
  requiredItemsParameterDescription = "Enter the list of hotfixes that should be installed, each one on its own line. indeni will alert if there are any hotfixes installed which are not in this list."
)()