Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso

Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso
0

Hotfixes installed do not match requirement-checkpoint-gaia,secureplatform,ipso

Vendor: checkpoint

OS: gaia,secureplatform,ipso

Description:
Indeni can verify that only certain hotfixes are installed on a specific device and that others shouldn’t be.

Remediation Steps:
Install the required hotfixes and remove the redundant ones.

How does this work?
Using the Check Point command “cpinfo -y -all” we retreive the currently installed hotfixes.

Why is this important?
It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-os-cpinfo-y-all

name: chkp-os-cpinfo-y-all
description: Run "cpinfo -y -all" to get hotfix information.
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    -   os.name: ipso
comments:
    hotfixes:
        why: |
            It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
        how: |
            Using the Check Point command "cpinfo -y -all" we retreive the currently installed hotfixes.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            Listing installed hotfixes is only available from the command line interface, and in some cases also via the WebUI and SmartUpdate.
    hotfix-jumbo-take:
        why: |
            It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
        how: |
            Using the Check Point command "cpinfo -y -all" we retreive the currently installed jumbo hotfixes.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: Listing installed hotfixes is only available from
            the command line interface, and in some cases also via the WebUI and SmartUpdate.
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cpinfo -y all
    parse:
        type: AWK
        file: cpinfo_y_all.parser.1.awk

crossvendor_compliance_check_hotfixes_installed

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_hotfixes_installed() extends MultiSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_hotfixes_installed",
  ruleFriendlyName = "Compliance Check: Hotfixes installed do not match requirement",
  ruleDescription = "Indeni can verify that only certain hotfixes are installed on a specific device and that others shouldn't be.",
  severity = AlertSeverity.WARN,
  metricName = "hotfixes",
  itemKey = "name",
  alertDescription = "The list of hotfixes installed on this device does not match the requirement. Please review the list below.",
  baseRemediationText = "Install the required hotfixes and remove the redundant ones.",
  requiredItemsParameterName = "Hotfixes",
  requiredItemsParameterDescription = "Enter the list of hotfixes that should be installed, each one on its own line. indeni will alert if there are any hotfixes installed which are not in this list."
)()