Jumbo hotfix take does not match requirement-checkpoint-gaia,secureplatform,ipso

Jumbo hotfix take does not match requirement-checkpoint-gaia,secureplatform,ipso
0

Jumbo hotfix take does not match requirement-checkpoint-gaia,secureplatform,ipso

Vendor: checkpoint

OS: gaia,secureplatform,ipso

Description:
Indeni can verify that the take of the jumbo hotfix installed is a specific one.

Remediation Steps:
Install the correct jumbo hotfix take.

How does this work?
Using the Check Point command “cpinfo -y -all” we retreive the currently installed jumbo hotfixes.

Why is this important?
It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-os-cpinfo-y-all

name: chkp-os-cpinfo-y-all
description: Run "cpinfo -y -all" to get hotfix information.
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    -   os.name: ipso
comments:
    hotfixes:
        why: |
            It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
        how: |
            Using the Check Point command "cpinfo -y -all" we retreive the currently installed hotfixes.
        can-with-snmp: false
        can-with-syslog: false
    hotfix-jumbo-take:
        why: |
            It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
        how: |
            Using the Check Point command "cpinfo -y -all" we retreive the currently installed jumbo hotfixes.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cpinfo -y all
    parse:
        type: AWK
        file: cpinfo_y_all.parser.1.awk

crossvendor_compliance_check_hotfix_jumbo_take

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_hotfix_jumbo_take() extends SingleSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_hotfix_jumbo_take",
  ruleFriendlyName = "Compliance Check: Jumbo hotfix take does not match requirement",
  ruleDescription = "Indeni can verify that the take of the jumbo hotfix installed is a specific one.",
  severity = AlertSeverity.WARN,
  metricName = "hotfix-jumbo-take",
  baseRemediationText = "Install the correct jumbo hotfix take.",
  parameterName = "Jumbo hotfix take",
  parameterDescription = "The jumbo hotfix take to look for.",
  expectedValue = "1"
)()