Jumbo hotfix take does not match requirement-checkpoint-gaia

Jumbo hotfix take does not match requirement-checkpoint-gaia
0

Jumbo hotfix take does not match requirement-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
Indeni can verify that the take of the jumbo hotfix installed is a specific one.

Remediation Steps:
Install the correct jumbo hotfix take.

How does this work?
Using the Check Point command “installed_jumbo_take” we retreive the currently installed jumbo hotfixes.

Why is this important?
It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-os-installed_jumbo_take

name: chkp-os-installed_jumbo_take
description: run "installed_jumbo_take"
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    os.name: gaia
    asg:
        neq: true
    and:
    -   os.version:
            neq: R80.10
    -   os.version:
            neq: R80.20
comments:
    hotfix-jumbo-take:
        why: |
            It is very important to make sure that devices are patched with the latest versions and hotfixes, to prevent downtime and security incidents.
        how: |
            Using the Check Point command "installed_jumbo_take" we retreive the currently installed jumbo hotfixes.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: Listing installed hotfixes is only available from
            the command line interface, and in some cases also via the WebUI and SmartUpdate.
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 installed_jumbo_take -n; ${nice-path} -n 15 $CPDIR/bin/cpprod_util
            CPPROD_GetValue "CPUpdates/6.0/BUNDLE_FIAT_HF_BASE_026" SU_Build_Take
            0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point
            Mini Suite/setup/FIAT_HF_BASE_026" Take 0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util
            CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GIZMO_HF_041_050" SU_Build_Take
            0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point
            Mini Suite/setup/GIZMO_HF_041_050" Take 0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util
            CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GULLI_HF_BASE_008" SU_Build_Take
            0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point
            Mini Suite/setup/GULLI_HF_BASE_008" Take 0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util
            CPPROD_GetValue "CPUpdates/6.0/BUNDLE_GYPSY_HF_BASE_021" SU_Build_Take
            0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point
            Mini Suite/setup/GYPSY_HF_BASE_021" Take 0; ${nice-path} -n 15 $CPDIR/bin/cpprod_util
            CPPROD_GetValue "CPUpdates/6.0/BUNDLE_R77_20_JUMBO_HF" SU_Build_Take 0;
            ${nice-path} -n 15 $CPDIR/bin/cpprod_util CPPROD_GetValue "Check Point
            Mini Suite/setup/R77_20_jumbo_hf" Take 0
    parse:
        type: AWK
        file: installed_jumbo_take.parser.1.awk

crossvendor_compliance_check_hotfix_jumbo_take

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_hotfix_jumbo_take() extends SingleSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_hotfix_jumbo_take",
  ruleFriendlyName = "Compliance Check: Jumbo hotfix take does not match requirement",
  ruleDescription = "Indeni can verify that the take of the jumbo hotfix installed is a specific one.",
  severity = AlertSeverity.WARN,
  metricName = "hotfix-jumbo-take",
  baseRemediationText = "Install the correct jumbo hotfix take.",
  parameterName = "Jumbo hotfix take",
  parameterDescription = "The jumbo hotfix take to look for.",
  expectedValue = "1"
)()