Listening ports do not match requirement-checkpoint-gaia,secureplatform
Vendor: checkpoint
OS: gaia,secureplatform
Description:
Indeni can verify that certain UDP/TCP ports are open on a specific device.
Remediation Steps:
To close unexpected ports, run netstat -atlpn | grep LISTEN to find out which process or PID opened the port. Terminate unnecessary program on the device to close unsafe ports.
How does this work?
Parse the output of “netstat -atlpn | grep LISTEN”
Why is this important?
Monitor ports that are in listen state to make sure only expected ports are open to outside. Unexpected ports could present a security concern, at the very least.
Without Indeni how would you find this?
An administrator could login and manually run the command “netstat -atlpn | grep LISTEN”
chkp-netstat-atlpn
name: chkp-netstat-atlpn
description: List open listening ports
type: monitoring
monitoring_interval: 10 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: secureplatform
comments:
listening-ports:
why: |
Monitor ports that are in listen state to make sure only expected ports are open to outside. Unexpected ports could present a security concern, at the very least.
how: |
Parse the output of "netstat -atlpn | grep LISTEN"
can-with-snmp: false
can-with-syslog: true
steps:
- run:
type: SSH
command: ${nice-path} -n 15 netstat -atlpn | grep LISTEN
parse:
type: AWK
file: chkp-netstat-atlpn.parser.1.awk
CrossVendorOpenPortsComplianceCheckRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/compliance/CrossVendorOpenPortsComplianceCheckRule.scala