Listening ports do not match requirement-checkpoint-gaia,secureplatform

Listening ports do not match requirement-checkpoint-gaia,secureplatform
0

Listening ports do not match requirement-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
Indeni can verify that certain UDP/TCP ports are open on a specific device.

Remediation Steps:
To close unexpected ports, run netstat -atlpn | grep LISTEN to find out which process or PID opened the port. Terminate unnecessary program on the device to close unsafe ports.

How does this work?
Parse the output of “netstat -atlpn | grep LISTEN”

Why is this important?
Monitor ports that are in listen state to make sure only expected ports are open to outside. Unexpected ports could present a security concern, at the very least.

Without Indeni how would you find this?
An administrator could login and manually run the command “netstat -atlpn | grep LISTEN”

chkp-netstat-atlpn

name: chkp-netstat-atlpn
description: List open listening ports
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
comments:
    listening-ports:
        why: |
            Monitor ports that are in listen state to make sure only expected ports are open to outside. Unexpected ports could present a security concern, at the very least.
        how: |
            Parse the output of "netstat -atlpn | grep LISTEN"
        can-with-snmp: false
        can-with-syslog: true
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 netstat -atlpn | grep LISTEN
    parse:
        type: AWK
        file: chkp-netstat-atlpn.parser.1.awk

CrossVendorOpenPortsComplianceCheckRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/compliance/CrossVendorOpenPortsComplianceCheckRule.scala