No firewall policy loaded-checkpoint-gaia-embedded

No firewall policy loaded-checkpoint-gaia-embedded
0

No firewall policy loaded-checkpoint-gaia-embedded

Vendor: checkpoint

OS: gaia-embedded

Description:
indeni will alert when a Check Point firewall is running without a policy.

Remediation Steps:
Ensure a valid policy is installed.

cpembedded-policy-fingerprint

name: cpembedded-policy-fingerprint
description: retrive policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    os.name: gaia-embedded
    role-firewall: 'true'
    this_tag_disables_this_script: this_is_intentional
comments:
    policy-installed-fingerprint:
        why: |
            To check the policy name and unique identifier for the policy
        how: |
            By running the checkpoint commands "fw stat" and then checkking the "md5" value for this policy
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: policy-fingerprint-embedded.remote.1.bash
    parse:
        type: AWK
        file: policy-fingerprint-embedded.parser.1.awk

chkp_no_policy_no_vsx

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.server.common.data.conditions.{Equals => DataEquals, Not => DataNot}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.{RuleCategory, RuleContext}
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class chkp_no_policy_no_vsx() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "chkp_no_policy_no_vsx",
  ruleFriendlyName = "Check Point Firewalls (Non-VSX): No firewall policy loaded",
  ruleDescription = "indeni will alert when a Check Point firewall is running without a policy.",
  metricName = "policy-installed-fingerprint",
  alertDescription = "It appears the firewall does not have a valid policy. It's possible this is due to \"fw unloadlocal\".",
  baseRemediationText = "Ensure a valid policy is installed.",
  metaCondition = !DataEquals("vsx", "true"),
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression(""), SnapshotExpression("policy-installed-fingerprint").asSingle().mostRecent().value().noneable),
  ruleCategories = Set(RuleCategory.OrganizationStandards)
)()