NTP servers configured do not match requirement-checkpoint-gaia,ipso

NTP servers configured do not match requirement-checkpoint-gaia,ipso
0

NTP servers configured do not match requirement-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni can verify that certain NTP servers are configured on a specific device.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.

Why is this important?
This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-ntp-servers

#! META
name: chkp-clish-ntp-servers
description: Records the configured NTP servers.
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: "checkpoint"
    or:
        -
            os.name: "gaia"
        -
            os.name: "ipso"


#! COMMENTS
ntp-servers:
    why: |
        This metric records configured NTP servers. NTP servers are used to sync the time across all hosts and network devices. This is critical for things such as event correlation and logging. With this information Indeni alerts if the NTP configuration on cluster members are not the same.
    how: |
        This script parses through the configuration database located in /config/active directory to retrieve the configured NTP servers.
    without-indeni: |
        An administrator could login and manually run the command.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
${nice-path} -n 15  grep "ntp:server" /config/active

#! PARSER::AWK

BEGIN {
    # Lines are separated by ":"
    FS = ":"

    num_fields = 3;
}

#ntp:servers:secondary someserever.com
#ntp:servers:primary time.nist.gov
/^ntp:servers:(primary|secondary)/ {
    data = $3
    split(data, split_arr, " ")

    type = split_arr[1]
    server = split_arr[2]

    ntp_arr[server, "type"] = type
    ntp_arr[server, "ipaddress"] = server
}

#ntp:server:time.nist.gov:version 3
#ntp:server:someserever.com:version 1
/^ntp:server:.*:version/ {
    server = $3
    version = $NF
    sub(/version /, "", version)
    ntp_arr[server, "version"] = version
}


END {

    # This final section is there to verify that we actually got all the data we were looking for.
    # For some reason Checkpoint devices sometimes seem to omit the last line when issuing "grep"
    # to filter the output. This final piece of code verifies that the number of items in the
    # object array is divisible by num_fields (the number of entries per object array).

    # For more information:
    # https://indeni.atlassian.net/browse/IKP-1840

    total_found_fields = 0
    for (i in ntp_arr) {
        total_found_fields ++
    }

    if (total_found_fields % num_fields == 0) {
        writeComplexMetricObjectArrayWithLiveConfig("ntp-servers", null, ntp_arr, "NTP Servers")
    } # TODO: Throw exception if this is not true
}

crossvendor_compliance_check_ntp_servers

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_ntp_servers() extends MultiSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_ntp_servers",
  ruleFriendlyName = "Compliance Check: NTP servers configured do not match requirement",
  ruleDescription = "Indeni can verify that certain NTP servers are configured on a specific device.",
  severity = AlertSeverity.WARN,
  metricName = "ntp-servers",
  itemKey = "ipaddress",
  alertDescription = "The list of NTP servers configured on this device does not match the requirement. Please review the list below.",
  baseRemediationText = "Update the configuration of the device to match the requirement.",
  requiredItemsParameterName = "NTP Servers",
  requiredItemsParameterDescription = "Enter the NTP servers required, each one on its own line."
)()