Policy mismatch across cluster members-checkpoint-gaia-embedded

Policy mismatch across cluster members-checkpoint-gaia-embedded
0

Policy mismatch across cluster members-checkpoint-gaia-embedded

Vendor: checkpoint

OS: gaia-embedded

Description:
indeni will identify when two devices are part of a cluster and alert if the policy installed is different.

Remediation Steps:
Review the policy installed on each device in the cluster and ensure they are the same.

cpembedded-policy-fingerprint

name: cpembedded-policy-fingerprint
description: retrive policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    os.name: gaia-embedded
    role-firewall: 'true'
    this_tag_disables_this_script: this_is_intentional
comments:
    policy-installed-fingerprint:
        why: |
            To check the policy name and unique identifier for the policy
        how: |
            By running the checkpoint commands "fw stat" and then checkking the "md5" value for this policy
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: policy-fingerprint-embedded.remote.1.bash
    parse:
        type: AWK
        file: policy-fingerprint-embedded.parser.1.awk

cross_vendor_compare_policy_fingerprint

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.common.data.conditions.{Equals => DataEquals, Not => DataNot}
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.rules.RemediationStepCondition


/**
  *
  */
case class cross_vendor_compare_policy_fingerprint() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_compare_policy_fingerprint",
  ruleFriendlyName = "Clustered Devices: Policy mismatch across cluster members",
  ruleDescription = "indeni will identify when two devices are part of a cluster and alert if the policy installed is different.",
  metricName = "policy-installed-fingerprint",
  isArray = false,
  alertDescription = "The members of a cluster of devices must have the same policy installed.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/itzik-assaraf/2/870/1b5\">Itzik Assaraf</a> (Leumi Card).",
  baseRemediationText = """Review the policy installed on each device in the cluster and ensure they are the same.""",
  metaCondition = !DataEquals("vsx", "true"))(
  RemediationStepCondition.VENDOR_CP -> "Normally the management server ensures the same policy was installed on all cluster members. It's possible the checkbox for ensuring this was unchecked in the most recent policy installation. Please re-install the policy.")