Policy mismatch across cluster members-checkpoint-gaia,secureplatform

Policy mismatch across cluster members-checkpoint-gaia,secureplatform
0

Policy mismatch across cluster members-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will identify when two devices are part of a cluster and alert if the policy installed is different.

Remediation Steps:
Review the policy installed on each device in the cluster and ensure they are the same.

How does this work?
An MD5 hash is calculated along with the policy name.

Why is this important?
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.

Without Indeni how would you find this?
An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.

chkp-policy-fingerprint-novsx

name: chkp-policy-fingerprint-novsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    vsx:
        neq: true
    role-firewall: 'true'
comments:
    policy-installed-fingerprint:
        why: |
            If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
        how: |
            An MD5 hash is calculated along with the policy name.
        without-indeni: |
            An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: This is only accessible from the command line
            interface.
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 fw stat && ${nice-path} -n 15 md5sum $FWDIR/state/local/FW1/local.str
    parse:
        type: AWK
        file: policy-fingerprint-novsx.parser.1.awk

cross_vendor_compare_policy_fingerprint

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.common.data.conditions.{Equals => DataEquals, Not => DataNot}
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.rules.RemediationStepCondition


/**
  *
  */
case class cross_vendor_compare_policy_fingerprint() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_compare_policy_fingerprint",
  ruleFriendlyName = "Clustered Devices: Policy mismatch across cluster members",
  ruleDescription = "indeni will identify when two devices are part of a cluster and alert if the policy installed is different.",
  metricName = "policy-installed-fingerprint",
  isArray = false,
  alertDescription = "The members of a cluster of devices must have the same policy installed.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/itzik-assaraf/2/870/1b5\">Itzik Assaraf</a> (Leumi Card).",
  baseRemediationText = """Review the policy installed on each device in the cluster and ensure they are the same.""",
  metaCondition = !DataEquals("vsx", "true"))(
  RemediationStepCondition.VENDOR_CP -> "Normally the management server ensures the same policy was installed on all cluster members. It's possible the checkbox for ensuring this was unchecked in the most recent policy installation. Please re-install the policy.")