Policy mismatch across cluster members-checkpoint-gaia

Policy mismatch across cluster members-checkpoint-gaia
0

Policy mismatch across cluster members-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
indeni will identify when two devices are part of a cluster and alert if the policy installed is different.

Remediation Steps:
Review the policy installed on each device in the cluster and ensure they are the same.

chkp-policy-fingerprint-vsx

name: chkp-policy-fingerprint-vsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    os.name: gaia
    vsx: 'true'
    role-firewall: 'true'
comments:
    policy-installed-fingerprint:
        why: |
            To check the policy name and unique identifier for the policy
        how: |
            By running the checkpoint commands "fw stat" and then checkking the "md5" value for this policy
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: policy-fingerprint-vsx.remote.1.bash
    parse:
        type: AWK
        file: policy-fingerprint-vsx.parser.1.awk

cross_vendor_compare_policy_fingerprint

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.common.data.conditions.{Equals => DataEquals, Not => DataNot}
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.rules.RemediationStepCondition


/**
  *
  */
case class cross_vendor_compare_policy_fingerprint() extends SnapshotComparisonTemplateRule(
  ruleName = "cross_vendor_compare_policy_fingerprint",
  ruleFriendlyName = "Clustered Devices: Policy mismatch across cluster members",
  ruleDescription = "indeni will identify when two devices are part of a cluster and alert if the policy installed is different.",
  metricName = "policy-installed-fingerprint",
  isArray = false,
  alertDescription = "The members of a cluster of devices must have the same policy installed.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/itzik-assaraf/2/870/1b5\">Itzik Assaraf</a> (Leumi Card).",
  baseRemediationText = """Review the policy installed on each device in the cluster and ensure they are the same.""",
  metaCondition = !DataEquals("vsx", "true"))(
  RemediationStepCondition.VENDOR_CP -> "Normally the management server ensures the same policy was installed on all cluster members. It's possible the checkbox for ensuring this was unchecked in the most recent policy installation. Please re-install the policy.")