Radius servers configured do not match requirement-checkpoint-gaia,ipso

Radius servers configured do not match requirement-checkpoint-gaia,ipso
0

Radius servers configured do not match requirement-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni can verify that certain Radius servers are configured on a specific device.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
Parse the gaia configuration database in /config/active and retreive the currently configured RADIUS servers. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.

Why is this important?
If the RADIUS servers are configured incorrectly, it might not be possible for an administrator to login to the device.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-show_aaa_radius_servers_list

name: chkp-clish-show_aaa_radius_servers_list
description: run "show aaa radius-servers list" over clish
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: ipso
comments:
    radius-servers:
        why: |
            If the RADIUS servers are configured incorrectly, it might not be possible for an administrator to login to the device.
        how: |
            Parse the gaia configuration database in /config/active and retreive the currently configured RADIUS servers. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
        can-with-snmp: false
        can-with-syslog: false
    radius-super-user-id:
        why: |
            The RADIUS super user ID is the UID the user has when entering expert mode. If this is not 0 (root) and instead the default of 96, then the user will not have permission to access some file and tools.
        how: |
            indeni parses the gaia configuration database in /config/active and retreive the currently configured RADIUS super user id. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 grep "aaa:auth_profile:base_radius_authprofile"
            /config/active
    parse:
        type: AWK
        file: show-aaa-radius-server.parser.1.awk

CrossVendorRadiusServersComplianceCheckRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/compliance/CrossVendorRadiusServersComplianceCheckRule.scala