RAID not configured-paloaltonetworks-panos

RAID not configured-paloaltonetworks-panos
0

RAID not configured-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert if RAID is not configured on Palo Alto device.

Remediation Steps:
It is important to know that a device may have been ordered without redundant disks in the array. It is possible especially on a pa-5000 series firewall to order a firewall with only one disk. This is certainly not recommended if you do not have high-availability configured with another firewall. It will still show that you have a RAID because it uses a RAID configuration although you may only have one disk as a member of that array. Please run “show system raid” and “show system raid detail” for more information. If you need RAID redundancy on this firewall contact your sales team. Otherwise, you may disable this rule for this device.

How does this work?
This script will check for the RAID array in scenarios where only one RAID array exists by looking at devices that have Overall RAID status. From there it looks to see if one of the disks in that array report as missing. That indicates RAID is not truly enabled to protect your device from downtime due to drive failures.

Why is this important?
It is important to know that a device may have been ordered without redundant disks in the array. It is possible especially on a pa-5000 series firewall to order a firewall with only one disk. This is certainly not recommended if you do not have high-availability configured with another firewall. It will still show that you have a RAID because it uses a RAID configuration although you may only have one disk as a member of that array.

Without Indeni how would you find this?
On boot, a PA-5000 series firewall will warn you of a disk missing in the system log and would be sent in a syslog event or as an email alert. Most syslog solutions will not alert you of a missing disk so you would have to manually define an alert.

panos-show-system-raid

name: panos-show-system-raid
description: Show RAID and disk status and configuration
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    raid-status:
        why: |
            It is important that we know when a RAID array may be failing due to disk failures and identify which disk is failed.
        how: |
            This script will check for each RAID array and report the status of each disk in the array.
        can-with-snmp: false
        can-with-syslog: true
    panw-raid-configured:
        why: |
            It is important to know that a device may have been ordered without redundant disks in the array. It is possible especially on a pa-5000 series firewall to order a firewall with only one disk. This is certainly not recommended if you do not have high-availability configured with another firewall. It will still show that you have a RAID because it uses a RAID configuration although you may only have one disk as a member of that array.
        how: |
            This script will check for the RAID array in scenarios where only one RAID array exists by looking at devices that have Overall RAID status. From there it looks to see if one of the disks in that array report as missing. That indicates RAID is not truly enabled to protect your device from downtime due to drive failures.
        can-with-snmp: false
        can-with-syslog: true
steps:
-   run:
        type: SSH
        command: show system raid
    parse:
        type: AWK
        file: show-system-raid.parser.1.awk

PanwRaidConfiguredRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanwRaidConfiguredRule.scala