SNMP community settings do not match across cluster members-checkpoint-gaia,ipso
Vendor: checkpoint
OS: gaia,ipso
Description:
Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.
Remediation Steps:
Ensure all of the SNMP settings are configured correctly on all cluster members.
How does this work?
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
Why is this important?
If the default SNMP communities are configured, like “public” or “private” it could allow unauthorized clients to poll the device.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-clish-show_snmp_agent
name: chkp-clish-show_snmp_agent
description: Show all SNMP settings
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: ipso
comments:
snmp-enabled:
why: |
To ensure the snmp is enbaled for the gateway
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-version:
why: |
To check the snmp-version to check if all the SNMP features are applicable
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-contact:
why: |
If the wrong contact is specified in the SNMP settings, the network monitoring team might contact the wrong
person or team when there is an issue.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-location:
why: |
The SNMP location is important, since it gives the administrator a fast and easy way to determine where it is located.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-communities:
why: |
If the default SNMP communities are configured, like "public" or "private" it could allow unauthorized clients to poll the device.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-traps-status:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-traps-receiver:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-users:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
unencrypted-snmp-configured:
why: |
If SNMP is not using version 3 only, this means that SNMP communication is not encrypted.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 grep "snmp" /config/active
parse:
type: AWK
file: show-snmp-agent.parser.1.awk
cross_vendor_snmp_communities_comparison
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_snmp_communities_comparison.scala