SNMP location information does not match across cluster members-checkpoint-gaia,ipso
Vendor: checkpoint
OS: gaia,ipso
Description:
Indeni will identify when two devices are part of a cluster and alert if the SNMP settings do not match.
Remediation Steps:
Ensure all of the SNMP settings are configured correctly on all cluster members.
How does this work?
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
Why is this important?
The SNMP location is important, since it gives the administrator a fast and easy way to determine where it is located.
Without Indeni how would you find this?
An administrator could login and manually run the command.
chkp-clish-show_snmp_agent
name: chkp-clish-show_snmp_agent
description: Show all SNMP settings
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: ipso
comments:
snmp-enabled:
why: |
To ensure the snmp is enbaled for the gateway
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-version:
why: |
To check the snmp-version to check if all the SNMP features are applicable
how: |
By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
for SNMP
can-with-snmp: false
can-with-syslog: false
snmp-contact:
why: |
If the wrong contact is specified in the SNMP settings, the network monitoring team might contact the wrong
person or team when there is an issue.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-location:
why: |
The SNMP location is important, since it gives the administrator a fast and easy way to determine where it is located.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-communities:
why: |
If the default SNMP communities are configured, like "public" or "private" it could allow unauthorized clients to poll the device.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-traps-status:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-traps-receiver:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
snmp-users:
why: |
SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
unencrypted-snmp-configured:
why: |
If SNMP is not using version 3 only, this means that SNMP communication is not encrypted.
how: |
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 grep "snmp" /config/active
parse:
type: AWK
file: show-snmp-agent.parser.1.awk
cross_vendor_snmp_location_comparison
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_snmp_location_comparison.scala