SNMPv2c/v1 used-checkpoint-gaia,ipso

SNMPv2c/v1 used-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.

Remediation Steps:
Configure SNMPv3 instead.

How does this work?
Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.

Why is this important?
If SNMP is not using version 3 only, this means that SNMP communication is not encrypted.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-show_snmp_agent

name: chkp-clish-show_snmp_agent
description: Show all SNMP settings
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: ipso
comments:
    snmp-enabled:
        why: |
            To ensure the snmp is enbaled for the gateway
        how: |
            By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
            for SNMP
        can-with-snmp: false
        can-with-syslog: false

    snmp-version:
        why: |
            To check the snmp-version to check if all the SNMP features are applicable
        how: |
            By parsing the GAia configuration database in "/config/active" and then retrive the configuration details
            for SNMP
        can-with-snmp: false
        can-with-syslog: false

    snmp-contact:
        why: |
            If the wrong contact is specified in the SNMP settings, the network monitoring team might contact the wrong
            person or team when there is an issue.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    snmp-location:
        why: |
            The SNMP location is important, since it gives the administrator a fast and easy way to determine where it is located.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    snmp-communities:
        why: |
            If the default SNMP communities are configured, like "public" or "private" it could allow unauthorized clients to poll the device.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    snmp-traps-status:
        why: |
            SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    snmp-traps-receiver:
        why: |
            SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    snmp-users:
        why: |
            SNMP configuration should be the same across cluster members. indeni retrieves SNMP configuration to compare between them.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false

    unencrypted-snmp-configured:
        why: |
            If SNMP is not using version 3 only, this means that SNMP communication is not encrypted.
        how: |
            Parse the GAiA configuration database in /config/active and retrieve the current configuration for SNMP.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 grep "snmp" /config/active
    parse:
        type: AWK
        file: show-snmp-agent.parser.1.awk

cross_vendor_snmp_v2

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_snmp_v2.scala