Users defined do not match requirement-checkpoint-gaia,ipso

Users defined do not match requirement-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni can verify that only certain users are configured on a specific device and that others shouldn’t be.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured users. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.

Why is this important?
Often user accounts are left enabled after administrators leave. Therefore it’s important to have an easy way to review all accounts currently active.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-show_users

name: chkp-clish-show_users
description: run "show users" over clish
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: ipso
comments:
    users:
        why: |
            Often user accounts are left enabled after administrators leave. Therefore it's important to have an easy way to review all accounts currently active.
        how: |
            Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured users. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 grep "mrma:users" /config/active
    parse:
        type: AWK
        file: show-users.parser.1.awk

crossvendor_compliance_check_users_defined

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/compliance/crossvendor_compliance_check_users_defined.scala