Users defined do not match requirement-checkpoint-gaia,ipso

Users defined do not match requirement-checkpoint-gaia,ipso
0

Users defined do not match requirement-checkpoint-gaia,ipso

Vendor: checkpoint

OS: gaia,ipso

Description:
Indeni can verify that only certain users are configured on a specific device and that others shouldn’t be.

Remediation Steps:
Update the configuration of the device to match the requirement.

How does this work?
Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured users. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.

Why is this important?
Often user accounts are left enabled after administrators leave. Therefore it’s important to have an easy way to review all accounts currently active.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-clish-show_users

name: chkp-clish-show_users
description: run "show users" over clish
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: ipso
comments:
    users:
        why: |
            Often user accounts are left enabled after administrators leave. Therefore it's important to have an easy way to review all accounts currently active.
        how: |
            Parse the Gaia/IPSO configuration database in /config/active and retreive the currently configured users. It is also possible to list them using clish, but that generates a large amount of logs in /var/log/messages when done repeatedly.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: Listing local users is only available from the
            command line interface and WebUI.
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 grep "mrma:users" /config/active
    parse:
        type: AWK
        file: show-users.parser.1.awk

crossvendor_compliance_check_users_defined

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.MultiSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class crossvendor_compliance_check_users_defined() extends MultiSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_users_defined",
  ruleFriendlyName = "Compliance Check: Users defined do not match requirement",
  ruleDescription = "Indeni can verify that only certain users are configured on a specific device and that others shouldn't be.",
  severity = AlertSeverity.WARN,
  metricName = "users",
  itemKey = "username",
  alertDescription = "The list of users defined on this device does not match the requirement. Please review the list below.",
  baseRemediationText = "Update the configuration of the device to match the requirement.",
  requiredItemsParameterName = "Users (Whitelist)",
  requiredItemsParameterDescription = "Enter the list of users that should be defined, each one on its own line. indeni will alert if there are any users defined which are not in this list."
)()