CONFIG_CHECK Examples

The following are examples of using CONFIG_CHECK against a Check Point device:

<custom_item>

type: CONFIG_CHECK

description: "1.0 Require strong Password Controls - 'min-password-length >= 8'"

regex: "set password-controls min-password-length"

expect: "set password-controls min-password-length ([8-9]|[0-9][0-9]+)"

info: "Require Password Lengths greater than or equal to 8."

</custom_item>

<custom_item>

type: CONFIG_CHECK

description: "1.0 Require strong Password Controls - 'password-expiration != never'"

regex: "set password-controls password-expiration"

not_expect: "set password-controls password-expiration never"

info: "Allow passwords to expire"

</custom_item>

<custom_item>

type: CONFIG_CHECK

description: "2.13 Secure SNMP"

regex: "set snmp .+"

severity: MEDIUM

info: "Manually review SNMP settings."

</custom_item>