Conditions
It is possible to define if/then/else logic in the Check Point audit policy. This allows the end-user to use a single file that is able to handle multiple configurations.
The syntax to perform conditions is the following:
<if>
<condition type:"or">
< Insert your audit here >
</condition>
<then>
< Insert your audit here >
</then>
<else>
< Insert your audit here >
</else>
</if>
Example:
<if>
<condition type: "OR">
<custom_item>
type: CONFIG_CHECK
description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"
regex: "set net-access telnet"
expect: "set net-access telnet off"
info: "Do not use plain-text protocols."
</custom_item>
</condition>
<then>
<report type: "PASSED">
description: "Telnet is disabled"
</report>
</then>
<else>
<custom_item>
type: CONFIG_CHECK
description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"
regex: "set net-access telnet"
expect: "set net-access telnet off"
info: "Do not use plain-text protocols."
</custom_item>
</else>
</if>
The condition never shows up in the report - that is, whether it fails or passes it won’t show up (it’s a “silent” check).
Conditions can be of type “and” or “or”.