Check Point GAiA Keywords

The following table indicates how each keyword in the GAiA compliance checks can be used:

Keyword	Example Use and Supported Settings
type	“CHECK_CONFIG” determines if the specified config item exists in the GAiA “show configuration” output.
description	The `“description”` keyword provides the ability to add a brief description of the check that is being performed. It is strongly recommended that the `description` field be unique and that no distinct checks have the same description field. Tenable uses this field to automatically generate a unique plugin ID number based on the `description` field. Example: description: "1.0 Require strong Password Controls - 'min-password-length >= 8'"
info	The `“info”` keyword is used to add a more detailed description to the check that is being performed. Rationale for the check could be a regulation, URL with more information, corporate policy, and more. Multiple `info` fields can be added on separate lines to format the text as a paragraph. There is no preset limit to the number of info fields that can be used. Note: Each `“info”` tag must be written on a separate line with no line breaks. If more than one line is required (e.g., formatting reasons), add additional `“info”` tags. Example: info: "Enable palindrome-check on passwords"
severity	The `“severity”` keyword specifies the severity of the check being performed. Example: severity: MEDIUM The severity can be set to HIGH, MEDIUM, or LOW.
regex	The `“regex”` keyword enables searching the configuration item setting to match for a particular regular expression. Example: regex: "set snmp .+" The following meta-characters require special treatment: + \ * ( ) ^ Escape these characters out twice with two backslashes “\\” or enclose them in square brackets “[]” if you wish for them to be interpreted literally. Other characters such as the following need only a single backslash to be interpreted literally: . ? " ' This has to do with the way that the compiler treats these characters. If a check has “regex” tag set, but no “expect” or “not_expect” or “number_of_lines” tag is set, then the check simply reports all lines matching the regex.
expect	This keyword allows auditing the configuration item matched by the `“regex”` tag or if the `“regex”` tag is not used it looks for the `“expect”` string in the entire config. The check passes as long as the config line found by `“regex”` matches the `“expect”` tag or in the case where `“regex”` is not set, it passes if the `“expect”` string is found in the config. Example: regex: "set password-controls complexity" expect: "set password-controls complexity [1-4]" In the above case, the `“expect”` tag ensures that the complexity is set to a value between 1 and 4.
not_expect	This keyword allows searching the configuration items that should not be in the configuration. It acts as the opposite of `“expect”`. The check passes as the config line found by `“regex”` does not match the `“not_expect”` tag or if the `“regex”` tag is not set, it passes as long as `“not_expect"` string is not found in the config. Example: regex: "set password-controls password-expiration" not_expect: "set password-controls password-expiration never" In the above case, the `“not_expect”` tag ensures that the password-controls are not set to “never”.