Conditions

It is possible to define if/then/else logic in the Check Point audit policy. This allows the end-user to use a single file that is able to handle multiple configurations.

The syntax to perform conditions is the following:

<if>

<condition type:"or">

< Insert your audit here >

</condition>

<then>

< Insert your audit here >

</then>

<else>

< Insert your audit here >

</else>

</if>

Example:

<if>

<condition type: "OR">

<custom_item>

type: CONFIG_CHECK

description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"

regex: "set net-access telnet"

expect: "set net-access telnet off"

info: "Do not use plain-text protocols."

</custom_item>

</condition>

<then>

<report type: "PASSED">

description: "Telnet is disabled"

</report>

</then>

<else>

<custom_item>

type: CONFIG_CHECK

description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"

regex: "set net-access telnet"

expect: "set net-access telnet off"

info: "Do not use plain-text protocols."

</custom_item>

</else>

</if>

The condition never shows up in the report - that is, whether it fails or passes it won’t show up (it’s a “silent” check).

Conditions can be of type “and” or “or”.