Wow Danny, thats AMAZING!

Just ran it in my lab.

[Expert@CP-GW:0]# /var/log/cis/CIS_Benchmark_Gaia_v1.1.0.sh

|-------------------------------------------------------------------------------+
| CIS Benchmark Checks for Check Point Gaia v1.1.0
|-------------------------------------------------------------------------------+
| 1. Password Policy | Score | Status | Value
| 1.1 Password Length 14+ | No | Default | 6
| 1.2 Disallow Palindromes | Yes | Customized | t
| 1.3 Password Complexity 3+ | No | Default | 2
| 1.4 Password History 12+ | No | Default | 10
| 1.5 Password Expiry max. 90 days | No | Default | never
| 1.6 Password Expiry Warning set to 7 | Yes | Customized | 7
| 1.7 Password Expiry Logout set to 1 | No | Default | never
| 1.8 Deny Acces to Used Accounts on | No | Default | off
| 1.9 Non-use days before lockout set to 30 | No | Default | 365
| 1.10 Force to change initial Password | No | Default | no
| 1.11 Deny Access after failed logins on | No | Default | off
| 1.12 Max. Fail-Attempts is set to 5 or lower | No | Default | 10
| 1.13 Down Time set to 300s or more | Yes | Customized | 1200
|-------------------------------------------------------------------------------+
| 2. Device Setup | Score | Status | Value
| 2.1 General Settings | | |
| 2.1.1 Login Banner is set | No | Default | Manually check banner message!
| 2.1.2 Message Of The Day (MOTD) is set | No | Disabled |
| 2.1.3 Core Dump enabled | No | Disabled | | 2.1.4 Config-state is saved | Yes | Default | Saved
| 2.1.5 Unused interfaces are disabled | Yes | - |
| 2.1.6 DNS server is configured | Yes | Customized | [8.8.8.8, 8.8.4.4, 1.1.1.1]
| 2.1.7 IPv6 is disabled (if not in use) | No | Customized |
| 2.1.8 Host Name is set | Yes | Customized | CP-GW
| 2.1.9 Telnet is disabled | Yes | Default | off
| 2.1.10 DHCP is disabled | Yes | Default | Disabled
|----------------------------------------------------------------------------------+
| 2.2 SNMP | Score | Status | Value
| 2.2.1 SNMP Agent is disabled | No | Default | Disabled
| 2.2.2 SNMP Agent version is set to v3-Only | Yes | Customized | v3-Only
| 2.2.3 SNMP traps enabled | No | Default |
| 2.2.4 SNMP traps receivers is set | No | Default |
|----------------------------------------------------------------------------------+
| 2.3 NTP | Score | Status | Value
| 2.3.1.(1) NTP is enabled | No | Default | Disabled
| 2.3.1.(2) NTP Servers (1&2) IPs are configured | Yes | Customized | 2
| 2.3.2 Timezone is set correctly | Yes | Customized | Canada/Eastern
|----------------------------------------------------------------------------------+
| 2.4 Backup | Score | Status | Value
| 2.4.1 System Backup is set | No | Default | Not set
| 2.4.2 Snapshot is set | No | Default | Not set
| 2.4.3 Scheduled Backups | No | - |
|----------------------------------------------------------------------------------+
| 2.5 Authentication Settings | Score | Status | Value
| 2.5.1 CLI Timeout is 10min or less | No | Default | 720 min
| 2.5.2 Web Session Timeout is 10min or less | No | Default | 720 min
| 2.5.3 (1) Telnet Authentication is disabled | Yes | Default | Disabled
| 2.5.3 (2) Client Authentication is SSL secured | No | Default | Insecure HTTP client auth
| 2.5.4 Radius or TACAS+ Server is configured | No | Default | Add Radius or TACACS+ server!
| 2.5.5 Only Allowed Clients for device mgmt | No | Default | Any
|----------------------------------------------------------------------------------+
| 2.6 Logging | Score | Status | Value
| 2.6.1 Mgmtauditlogs is set to on | Yes | Customized | t
| 2.6.2 Auditlog is set to permanent | Yes | Customized | permanent
| 2.6.3 Cplogs is set to on | No | Default | off
|----------------------------------------------------------------------------------+
| Summary: 14 out of 42 checks passed
| CIS Benchmark Score: 33%
+----------------------------------------------------------------------------------+
[Expert@CP-GW:0]#