This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
zsszlama
Contributor
Contributor
‎2024-07-16 06:05 AM

Secure Configuration Verification

Hello Guys,

One of our customer wants to have a demo about host compliance check when they are connecting via RA VPN. They are using only hard clients. So I thought to create a demo environment with Secure Configuration Verification (SCV). As I read it's a legacy solution but I'm not aware of a different solution as they don't have Check Point Endpoint Security.

During my tests I run into two issues. I hope you can help me where should I search for a solution.

Issue1:

I cannot create an easy check where the SCV check says the client is compliant. I tried the following checks:

(SCVObject
	:SCVNames (
		: (BrowserMonitor
			:type (plugin)
			:parameters (
				:browser_major_version (5)
				:browser_minor_version (0)
				:browser_version_operand (">=")
				:browser_version_mismatchmassage ("Please upgrade your Internet browser.")
			)
		)
		: (OsMonitor
			:type (plugin)
			:parameters (
			:begin_or (or1)
			:begin_and (and1)
				os_build_number_10 (0)
				:os_build_operand_10 ("==")
			:end (and1)
			:begin_and (and2)
				:os_build_number_11 (0)
				:os_build_operand_11 ("==")
			:end (and2)
			:end (or1)
			:begin_admin (admin)
				:send_log (alert)
				:mismatchmessage ("update os")
			:end (admin)
			)
		)
		: (ProcessMonitor
			:type (plugin)
			:parameters (
				:explorer.exe (true)
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("explorer.exe is not running")
				:end (admin)
			)
		)
		: (AntiVirusMonitor
			:type (plugin)
			:parameters (
				:type ("Windows Defender")
				:begin_admin (admin)
					:send_log (alert)
					:mismatchmessage ("Please update your AntiVirus (use the LiveUpdate option).")
				:end (admin)
			)
		)
	)
	:SCVPolicy (
		:(I tried all abow individually)
	)
	:SCVGlobalParams (
		:enable_status_notifications (true)
		:status_notifications_timeout (10)
		:disconnect_when_not_verified (false)
		:block_connections_on_unverified (false)
		:scv_policy_timeout_hours (168)
		:enforce_ip_forwarding (false)
		:not_verified_script ("")
		:not_verified_script_run_show (false)
		:not_verified_script_run_admin (false)
		:not_verified_script_run_always (false)
		:allow_non_scv_clients (false)
		:skip_firewall_enforcement_check (false)
	)
)

 

Issue2:

I rolled back the changes with copying back the original $FWDIR/conf/local.scv file. At this point the policy change worked. When I did a change by modifying $FWDIR/conf/local.scv the policy install failed with the following:

Policy: ##Standard
Status: Failed
- Failed to merge SCV policies. Local SCV file may be corrupt
- Desktop policies will not be installed on Policy Servers
- Failed to merge SCV policies. Local SCV file may be corrupt
- Desktop policies will not be installed on Policy Servers

I've restored again $FWDIR/conf/local.scv the policy install worked and after another config modification the install failed again.

Can you guys give me some helping hand with this issues?

Please let me know if you need more details.

Thanks in advance!

Zsolt

(1)
Who rated this post