modified test-rules (#75)

* removing ruleset files

* adding 3_interface rules and refs

* Revert "adding 3_interface rules and refs"

This reverts commit 6ec630d.

* added 3_interfaces rules and refs again

* added 4_protocols tests

* restrctured 3_interfaces folder

* added 6_services

* 5_snmp

* 1 general recommendations

* Checkpoint tests

* adding xr, asa, nxos

* modified test-rules

---------

Co-authored-by: mailsanjayhere <mailsanjayhere@gmail.com>

Author: 2 people

CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected',
+      platform=['checkpoint'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Checkpoint/1_password_policy/rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected.ref

@@ -0,0 +1,17 @@
+.rule_1_10_ensure_force_users_to_change_password_at_first_login_after_password_was_changed_from_users_page_is_selected
+
+Reference: 
+Remediation: Run the following command to set force-change-when setting.
+CLI:
+Hostname>set password-controls force-change-when password
+GUI:
+Navigate to User Management > Password Policy > Mandatory Password Change:
+Checked the 'Force users to change password at first login after password was
+changed from Users page' setting.
+
+
+
+
+
+
+.

CIS/Checkpoint/1_password_policy/rule_1_11_ensure_deny_access_after_failed_login_attempts_is_selected.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_11_ensure_deny_access_after_failed_login_attempts_is_selected',
+      platform=['checkpoint'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_11_ensure_deny_access_after_failed_login_attempts_is_selected(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Checkpoint/1_password_policy/rule_1_11_ensure_deny_access_after_failed_login_attempts_is_selected.ref

@@ -0,0 +1,17 @@
+.rule_1_11_ensure_deny_access_after_failed_login_attempts_is_selected
+
+Reference: 
+Remediation: Run the following command to set the deny-on-fail setting.
+CLI:
+Hostname>set password-controls deny-on-fail enable on
+GUI:
+Navigate to User Management > Password Policy > Deny Access After Failed
+Login Attempts:
+Checked the 'Deny access after failed login attempts' setting.
+
+
+
+
+
+
+.

CIS/Checkpoint/1_password_policy/rule_1_12_ensure_maximum_number_of_failed_attempts_allowed_is_set_to_5_or_fewer.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_12_ensure_maximum_number_of_failed_attempts_allowed_is_set_to_5_or_fewer',
+      platform=['checkpoint'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_12_ensure_maximum_number_of_failed_attempts_allowed_is_set_to_5_or_fewer(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Checkpoint/1_password_policy/rule_1_12_ensure_maximum_number_of_failed_attempts_allowed_is_set_to_5_or_fewer.ref

@@ -0,0 +1,26 @@
+.rule_1_12_ensure_maximum_number_of_failed_attempts_allowed_is_set_to_5_or_fewer
+
+Reference: #o94478
+Notes:
+Looking for input regarding a value for this recommendation.
+Note from checkpoint documentation....
+Warning: Enabling this leaves you open to a "denial of service" -- if an attacker issues
+unsuccessful login attempts often enough you will be locked out. Please consider the
+advantages and disadvantages of this option, in light of your security policy, before
+enabling it.
+
+Remediation: Run the following command to set the deny-on-fail failures-allowed setting.
+CLI:
+Hostname>set password-controls deny-on-fail failures-allowed 5
+
+
+
+
+
+GUI:
+Navigate to User Management > Password Policy > Deny Access After Failed
+Login Attempts:
+checked and set ' Maximum number of failed attempts allowed is set to'
+setting to 5 or fewer.
+
+.

CIS/Checkpoint/1_password_policy/rule_1_13_ensure_allow_access_again_after_time_is_set_to_300_or_more_seconds.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_13_ensure_allow_access_again_after_time_is_set_to_300_or_more_seconds',
+      platform=['checkpoint'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_13_ensure_allow_access_again_after_time_is_set_to_300_or_more_seconds(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Checkpoint/1_password_policy/rule_1_13_ensure_allow_access_again_after_time_is_set_to_300_or_more_seconds.ref

@@ -0,0 +1,18 @@
+.rule_1_13_ensure_allow_access_again_after_time_is_set_to_300_or_more_seconds
+
+Reference: 
+Remediation: Run the following command to set the deny-on-fail allow-afte setting.
+CLI:
+Hostname> set password-controls deny-on-fail allow-after 300
+
+
+
+
+
+
+GUI:
+Navigate to User Management > Password Policy > Deny Access After Failed
+Login Attempts:
+Set the 'Allow access again after time' setting to 300 or more seconds.
+
+.

CIS/Checkpoint/1_password_policy/rule_1_1_ensure_minimum_password_length_is_set_to_14_or_higher.py

@@ -0,0 +1,10 @@
+from comfy.compliance import medium
+
+
+@medium(
+      name='rule_1_1_ensure_minimum_password_length_is_set_to_14_or_higher',
+      platform=['checkpoint'],
+      commands=dict(chk_cmd='')
+)
+def rule_1_1_ensure_minimum_password_length_is_set_to_14_or_higher(commands, ref):
+    assert '' in commands.chk_cmd, ref

CIS/Checkpoint/1_password_policy/rule_1_1_ensure_minimum_password_length_is_set_to_14_or_higher.ref

@@ -0,0 +1,15 @@
+.rule_1_1_ensure_minimum_password_length_is_set_to_14_or_higher
+
+Reference: 
+Remediation: Run the following command to set the min-password-length setting.
+CLI:
+Hostname>set password-controls min-password-length 14
+GUI:
+Navigate to User Management > Password Policy
+Ensure 'Minimum Password Length' is set to 14 or higher.
+
+
+
+
+
+.