Check Point hosts file corrupted or missing entries

This is a real life sample alert from indeni

Description:

The operating system could not find the IP address associated with “localhost”. This normally means the hosts file has an error that may result in problems with certain services.

indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.

Manual Remediation Steps:

Review the hosts file for any missing entries. Specifically, look for the “127.0.0.1 localhost” entry. On Unix-based operating systems (Linux, FreeBSD, SecurePlatform, IPSO, etc.) it will be “/etc/hosts”. On Windows-based operating systems it should be “c:WindowsSystem32driversetchosts”.

For more information on the importance of the hosts file see SK42952 and CCMA’s blog post.

How does this alert work?

indeni tracks the structure of the hosts file as well as tests to ensure the required host entries are present. In some cases, the test also involves using nslookup and ping commands to ensure the host name is resolved correctly.

Leave a Reply