https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/148052#M10 <DIV class=""> <P><STRONG>Thanks for sharing.&nbsp;<span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></STRONG></P> <P>I checked the lengthy Python script that just runs <CODE>show diag</CODE> on all SMB devices and figured this could be done as a simple bash one-liner as well. Can be executed as one-time script from within SmartConsole or directly from SmartCenter server's expert mode:</P> <LI-CODE lang="cpp">echo; for i in `grep 'sic_name\|ipaddr' $FWDIR/conf/objects.C|grep -A1 sic_name|grep 'ipaddr '|tr -d ':ipadr ()\t'`; do cprid_util -server $i -verbose rexec -rcmd /bin/bash -c "hostname; clish -c 'show diag'"; done</LI-CODE> <P>Of course some grep commands would need to be added to filter the output of <CODE>show diag</CODE> and check the SMB type but that would be really easy and adjustable for everyone's needs.</P> </DIV> Fri, 06 May 2022 17:39:39 GMT Danny 2022-05-06T17:39:39Z https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/147981#M9 <P>Little project which is utilizing&nbsp;<EM>cpridutil</EM> over&nbsp;<EM>run-script</EM>&nbsp;CHKP MGMT API call to get firmware version of all SMB devices managed by the domain. The interesting part is that we are listing LSM (SmartProvisioning) managed devices as well. At the end, we write all output into CSV file (default <EM>output.csv)</EM>.</P> <DIV> <DIV><LI-CODE lang="python">GW,Image,Serial,MAC,IP,Status SMB-1500-GW,R80_992002665_20_40,XX12X12345,00:1C:DE:AD:BE:EF,192.168.1.1,Successful</LI-CODE></DIV> </DIV> <P>This way you have a list of all SMB devices and their firmware version.<BR />We are utilizing Python CHKP MGMT API SDK for the API communication.<BR />You can run the code either directly on the CHKP MGMT server or a separate machine with API access to the CHKP MGMT API.</P> <P><SPAN>Additional integration with&nbsp;</SPAN><STRONG>Check Point SourceGuard</STRONG><SPAN>&nbsp;for code security scan on each code change, as well as latest Check Point's acquisition of&nbsp;</SPAN><STRONG>SpectralOps</STRONG><SPAN>&nbsp;to scan for any potential Secrets leak like passwords or API keys. All running as Github Actions workflow.</SPAN></P> <P><SPAN>The code is under MIT License:<BR /></SPAN></P> <P><SPAN><A href="https://github.com/Senas23/cp_cpridutil" target="_blank" rel="noopener">https://github.com/Senas23/cp_cpridutil</A></SPAN></P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="logo.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/16398i5C3B3FE12EC6FD5E/image-size/medium?v=v2&amp;px=400" role="button" title="logo.png" alt="logo.png" /></span></SPAN></P> Thu, 05 May 2022 21:03:39 GMT https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/147981#M9 Art_Zalenekas 2022-05-05T21:03:39Z https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/148052#M10 <DIV class=""> <P><STRONG>Thanks for sharing.&nbsp;<span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></STRONG></P> <P>I checked the lengthy Python script that just runs <CODE>show diag</CODE> on all SMB devices and figured this could be done as a simple bash one-liner as well. Can be executed as one-time script from within SmartConsole or directly from SmartCenter server's expert mode:</P> <LI-CODE lang="cpp">echo; for i in `grep 'sic_name\|ipaddr' $FWDIR/conf/objects.C|grep -A1 sic_name|grep 'ipaddr '|tr -d ':ipadr ()\t'`; do cprid_util -server $i -verbose rexec -rcmd /bin/bash -c "hostname; clish -c 'show diag'"; done</LI-CODE> <P>Of course some grep commands would need to be added to filter the output of <CODE>show diag</CODE> and check the SMB type but that would be really easy and adjustable for everyone's needs.</P> </DIV> Fri, 06 May 2022 17:39:39 GMT https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/148052#M10 Danny 2022-05-06T17:39:39Z https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/148057#M11 <P>Thx Danny, but unfortunately that is not helping here. We need to know the Type of the GW, as we are looking just for SMB devices. Second, we need to list LSM managed GWs too, which you don't see in&nbsp;<EM>objects.C</EM> at all.</P> <P>Furthermore, there is no need to dig under the hood of the MGMT server and live on the BASH as uid 0. Best case, nobody should be living on the BASH. Many other reasons why not to keep your scripts and code on the management. Separation is the key here.</P> Fri, 06 May 2022 15:55:50 GMT https://community.checkpoint.com/t5/Automation-and-APIs/CPRIDUTIL-SMB-Get-Firmware-version-from-all-SMBs-including/m-p/148057#M11 Art_Zalenekas 2022-05-06T15:55:50Z