topic Perform scheduled scripted tasks on SMB devices without using crond in Spark Firewall (SMB)

Perform scheduled scripted tasks on SMB devices without using crond

G_W_Albrecht — Fri, 05 Apr 2019 09:55:35 GMT

Scripting was a weak point of SMB devices until firmware version R77.20.80: You can easily perform scripted tasks after each boot process (see sk52520 How to run commands at boot on an SG80/600/700/1100/1400/1200R -- UserScript for details), but no cron job was possible as crond did not run in GAiA Embedded (although the command crontab exists, it was unusable). There was a procedure to enable crond (Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R) if really needed. Since R77.20.80, crond is running, see the details in R77.20.80, cpdiag and crond.

But e.g. to issue a scripted reboot every two weeks at a certain time, we can also trigger the script over a SSH connection from another device. Details can be found in sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700 / 1100 / 1200R/ 1400 appliances. Remember to keep the passphrase empty when generating the key pair ! First step is to run # bashUser on while in expert mode to enable login directly into expert mode and WinSCP access. On the SMB box, we then create the file /pfrm2.0/etc/myreb.sh :

#!/bin/bash -f
source /fwtmp/opt/fw1/tmp/.CPprofile.sh
date >> /pfrm2.0/etc/lastReboot
(echo y ) | reboot

The second line is included as good practise and not needed here - but other commands will depend on environment variables set correctly (see sk77300 and sk90441).

On the unit that shall issue the command (based on GAiA or Unix) we follow sk95890 How to configure SSH authentication on Gaia OS using RSA key files and create /home/admin/sshreb.sh :

#!/bin/bash -f
source $CPDIR/tmp/.CPprofile.sh
ssh -i /home/admin/MyKey ip.x.x.x sh -l ./pfrm2.0/etc/myreb.sh

After first connect per ssh, the script is able to login and perform reboot automatically after being called using cron. This is easy e.g. on a Gaia device (in GAiA WebGUI, see under System Management > Job Scheduler). Such a script can also perform TP Updates automatically, but at different scheduled times for each blade using the online_update_cmd !

Re: Perform scheduled scripted tasks on SMB devices

Brian_Deutmeyer — Fri, 02 Mar 2018 19:42:07 GMT

Thanks for posting this. Two things to note...

I had to specify my user in my ssh command (user@x.x.x.x)
Since this is SMB, I had to run bashUser on while in expert mode to enable login directly into expert mode to run my script

From the Check Point 600/700/1100/1200R/1400 Appliance R77.20.75 CLI Guide:

You can enable login directly to expert mode. To do this:
• Login to Expert mode using the "Expert" password.
• Run the command bashUser on
• You will now always login directly to expert mode (this mode is not deleted during reboot)
• To turn this mode off, run the command bashUser off

Re: Perform scheduled scripted tasks on SMB devices

HristoGrigorov — Sat, 03 Mar 2018 17:51:26 GMT

Actually, it is possible to run cron jobs on SMB. I have followed this guide and it works for me very well:

Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R

Re: Perform scheduled scripted tasks on SMB devices

G_W_Albrecht — Mon, 05 Mar 2018 08:20:49 GMT

Yes, that is true - afair you have to ssh connect manually for one time, then you can use the script. For GUI based guys like me, bashUser on is the first command issued on every SMB unit so we can use WinSCP .

Re: Perform scheduled scripted tasks on SMB devices

G_W_Albrecht — Mon, 05 Mar 2018 08:35:05 GMT

That really is wild - i did not search for a cron binary, and crontab, as seen in the document, has no memory... We can see that this is a rather downsized busybox system, and that is understandable if we think of SG-80 or 600 models hardware capabilities . To create a symlink, a directory, call crond and write the crontab file on boot is working ok, but for me does not feel very comfortable. With current hardware, the need to trigger TP updates at different times - opposed to internaly scheduling all updates for the same time - is mostly gone, and scheduled backup works perfectly for me since a long time, and without any cron job...

Re: Perform scheduled scripted tasks on SMB devices

G_W_Albrecht — Mon, 05 Mar 2018 12:39:51 GMT

I have changed the document by adding details from the comments - thank you all for them !

Re: Perform scheduled scripted tasks on SMB devices without using crond

G_W_Albrecht — Mon, 02 Jun 2025 10:40:53 GMT

Addition: Second line has changed with newer firmware:

#!/bin/bash -f
source /opt/fw1/tmp/.CPprofile.sh