Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Testing Controls for Bash Scripts

Given the amount of resources a bash script can consume, along with any possible service impact it might have, I have been trying to compile a list of 'testing controls' to benchmark any script against before using it on any Check Point device by carrying out the following steps in a lab environment:

1) Observe the resources being consumed by the script. This can be done by having two additional Putty sessions open and run the following commands :

- watch free -m

- top 

2) Ensure that there is no service impact by monitoring critical services such as VPN tunnels etc. 

3) Ensure that only a specific group of admins have execution privileges over the script. 

I would appreciate other people's feedback on this topic, particularly of guys like @Robert_Decker and @Danny who are well versed in the art of scripting. My point is that I am after a process to follow when creating scripts for Check Point devices in order to get the maximum value while causing the least possible amount of disruption. 

Thanks in advance! 

 

 

7 Replies
Highlighted
Pearl

Thanks for the reference. I giggle when even R&D calls my ccc script a „piece of art“. To be honest, I‘m all about continuing my Check Point journey with SmartConsole Extensions, especially as Check Point is on its way to drop expert mode support somewhere in the future. I‘ll tell more about my new project @ CPX 2020 in Vienna if I get confirmed as a speaker.

Highlighted
Silver

Sorry for crashing in for this kinda off topic question... but you mentioned "Check Point is on its way to drop the expert mode entirely somewhere in the future.".
I remember when exactly this question got answered during a CheckMates webinar and the answer was that expert mode will stay - however they plan to move some expert commands to clish (starting with R80.40...?). Where did you hear about the complete drop of expert?
0 Kudos
Highlighted

expert commands are on clish since r80.20
Highlighted
Silver

nvm thought this would be an optional package for R80.20 and fully integrated with R80.40. Thanks for the info
Highlighted
Silver

Cant edit my post as I receive an HTTP error when doing so.
Just found sk144112 that still mentions this feature to be manually installed for version<R80.40 https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...
But enough off topic I guess
0 Kudos
Highlighted
Admin
Admin

Directly from R&D.
I've also heard it on a few occasions as well.
I don't think expert mode will be dropped anytime soon, however.
Highlighted
Silver

Thanks for your reply... interesting.
0 Kudos