Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee++
Employee++

mgmt_cli on Ubuntu

Hey,

Has anyone installed mgmt_cli on Ubuntu (no Check Point installation on this server)? Which libraries etc. do I need to get it working?

Thanks!

Labels (1)
Tags (2)
23 Replies
Highlighted
Advisor

You could try to copy the mgmt_cli.exe from a SmartConsole Windows installation to the ubuntu device & run it via wine. Not sure if this works, but it would be worth a try as the mgmt_cli.exe comes together with the SmartConsole but can be executed on its own without any depencies regarding the install directory of the SmartConsole.

Edit: Seems like it works... somehow. During the first startup of the tool (wine) it asks to download some depencies like the .net framework. As soon as you execute some commands via "wine mgmt_cli.exe [command]" you will see the rubbish as shown below but afterwards the execution ends just fine. For my example I used the command shown in the end (via a cloud demo instance) and it even prompted me for a username and password (as shown below). Maybe there is also a way to ignore these warnings, as they appear to be related to some images (png files). I currently to not have time to dig deeper into it - but it's a start I guess. At least the functionality seems to be fine. Smiley Happy

Btw. the mgmt_cli that comes with Gaia seems to have the following depencies:

Dependent Libraries=mgmt_cli_utils:jsoncpp:Reg:libcurl:OS:sicauth:cpopenssl:cpbcrypt:Resolve:cpcert

Highlighted
Employee++
Employee++

Thanks Maik! I will give it a try.

0 Kudos
Highlighted
Employee++
Employee++

I tested and it works! Thanks a lot for assistance.

0 Kudos
Highlighted
Contributor

Step 1: from SMS R80.10, copy the following files to a "temporay dir"

cp /lib/libaudit.so.0 .
cp /lib/libpam.so.0 .
cp /opt/CPshrd-R80/lib/libAppUtils.so .
cp /opt/CPshrd-R80/lib/libckpssl.so .
cp /opt/CPshrd-R80/lib/libcom_err.so.3 .
cp /opt/CPshrd-R80/lib/libComUtils.so .
cp /opt/CPshrd-R80/lib/libcpbcrypt.so .
cp /opt/CPshrd-R80/lib/libcpca.so .
cp /opt/CPshrd-R80/lib/libcpcert.so .
cp /opt/CPshrd-R80/lib/libcpcryptutil.so .
cp /opt/CPshrd-R80/lib/libcpopenssl.so .
cp /opt/CPshrd-R80/lib/libcp_policy.so .
cp /opt/CPshrd-R80/lib/libcpprng.so .
cp /opt/CPshrd-R80/lib/libDataStruct.so .
cp /opt/CPshrd-R80/lib/libEncode.so .
cp /opt/CPshrd-R80/lib/libEventUtils.so .
cp /opt/CPshrd-R80/lib/libfwsetdb.so .
cp /opt/CPshrd-R80/lib/libgssapi_krb5.so.2 .
cp /opt/CPshrd-R80/lib/libk5crypto.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5support.so.0 .
cp /opt/CPshrd-R80/lib/liblibcurl.so .
cp /opt/CPshrd-R80/lib/libmgmt_cli_utils.so .
cp /opt/CPshrd-R80/lib/libndb.so .
cp /opt/CPshrd-R80/lib/libOS.so .
cp /opt/CPshrd-R80/lib/libProdUtils.so .
cp /opt/CPshrd-R80/lib/libReg.so .
cp /opt/CPshrd-R80/lib/libResolve.so .
cp /opt/CPshrd-R80/lib/libsicauth.so .
cp /opt/CPshrd-R80/lib/libsic.so .
cp /opt/CPshrd-R80/lib/libskey.so .
cp /opt/CPshrd-R80/bin/mgmt_cli .

Step 2:

a) backup the files using tar (mgmt_cli.tar.gz)

b) download mgmt_cli.tar.gz from SMS

c) upload mgmt_cli.tar.gz to Ubuntu

Step 3:

On Ubuntu 64 bit:
Create a dir. E.g.:  /opt/checkpoint

untar mgmt_cli.tar.gz to /opt/checkpoint

All the files from Step 1 should be visible under /opt/checkpoint

Step 4:

Because R80.10 has some 32 bit binaries, execute the following:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386
sudo apt-get install libncurses5:i386
sudo apt-get install libstdc++6:i386
export LD_LIBRARY_PATH=/opt/checkpoint

After you have completed step 1 until 4, you should be able to run mgmt_cli from Ubuntu.

I was using it in the beginning; now I am using Ansible.

Highlighted
Employee++
Employee++

Thanks Kris! However, I'm getting an error on one Check Point library. I think it needs to be compiled to Ubuntu to get it working. I do have it in the directory.

0 Kudos
Highlighted
Contributor

Which version of Ubuntu are you using? I didn't need to compile anything.

E.g. libmgmt_cli_utils.so library is a dynamic library. You need to tell Linux where it can locate it at runtime.

export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/checkpoint"

When you enter

# echo $LD_LIBRARY_PATH

the path /opt/checkpoint should be listed.

Can you try this? Maybe a ldconfig is necessary?

Let me know what the outcome is. If negative, I will build a new Linux system and let you know the steps required to find the libraries at runtime.

See also:

https://help.ubuntu.com/community/EnvironmentVariables

https://askubuntu.com/questions/950313/set-ld-library-path-permanently-ubuntu

0 Kudos
Highlighted
Admin
Admin

Sorry, for nagging, but what you are trying to do is an unsupported configuration.

API support in Management Server R80 and above SK says: Check Point offers the mgmt_cli binary for Gaia OS and mgmt_cli.exe for Windows OS

0 Kudos
Highlighted
Employee++
Employee++

Thanks Valeri! We should state it more clearly in the SK that the mgmt_cli is not supported in other operating systems than Gaia and Windows. Case closed!

0 Kudos
Highlighted
Contributor

Hi Valeriu,

Are you sure it is unsupported? What would make mgmt_cli unsupported on Ubuntu Linux?

From Check Point's Security Management Architecture Overview:


The mgmt_cli tool is portable and can run on any Linux or Windows machine. A Linux version of the mgmt_cli
command line tool is included in all R80.10 Gaia installations. A windows version (mgmt_cli.exe) is in the R80.10
SmartConsole installation.

A Check Point TAC engineer confirmed to me that the mgmt_cli is supported on Ubuntu Linux.

I have to admit: Check Point's documentation is in some situations contradictory or non-existent. I experience it on a daily basis.

Kind regards,

Kris

Highlighted
Admin
Admin

I have to admit, Valeriu is the best of all typos.

Kris Pellens, I was quoting an official SK for the tool. It names two specific OS platforms only. Yet, to clarify the issue, I will ask Tomer Sole to comment on this

Highlighted
Employee++
Employee++

You are correct. The documentation is not clear on this topic. Once we get a final verdict on this, I'll do my best to clarify the SK as well.

0 Kudos
Highlighted
Admin
Admin

Hi all,

The official answer will be provided in a couple of days, please stand by

0 Kudos
Highlighted
Advisor

Hi Valeri,

Did you receive an answer so far? Would be interesting to know what the official statement is regarding the usage in a different linux environment besides Gaia/RH.

Regards,

Maik

0 Kudos
Highlighted

The better question is, why not go for REST API instead and use this, instead of tinkering with the binary...

0 Kudos
Highlighted
Employee++
Employee++

Because mgmt_cli is a ready made client and easier to use than REST API. It doesn’t also require any coding experience. With REST you have to use Curl or some programming language to make it work. 

Highlighted

Apologize for the late response. The instructions are incomplete and require a file that we have not posted. We are working on fixing the SK and the API documentation portal. Will update here once the instructions are set.

Highlighted
Admin
Admin

Does it mean Ubuntu deployment is actually supported?

0 Kudos
Highlighted
Admin
Admin

I believe this is the plan, yes.

I was given a binary privately that, provided the correct libraries are installed, runs on Ubuntu. 

Highlighted
Advisor

Hey,

Sorry to dive back into a relatively old topic but I'm just curious... do you have any updates regarding this 'case'?

Regards,

Maik

Highlighted
Contributor

Hi,

Can anyone share the mgmt_cli package for Ubuntu or point me to the right SK? 

Regards,

Herold

 

 

0 Kudos
Highlighted
Admin
Admin

One does not exist currently.
Not sure what the plan is for releasing this, if at all.
0 Kudos
Highlighted
Contributor

Thanks.

Is there a mgmt_cli package for any linux distirbution?

Regards,

 

 

 

0 Kudos
Highlighted
Advisor

If you are familiar with Python you can use this module/sdk.

0 Kudos