This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HristoGrigorov
Mentor
Mentor
‎2018-11-18 10:26 PM
Jump to solution

Proper place to put custom scripts

Hi,

So, I wrote my own backup script for Security Management Server and I thought the proper place to put it in is /usr/local/sbin/

Well, I was wrong. When I upgraded server from R80.10 to R80.20 my script was silently deleted.

Where shall I place my scripts so that they are preserved between upgrades?

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor
‎2018-11-20 11:21 AM
Jump to solution

Our recommendation is to use the Script Repository available in SmartConsole.

As Check Point Objects, they will survive all upgrades.

Later you can run that script on gateways by right-clicking them. You can also run them with the Management API referring to just the name of the Script object with the parameters "script-name", representing a title for the script, and "script", representing the script code.

View solution in original post

15 Replies
PhoneBoy
Admin
Admin
‎2018-11-18 10:41 PM
Jump to solution

Somewhere under your home directory is probably the safest place to put it as it should not be affected by an upgrade.

HristoGrigorov
Mentor
Mentor
‎2018-11-18 11:03 PM
In response to PhoneBoy
Jump to solution

Thank you, /home/bin/ it is then.

Danny
Champion Champion
Champion
‎2018-11-20 05:59 AM
Jump to solution

It depends. Check via set with paths are defined in your environment. I prefer /usr/local/bin


0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-20 08:42 AM
In response to Danny
Jump to solution

I think he said that location got overwritten, thus why I suggested somewhere else.

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2018-11-20 09:06 AM
In response to PhoneBoy
Jump to solution

Yes, I just need a path that won't be touched by the upgrade scripts. I vaguely remember according to LSB, /usr/local/bin/ is the right one. Do not like to put executables in home dir but in this case I probably have no other choice.

JozkoMrkvicka
Authority
Authority
‎2018-11-20 11:11 AM
Jump to solution

The best would be to do deep pre-check before upgrade. Save all custom scripts and cron jobs outside of the machine to be available for all collegues and ready to be put back after upgrade. This is also valid for all .conf and .def files.

Kind regards,
Jozko Mrkvicka
Tomer_Sole
Mentor
Mentor
‎2018-11-20 11:21 AM
Jump to solution

Our recommendation is to use the Script Repository available in SmartConsole.

As Check Point Objects, they will survive all upgrades.

Later you can run that script on gateways by right-clicking them. You can also run them with the Management API referring to just the name of the Script object with the parameters "script-name", representing a title for the script, and "script", representing the script code.

HristoGrigorov
Mentor
Mentor
‎2018-11-20 11:35 AM
In response to Tomer_Sole
Jump to solution

I like that the most, thanx Tomer. Only need to figure out how to invoke script from Job Scheduler using Management API. Shouldn't be that difficult...

0 Kudos
Petr_Hantak
Advisor
Advisor
‎2018-11-26 06:40 AM
In response to HristoGrigorov
Jump to solution

In case you want to invoke job scheduler then I think it is still the best way put it to some /home/ directory and attach job to cron. Just attach it there via  WebUI or CLI commands:

HostName> set cron job JOB_NAME command ... 
HostName> set cron job JOB_NAME recurrence ...

In that case job stay to be scheduled in your configuration file. On the other hand you must still have the script itself backuped somewhere. 

For me personally it is not a bafd enchancement to have possibility to use Script repository and just schedule same script for example on different firewalls throuh console...

0 Kudos
Ronen_Zel
Mod
Mod
‎2018-11-21 02:46 AM
In response to Tomer_Sole
Jump to solution

Thanks for the information Tomer. I just created a new SecureKnowledge article with this information, sk140852.

HristoGrigorov
Mentor
Mentor
‎2018-11-21 03:00 AM
In response to Ronen_Zel
Jump to solution

Great idea, thanx! Just to mention, there is a small error in SK. Parameter name is "script" and not "script-body".

Tomer_Sole
Mentor
Mentor
‎2018-11-21 03:16 AM
In response to HristoGrigorov
Jump to solution

sorry about that, I made the mistake originally in this thread..

0 Kudos
Ronen_Zel
Mod
Mod
‎2018-11-21 03:58 AM
In response to HristoGrigorov
Jump to solution

Thanks. I just fixed the sk. The fixed version should be available within a few minutes.

0 Kudos
jacneto
Participant
‎2021-02-23 04:25 PM
In response to Tomer_Sole
Jump to solution

Make no sense to me put a scripts in the Script Repository and run it with Security Management API calling the script by the name ("script-name" parameter) and still using the "script" parameter (which is required) with the script body. Am I missing something? 

0 Kudos
Sven_Glock
Advisor
‎2018-11-24 02:31 AM
Jump to solution

If you like to share your exprience with running scripts thru the Scrpit Repository your are more than welcome to join my threat: SmartConsole Scripts Repository usecases and experience 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events