This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mike_A
Advisor
‎2018-12-18 08:03 AM

Query Multi-Domain Super Users

Hello,

Is there any API command to show only multi-domain super users? I have been unable to find one. 

If there is not, I'm wondering how others, for auditing purposes, obtain a list of admins who have read/write access, if any are willing to share their methods. 

Labels
7 Replies
Joshua_Hatter
Employee
Employee
‎2018-12-18 11:53 AM

Use show-administrators against MDS with details-level full and parse for the relevant profile.

Short python example.

Mike_A
Advisor
‎2018-12-19 02:59 AM
In response to Joshua_Hatter

Thanks Joshua! I'll give this a shot but I believe this will give the desired result. 

0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2018-12-19 12:08 AM

Or just run mdsconfig

0 Kudos
Mike_A
Advisor
‎2018-12-19 03:13 AM
In response to Danny

Danny,

Thanks. I'm looking for a way to automate and gather this information on a reoccurring basis without the intervention of my team. By using 'mdsconfig', or a screen shot from SmartConsole, we are inherently forcing the team to manually perform these tasks when the auditors ask. With the API I was hoping to write a script, or in this case harvest Joshua's, and run this job every quarter and email out the results. 

0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2018-12-19 04:54 AM
In response to Mike_A

Mike,

mdsconfig is just an interactive tool to quickly access various Check Point commands.

Your interest is in option 6 - Administrators which simply executes mdsquerydb.

Example:

mdsquerydb Administrators‍‍‍‍‍‍

Addtional queries to collect the admin type can be configured within $MDSDIR/conf/queries.conf

So a simple One-liner added as cron job via GAiA's built-in job scheduler would easily address your needs to send you the list as a mail.

mdsquerydb Administrators | $FWDIR/bin/sendmail -s 'Multi-Domain Super Users' -t MAILSERVER -f SENDER_EMAIL_ADDRESS RECEIVER_EMAIL_ADDRESS;‍‍‍‍‍‍

In order to run a python ($FWDIR/Python/bin/python) script you would first need to whitelist it within /etc/fw/conf/whitelist to be able to run it.

0 Kudos
Mike_A
Advisor
‎2018-12-19 05:56 AM
In response to Danny

Danny,

The 'mdsquerydb Administrators' will output the list of names, I modified the queries.conf file and added "type" after the __name__ attribute. The response I get when adding "type" is 'mike-andretta pv1_administrator' for every user. Im looking at sk65181 at the various attributes that could be used in queries.conf but it does not look like, other than type, there is an attribute that will show more of a "Profile Type" which would indicate the Domain Manager vs Multi-Domain Super User. 

Am I missing an attribute that would give me more of what im looking for by using mdsquerydb? 

0 Kudos
Mike_A
Advisor
‎2018-12-19 08:07 AM
In response to Danny

Danny,

I was able to find "msp_perm" that is returning a number. It looks like 2x numbers are possibly returned, in my scenario 80000000 which looks to equal super user and 10000000 which matches up with my Domain Managers. Is there a better way, table/attribute, to gather this information? 

[Expert@XXXX:0]# cat $MDSDIR/conf/queries.conf | grep Admin
MDS "mdsdb" Administrators attr pv1_administrators "" __name__,msp_perm # Get names of all Administrators

[Expert@XXXX:0]# mdsquerydb Administrators | grep mike-andretta
mike-andretta 80000000

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events