- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Here is an example bash script that monitors whether a policy package is only updated (published) or also already installed -
#!/bin/sh
JQ=${CPDIR}/jq/jq
GATEWAYS_FILE="gateways.json"
PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"
mgmt_cli -r true show gateways-and-servers limit 500 details-level full --format json > $GATEWAYS_FILE
INSTALLED_PACKAGES=($($JQ -r '.objects[] | .name as $name | .policy | select(. != {}) | [.["access-policy-name"], .["access-policy-installation-date"]["posix"], $name] | @csv' $GATEWAYS_FILE))
if [ $? -ne 1 ]; then
echo 'Checking for available packages statuses...'
mgmt_cli -r true show packages limit 500 details-level full --format json > $PACKAGES_FILE
if [ $? -ne 1 ]; then
PACKAGES_NAMES=($($JQ '.packages[] | .name' $PACKAGES_FILE))
for PACKAGE in ${PACKAGES_NAMES[@]}; do
echo 'Checking for package '"$PACKAGE"'...'
mgmt_cli -r true show-package name $PACKAGE --format json > $PACKAGE_FILE
if [ $? -ne 1 ]; then
IS_INSTALLED=false
PUBLISH_TIME=($($JQ -r '.["meta-info"]["last-modify-time"]["iso-8601"]' $PACKAGE_FILE))
PUBLISH_TIME_POSIX=($($JQ -r '.["meta-info"]["last-modify-time"]["posix"]' $PACKAGE_FILE))
echo 'Last publish time: '"$PUBLISH_TIME"
for INSTALLED_PACKAGE in ${INSTALLED_PACKAGES[@]}; do
IFS=',' read -ra INSTALLED_PACKAGE_DATA <<< "$INSTALLED_PACKAGE"
INSTALLED_PACKAGE_NAME=${INSTALLED_PACKAGE_DATA[0]}
if [ $INSTALLED_PACKAGE_NAME == $PACKAGE ]; then
INSTALLED_PACKAGE_TIME_POSIX=${INSTALLED_PACKAGE_DATA[1]}
INSTALLED_PACKAGE_GW=${INSTALLED_PACKAGE_DATA[2]}
if [ $PUBLISH_TIME_POSIX -lt $INSTALLED_PACKAGE_TIME_POSIX ]; then
IS_INSTALLED=true
echo 'The update is already installed on gateway: '"$INSTALLED_PACKAGE_GW"
fi
fi
done
if [ "$IS_INSTALLED" == false ]; then
echo 'Not yet installed!'
fi
fi
done
fi
fi
Robert.
Dear members,
Unfortunately, I was just informed that the policy package object is not updated when the changes are published.
Therefore, its "last-modify-time" field is never updated.
It seems that the script I wrote will not work due to this limitation.
I'll try to find another solution for this problem.
Robert.
Hi,
Did you find another solution to this?
It would be useful to generate a summary that outlines which policies have had published changes where the upload remains pending.
Regards,
Simon
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY