Try out the new
CheckMates Labs!
Check Point Acquires Avanan
Learn Why Avanan and Check Point are Better Together
CheckMates Go:
The Things They're Missing
Try Check Point products
with one of our experts!
Pro Support – The Next Level Of Monitoring
Premier Event for Securing Users & Access
12th October
Robert_Decker
Here is an example bash script that monitors whether a policy package is only updated (published) or also already installed -
#!/bin/sh
JQ=${CPDIR}/jq/jq
GATEWAYS_FILE="gateways.json"
PACKAGES_FILE="packages.json"
PACKAGE_FILE="package.json"
mgmt_cli -r true show gateways-and-servers limit 500 details-level full --format json > $GATEWAYS_FILE
INSTALLED_PACKAGES=($($JQ -r '.objects[] | .name as $name | .policy | select(. != {}) | [.["access-policy-name"], .["access-policy-installation-date"]["posix"], $name] | @csv' $GATEWAYS_FILE))
if [ $? -ne 1 ]; then
echo 'Checking for available packages statuses...'
mgmt_cli -r true show packages limit 500 details-level full --format json > $PACKAGES_FILE
if [ $? -ne 1 ]; then
PACKAGES_NAMES=($($JQ '.packages[] | .name' $PACKAGES_FILE))
for PACKAGE in ${PACKAGES_NAMES[@]}; do
echo 'Checking for package '"$PACKAGE"'...'
mgmt_cli -r true show-package name $PACKAGE --format json > $PACKAGE_FILE
if [ $? -ne 1 ]; then
IS_INSTALLED=false
PUBLISH_TIME=($($JQ -r '.["meta-info"]["last-modify-time"]["iso-8601"]' $PACKAGE_FILE))
PUBLISH_TIME_POSIX=($($JQ -r '.["meta-info"]["last-modify-time"]["posix"]' $PACKAGE_FILE))
echo 'Last publish time: '"$PUBLISH_TIME"
for INSTALLED_PACKAGE in ${INSTALLED_PACKAGES[@]}; do
IFS=',' read -ra INSTALLED_PACKAGE_DATA <<< "$INSTALLED_PACKAGE"
INSTALLED_PACKAGE_NAME=${INSTALLED_PACKAGE_DATA[0]}
if [ $INSTALLED_PACKAGE_NAME == $PACKAGE ]; then
INSTALLED_PACKAGE_TIME_POSIX=${INSTALLED_PACKAGE_DATA[1]}
INSTALLED_PACKAGE_GW=${INSTALLED_PACKAGE_DATA[2]}
if [ $PUBLISH_TIME_POSIX -lt $INSTALLED_PACKAGE_TIME_POSIX ]; then
IS_INSTALLED=true
echo 'The update is already installed on gateway: '"$INSTALLED_PACKAGE_GW"
fi
fi
done
if [ "$IS_INSTALLED" == false ]; then
echo 'Not yet installed!'
fi
fi
done
fi
fi
Robert.
Robert_Decker
Dear members,
Unfortunately, I was just informed that the policy package object is not updated when the changes are published.
Therefore, its "last-modify-time" field is never updated.
It seems that the script I wrote will not work due to this limitation.
I'll try to find another solution for this problem.
Robert.
Hi,
Did you find another solution to this?
It would be useful to generate a summary that outlines which policies have had published changes where the upload remains pending.
Regards,
Simon
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY