This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nick_Doropoulos
Advisor
‎2019-11-13 12:43 AM

Testing Controls for Bash Scripts

Given the amount of resources a bash script can consume, along with any possible service impact it might have, I have been trying to compile a list of 'testing controls' to benchmark any script against before using it on any Check Point device by carrying out the following steps in a lab environment:

1) Observe the resources being consumed by the script. This can be done by having two additional Putty sessions open and run the following commands :

- watch free -m

- top 

2) Ensure that there is no service impact by monitoring critical services such as VPN tunnels etc. 

3) Ensure that only a specific group of admins have execution privileges over the script. 

I would appreciate other people's feedback on this topic, particularly of guys like @Robert_Decker and @Danny who are well versed in the art of scripting. My point is that I am after a process to follow when creating scripts for Check Point devices in order to get the maximum value while causing the least possible amount of disruption. 

Thanks in advance! 

 

 

7 Replies
Danny
Champion Champion
Champion
‎2019-11-13 01:12 AM

Thanks for the reference. I giggle when even R&D calls my ccc script a „piece of art“. To be honest, I‘m all about continuing my Check Point journey with SmartConsole Extensions, especially as Check Point is on its way to drop expert mode support somewhere in the future. I‘ll tell more about my new project @ CPX 2020 in Vienna if I get confirmed as a speaker.

Maik
Advisor
‎2019-11-13 01:22 AM
In response to Danny

Sorry for crashing in for this kinda off topic question... but you mentioned "Check Point is on its way to drop the expert mode entirely somewhere in the future.".
I remember when exactly this question got answered during a CheckMates webinar and the answer was that expert mode will stay - however they plan to move some expert commands to clish (starting with R80.40...?). Where did you hear about the complete drop of expert?
0 Kudos
Martin_Valenta
Advisor
‎2019-11-13 02:02 AM
In response to Maik

expert commands are on clish since r80.20
Maik
Advisor
‎2019-11-13 02:32 AM
In response to Martin_Valenta

nvm thought this would be an optional package for R80.20 and fully integrated with R80.40. Thanks for the info
Maik
Advisor
‎2019-11-13 02:37 AM
In response to Maik

Cant edit my post as I receive an HTTP error when doing so.
Just found sk144112 that still mentions this feature to be manually installed for version<R80.40 https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...
But enough off topic I guess
0 Kudos
PhoneBoy
Admin
Admin
‎2019-11-13 09:59 AM
In response to Maik

Directly from R&D.
I've also heard it on a few occasions as well.
I don't think expert mode will be dropped anytime soon, however.
Maik
Advisor
‎2019-11-13 10:42 PM
In response to PhoneBoy

Thanks for your reply... interesting.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events