This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kim_Moberg
Advisor
5 hours ago

mgmt_cli validation check

Hi Check Mates,

Been working on a simple standard change which I wanted to create a simple automation task.

I have been working on this in three steps.

1) Using CMD via SmartConsole adding a Network Object and then add this to a Network Group object.  That simply worked.

I am running these the commands

 

add network name "TestObj" subnet xxx.xxx.xxx.xxx subnet-mask xxx.xxx.xxx.xxx
set group name "Proxy_Access" members.add "TestObj"

 

publish
Install policy

 

2) Working on a shell script to be executed on SMS server doing exactly the same steps above. This works too.

I have created a script name "add_object_to_group.sh" and given right to execute with "chmod 777".

Script looks like

 

#/bin/bash
clear

# ask for credentials from user
echo "Please enter your username and password"
read -p "Enter username and press [ENTER]: " USER
read -s -p "Enter password and press [ENTER]: " PASS
echo

mgmt_cli login user ${USER} password ${PASS} > id.txt

# in case of an error: print to screen the error message and abort
if [ $? -ne 0 ]; then
echo "Login command failed."
cat id.txt
exit 1
fi

# Ask for user to enter a Name of Network Object
echo
echo "Please enter a Network Object Name e.g TestObj "
read -p "Enter Network Object Name  eg. TestObj [ENTER] : " NetworkObjectName

# Ask for user to enter a Source Subnet for Network Object Name
echo
echo "Please define the Network Object Network subnet"
read -p "Enter subnet eg. 10.80.212.0 [ENTER] : " NetworkObjectSubNet

while [[ ! "$NetworkObjectSubNet" =~ '^((25[0-5]|2[0-4][0-9]|[01][0-9][0-9]|[0-9]{1,2})[.]){3}(25[0-5]|2[0-4][0-9]|[01][0-9][0-9]|[0-9]{1,2})$' ]]; do
    read -p "Not a valid IP Subnet. Re-enter: " NetworkObjectSubNet
done

read -p "Enter subnet-mask eg. 255.255.255.0 [ENTER] : " NetworkObjectSubNetMask

while [[ ! "$NetworkObjectSubNetMask" =~ '^((255)\.(0|128|192|224|240|248|252|254|255)\.(0|128|192|224|240|248|252|254|255)\.(0|128|192|224|240|248|252|254|255))$' ]]; do
    read -p "Not an Subnet Mask. Re-enter: " NetworkObjectSubNetMask
done

# Run the mgmt_cli against CP SMS Server
mgmt_cli -s id.txt add network name "${NetworkObjectName}" subnet "${NetworkObjectSubNet}" subnet-mask "${NetworkObjectSubNetMask}"
mgmt_cli -s id.txt set group name "Proxy_Access" members.add "${NetworkObjectName}"

# Publish the creation of Network Object and add it to Network Group
mgmt_cli publish -s id.txt
mgmt_cli logout -s id.txt

 

 

3) Moving script our from SMS server to be run in Linux jumphost. I haven't yet worked on this because I want to complete my above steps first.

 

I am lacking some kind of error handling in my script and I haven't been able to find any examples of being able to do so.
I know I have a validation check for login if anything goes wrong. Or can I use the same method from login validation in each of the steps?

Example of error handling would be.

1) In case Network Object Name exist.

2) in case of two objects have then same subnet in use. In SmartConsole you can have different object names with the same subnet.

3) I want to be sure that I am not trying to add a network object to a network group if it already exist etc.

 

Anyone can help me or give me a direction?

Thanks

Best Regards
Kim
0 Kudos
1 Reply
Kim_Moberg
Advisor
3 hours ago

I want to be able to do validation check when running mgmt_cli commands

mgmt_cli -s id.txt add network name "${NetworkObjectName}" subnet "${NetworkObjectSubNet}" subnet-mask "${NetworkObjectSubNetMask}"
mgmt_cli -s id.txt set group name "Proxy_Access" members.add "${NetworkObjectName}"

 

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events