This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
israelg
Explorer
Wednesday

allow ssh user to do migrate export

Hy guys,

i have management server on GCP instance and i want to be able to connect user by SSH with RSA and give him the ability to do migrate export.

i created a user with uid 103 and RSA but user with uid 103 don't have permission to do "migrate"

how can i give permission to a user to do only migrate and maybe some more couple of thing?

israel 

0 Kudos
7 Replies
_Val_
Admin
Admin
Wednesday

You need a user with full admin permissions

0 Kudos
Don_Paterson
Advisor
Advisor
Wednesday

Try UID 0

What about a scheduled backup that copies the file off box (ssh/scp)?

That has a database dump and may be part of a workable solution. 

0 Kudos
Don_Paterson
Advisor
Advisor
Wednesday
In response to Don_Paterson

UID 0 gives root access, which is risky but good for a test. 

You can add 'extended' commands to clish. Thats something you could try too. 

Otherwise you'll need to get elements of the admin Role features allowed into a custom Role that you create in Gaia. 

 

Here are some resources you can look at. 

https://support.checkpoint.com/results/sk/sk88981

https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_gaia_adminguide/content/topi...

 

 

https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_gaia_adminguide/content/topi...

 

0 Kudos
Don_Paterson
Advisor
Advisor
Wednesday
In response to Don_Paterson

You could also look into the Management API 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#clish/export-management~v2%20

 

0 Kudos
israelg
Explorer
Wednesday
In response to Don_Paterson

i tried UID 0 but when i did it i couldn't use the RSA Key that i made for that user. 

we are using some backup application for all of our instances and we want to work in the same way for all of our systems.

 

 

0 Kudos
_Val_
Admin
Admin
Wednesday
In response to israelg

This is some new information. Backup can be scheduled through WebUI or CLI and just sent to an external location. Did you consider this option? In this case, you do not need a third party application to connect to your security devices

0 Kudos
Don_Paterson
Advisor
Advisor
Wednesday
In response to israelg

Maybe you can give us a bit more background (error messages, shells used (CLISH or BASH)) and the primary objectives.

In other words, is the objective to capture the SMS (or MDS) database only (migrate_server export) or is it to capture a DR image (for example)..

Gaia Snapshots can also be scheduled.

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Gaia_AdminGuide/Content/Topi...

 

Is it reasonable to expect to achieve the objective of single central backup solution working in one way, for all vendors in focus?

 

Can S3 be part of the solution?

sk117581 - Accessing S3 objects from Check Point instances running in AWS

 

Is this a valid option for you?

https://community.checkpoint.com/t5/Security-Gateways/SSH-authentication-using-RSA-for-uid-0/m-p/800... 

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events