cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Danny
Pearl

Common Check Point Commands (ccc)

image.png ccc is an interactive script to run common Check Point CLI tasks without having to crawl for cheat sheets, bookmarks, manuals or admin guides. GPL licensed.

Installation (expert mode) or download:

curl_cli http://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc


ccc.png

Spoiler

Changelog

  • 0.1 - Initial Release - Inspired by Moti Sagey's  Top 3 Check Point CLI commands thread
  • 0.2 - Added more commands
  • 0.3 - Interactive Mode added by Marko Keca
  • 0.4 - Added more commands, removed a bug with the 'View all commands' option, Interface Cleanups
  • 0.5 - Added advanced interface summary developed in this thread
  • 0.6 - Implemented enhancements as suggested by Günther W. Albrecht and Martin Heim, added SIC status check for gateways, general code cleanup
  • 0.7 - Added more Security Management commands and CPU + memory statistics
  • 0.8 - Added IPS/Threat Prevention 'Panic Button' as described in this presentation by Timothy Hall and a command suggested by Maarten Sjouw‌ plus more MDS/VSX commands
  • 0.9 - Implemented enhancements as suggested by Mikael Johnsson‌ and Sven Glock‌, added commands to enable/disable SecureXL
  • 1.0 - Colors added for better user experience, dropping for out-of-state packets can now be turned on/off thanks to Dameon Welch Abernathy's thread, IPS Update Time is now shown on R80.x systems thanks to Jerom van den Hoek's thread and many other little adjustments to make this a real 1.x release
  • 1.1 - Added system info to Main Menu (props to: Rosemarie Rodriguez & Nathan Davieau for their Healthcheck script), started a Threat Emulation & Extraction section, improved command coloring
  • 1.2 - Enhanced system info as suggested by Martin Heim, improved system information for cluster status
  • 1.3 - Code improvements, replaced several sed with faster tr and cut commands, added more cluster info to Main Menu, corrected checking routines as suggested by Günther W. Albrecht
  • 1.4 - Added Identity Awareness commands, ability to check the postfix email queue (sk114034), MDS additions as suggested by Maarten Sjouw‌ and output optimizations as suggested by Sven Glock
  • 1.5 - Changed interactive mode to support arrow keys for navigation, added usage information, general performance improvements via Bash's builtin parameter substitution, various fixes
  • 1.6 - Added self-update functionality as requested by Vladimir Yakovlev in this thread, implemented more tests to avoid calls to non-existing ressources as mentioned by Günther W. Albrecht
  • 1.7 - Fixed a nasty bug discovered by Aleksei Shelepov and  Günther W. Albrecht
  • 1.8 - Added commands to start/stop the ICA Management Tool, fixed a typo discovered by Ty King 
  • 1.9 - Added cpconfig and mdsconfig utilities, added ipassignment.conf integrity check, improved Multi-Core Performance Tuning commands
  • 2.0 - Improved detection for supported OS as suggested by cciesec2006 at CPUG, added commands for CoreXL Dynamic Dispatcher and Firewall Priority Queue handling
  • 2.1 - Added more details to system info (memory, CPU cores, CoreXL & SecureXL statistics), added migrate export command to Firewall Management section, improved several checks
  • 2.2 - Fixed Firewall Management commands as suggested by Günther W. Albrecht
  • 2.3 - Added more commands for mail handling tasks within Check Point Threat Emulation & code optimization as suggested by Maciej Maczka
  • 2.4 - Added Threat Extraction Bypass commands as suggested by Niels van Sluis, added command to show calculated interface topology for easier address spoofing troubleshooting, general code and interface cleanup
  • 2.5 - Added command to check the LOM of Check Point Appliances, improved Address Spoofing commands as suggested Norbert Bohusch
  • 2.6 - Improved system information as suggested by Michael Asher, added VPN routing information as developed in Heiko Ankenbrand's thread
  • 2.7 - Added IA command as suggested by Hans Hartung. Introduced a QoS Troubleshooting section and several code improvements as suggested by Alexander Wilke
  • 2.8 - Improved system info (new: SMT, CPU Load, Multi-Queue Interfaces and Dynamic Dispatcher), added more performance tuning commands, minor script code fixes
  • 2.9 - Added more system info (new: Policy, Blades), improved check for number of Multi-Queue interfaces, added Postfix queue message distribution commands as suggested by Benoit Verove
  • 3.0 - Improved script starting time, added status dots to script starting routine, added Jumbo Hotfix take number and free RAM to system info
  • 3.1 - Added performance troubleshooting commands (sar, iotop etc.), added check for licensed cores and OS edition to system info, fixed a parameter gone in R80.20 as mentioned by Günther W. Albrecht
  • 3.2 - Added more details to system info as suggested by Rolf Peeters and Jozko Mrkvicka, improved script code, added user confirmation before executing commands
  • 3.3 - Added Endpoint Management support, improved check for number of permitted cores as discussed in this thread
  • 3.4 - Added more warning markup to system info, added core & crash dump checks, added commands to view and edit the malware policy on Threat Prevention gateways
  • 3.5 - Fixed a syntax error spotted by Kaloyan Metodiev, improved crash dump location check, added max power script command
  • 3.6 - Replaced a Non-Standard ASCII character spotted by Martin Heim, added red warning label to SecureXL and CoreXL when disabled, minor code improvements
  • 3.7 - Added Tim Hall's "Super Seven" performance assessment commands from this TechTalk session
  • 3.8 - Added more commands to MDS Troubleshooting, fixed Multi-Domain Server OS string handling, improved error handling
  • 3.9 - Revised the self-update mechanism to support user control, added more commands to Firewall Management and MDS Troubleshooting, minor code fixes
  • 4.0 - Added support for t, f, g, h keys (when arrow keys don't work) as suggested by Vladimir Yakovlev
  • 4.1 - Added blade update status, added Management server status as discussed in this thread, revised command to show VPN routes as suggested by Alibi in this post, added firewall inspection, address spoofing and IPS mode checks, added Geo Policy check as suggested in Tim Hall's presentation
  • 4.2 - Added disk usage check, fixed CoreXL check, grouped VPN routes by peer, improved cpvinfo syntax as suggested by Günther W. Albrecht
  • 4.3 - Added API status and version to menu info, added check for Any host access, added commands for CPUSE Deployment Agent handling, fixed syntax for disk usage check
  • 4.4 - Added more VPN commands, added Geo Policy One-liner from this thread, added VSX-capabilities as requested by Kaspars Zibarts in this thread, added checks for NTP sync status, SNMP version and GUI clients, added info for dynamic objects, general code improvements

Planned

  • Advanced checks for Sync interface
  • MDS Support for easy +/- navigation between mdsenv's
  • SMB appliance support
  • Secure self-update routine
  • GAiA cleanup tasks ($CPDIR/tmp/ cleanups, log compression etc.)

 

175 Replies
Admin
Admin

Re: Common Check Point Commands (ccc)

You sir are awesome!!

MK9
Iron

Re: Common Check Point Commands (ccc)

+1

Thank you!

Marko_Keca
Nickel

Re: Common Check Point Commands (ccc)

Great job!

Here is a little bit improved code (added hierarchy and some interactivity).

Dropbox - ccc 

Regards,

--

Marko

0 Kudos
Admin
Admin

Re: Common Check Point Commands (ccc)

Thx, can u post in code-hub 

0 Kudos
Danny
Pearl

Re: Common Check Point Commands (ccc)

I moved this thread to the Code Hub and added https://community.checkpoint.com/people/marko580be9dd-a859-4a24-99a3-0d94c35e4225‌'s Interactive Mode to this ccc script. I corrected/removed an issue with the 'view all commands' option, cleaned the interactive interface, added more commands and therefore raised the version level to 0.4. Thanks everyone for all the interest and support within this project!

Re: Common Check Point Commands (ccc)

Hello Danny,

Thanks for this great work,a short 10 minute tutorial video on this will be aslo add great taste to it.

Thanks and Regards.

Re: Common Check Point Commands (ccc)

That is really very helpfull! Just one line i have found that i do not understand:
9) fwm stat

This gives:


Usage:
fwm ver [-f] ...                                 # Display version
fwm load [opts] [filter-file|rule-base] targets  # Install Policy on targets
fwm unload [opts] targets                        # Uninstall targets
fwm dbload [targets]                             # Download the database
fwm logexport [-h] ...                           # Export log to ascii file
fwm gen [-RouterType [-import]] rule-base        # Generate an inspection
                                                 # script or a router access-list
fwm dbexport [-h] ...                            # Export the database
fwm ikecrypt <key> <password>                    # Crypt a secret with a key
                                                 # (for the dbexport command)
fwm dbimport [-h] ...                            # Import to database
fwm kill [-sig_no] procname                      # Kill firewall process
fwm getpcap ...                                  # Fetch packet capture from gateway

Looks like there is no fwm stat like there is fw stat... I have replaced the line with

fwm ver

😉

Re: Common Check Point Commands (ccc)

I now saw thet here, the installed_jumbo_take CLI command is used - this did work before, but see sk98028:

Re: Common Check Point Commands (ccc)

The script is great.

I added a little improvement for the command #23: fw fetch mgmt.

if you do not want the name of the management to be hardcoded for each gateway:

read in the name of the management with
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }')

command#23:
fw fetch $MGMT

Best regards
Martin

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 0.6

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 0.6

Re: Common Check Point Commands (ccc)

I have a nice ClusterXL debug command:

clish -c "show routed cluster-state detailed"

It shows the gateway change time.

Re: Common Check Point Commands (ccc)

Another useful command in this list would be 

fw ctl arp

which will show all proxy arp's and active local.arp entries.

Regards, Maarten
0 Kudos
Danny
Pearl

Re: Common Check Point Commands (ccc)

This command is already implemented.

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 0.8

Re: Common Check Point Commands (ccc)

Hi, 

Great idea but place add it as fw ctl arp -n

to avoid dns-lookups.

Cheers

Mikael

0 Kudos
Sven_Glock
Silver

Re: Common Check Point Commands (ccc)

Thanks Danny - nice script.

Improvement suggestion:

When the selected command shows lots of output you have to scroll up for checking the possibilities of your actual branch of the menu tree.

Prompting the menu again directly after the output will need you scrolling up for your requested output.

What about offering a short menu after a output - just one row?

Something like: ? Show actual Menu | 0: Main menu | q: EXIT

Cheers

Sven

Re: Common Check Point Commands (ccc)

I have adjusted the commands, so that only the physical interface is visible and not the Bond's anymore.

 ifconfig -a | grep encap | awk '{print $1}' | grep -v lo | grep -v bond | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'ethtool %; ethtool -i %' | grep '^driver\|Speed\|Duplex\|Setting' | sed "s/^/ /g" | tr -d "\t" | tr -d "\n" | sed "s/Settings for/\nSettings for/g" | awk '{print $5 " "$7 "\t " $9 "\t" $3}' | grep -v "Unknown"

Regards

Heiko

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 0.9

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 0.9

Danny
Pearl

Re: Common Check Point Commands (ccc)

Did you read our comments in this thread? We are not relying on ifconfig for the reason that it doesn't show any disabled interfaces.

Sven_Glock
Silver

Re: Common Check Point Commands (ccc)

Hi Danny,

thanks for adding parts of my improvements.

To be shure that you exactly know what I mean I added my idea to your code.

Just replace the relevant parts and you will see what I wanted to say.

# Variables
j=0;
i=0;
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }');
INST=$(if hash installed_jumbo_take 2>/dev/null; then echo installed_jumbo_take; fi);

q)
exit 0
;;
esac
echo
case $i in
''|*[!1-9]*) echo "0: MAIN MENU"; echo "q: QUIT";j=$i;;
*) echo "------------------------------------------------"; echo "?: Show actual menu | 0: MAIN MENU | q: QUIT";;
esac
echo

echo -en "Enter a command : "
read i
if [ $i == ? ]; then
i=$j
fi
echo
done
exit 0

I am not a programmer, but it's working 

Cheers

Sven

0 Kudos
Sven_Glock
Silver

Re: Common Check Point Commands (ccc)

A GIT implementation into GAIA would be very helpful! 

0 Kudos
Sven_Glock
Silver

Re: Common Check Point Commands (ccc)

For some commands like

19) netstat -atun

 I think it would be better to add a "| more"

So the output can be read page by page.

Sven_Glock
Silver

Re: Common Check Point Commands (ccc)

Some of the ccc I often use with "watch" to see what's goining on.

I played around with your code and implemented a function which enables you to add "watch" to some commands.

In my latest version it's only working with simple commands and need to be improved for more complex ones.

Is it worth sharing or isn't part or the scope?

0 Kudos
Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 1.0

Danny
Pearl

Re: Common Check Point Commands (ccc)

Implemented in version 1.0

Danny
Pearl

Re: Common Check Point Commands (ccc)

We always love to learn and improve. Just share your ideas and examples with us.

Re: Common Check Point Commands (ccc)

Hi there, I don't see an actual download for the script, can I just save the text in notepad and save it as ccc.sh, move it to my gateway and execute it by ./ccc.sh?

Thanks in advance and excellent job on the script and great collaboration between everyone!

0 Kudos