Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

ccc - Common Check Point Commands

Danny
Champion Champion
Champion

🏆 Code Hub Contribution of the Year 2018!
🎓 Featured in official Maestro courseware!
👍 Endorsed by Check Point Support!
📕 Books: Max Power, FW Admin
▶️ YouTube: Intro

ccc script to run CLI tasks & show system info.

Installation


    curl_cli $(if [[ `grep proxy:ip /config/active` ]];then echo -n '--proxy ';grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n';echo -n :;grep proxy:port /config/active|cut -f2 -d' ';fi) -k https://dannyjung.de/ccc|zc
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(2)
244 Replies

Siva_R
Explorer

Thanks for the reply.. Its required many times during troubleshooting... Hopefully someone will share the command...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Timothy_Hall
Champion
Champion

I looked into this when researching the second edition of my book, and there is simply no way to disable APCL/URLF "on the fly" for a security gateway without unchecking those features on the firewall object and reinstalling policy.  As to why, my guess is that APCL/URLF policy enforcement is a bit too tightly intertwined with Stateful Inspection and the other key firewall operations.  IPS/TP is more separated though, and can be disabled on the fly with the ips off and fw amw unload comma

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Kaloyan_Metodie
Participant

Hi and thank you for all the effort Smiley Happy Nicely done! 

I've found a syntax error in FIREWALL TROUBLESHOOTING -> CheckPoint Appliance -> show sysenv all 

Command is:  clish -c "show sysenv all | more" and ends with error: Invalid command:'show sysenv all | more'.

I think command should be: clish -c "show sysenv all" | more

Best regards Smiley Happy 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Fixed in version 3.5

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Martin_Heim
Participant

Hi Danny

There is a non ASCII Character in the ccc Skript. line 58:

TIME=`cpstat fw | grep "Install time" | awk '{print $4" "$5" "$7" ´"$6}' | cut -d':' -f1,2`; echo -n .

Between the $7 and the $6. Can you please remove it?

Thanks and best regards
Martin

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Fixed in version 3.6

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Hans_Hartung
Participant
Participant

How about adding (as per sk62873)

cpca_client lscert -kind SIC

... to view all SIC certificates?

Maybe even limited to list those with expiration e.g. +/- 90 days.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

JozkoMrkvicka
Mentor
Mentor

What about to check if LOM is available and in case yes, what is the version ? Compare the installed version with the latest LOM firmware map and inform user that it would be good idea to upgrade LOM. This check would be better available within Healthcheck script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Eduardo_Velazqu
Explorer

What a great job.

Thanks a lot!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Guido_Pastorino
Participant

Great!

Thanks

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

That's already integrated, see: cpca_client lscert | grep -A 2 cp_mgmt

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Hans_Hartung
Participant
Participant

Thanks; I'll check it out 🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Attiq_Rahman
Explorer

Thank you Danny for such a great work.

is it possible to have a Custom commands section where users can easily add most used commands so they can easily access those commands which are used almost everyday in that particular environment.

I know I might be asking too much but it would be great if people can add their custom commands in one section, by following simple instructions editing the script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

That's a great idea. The most practical way to organize and run custom commands would probably be the first version of this script.

Just compare version 1 vs. version 2 to see the first version with the basic commands include. It allows for easy modification and customization

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Attiq_Rahman
Explorer

Thanks Danny for your prompt response. the above hyperlink did not work as It says I am not authorised. any other place I can get hold of older version please?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion
#!/bin/bash

echo "## Custom Check Point commands ##"
echo "1: cat /etc/cp-release - Show Check Point version"
echo "2: cplic print -x - Show installed CP licenses"
echo "3: df -h - Show available disk space"
echo ""
echo -en "Select a command: "

read i; case $i in
  1) cat /etc/cp-release ;;
  2) cplic print -x ;;
  3) df -h ;;
  *) exit 0
esac
exit 0
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Attiq_Rahman
Explorer

Thanks a lot

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Attiq_Rahman
Explorer

Hi Danny,

is version 3.9 live now?

I still see  v3.8 in the script on below URL

http://dannyjung.de/ccc_v3.9.gz

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Thanks, I just fixed it.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Attiq_Rahman
Explorer

Ok Thanks for that. So the script will ask the user if he wants to update?

also what other user control options have been added please?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion
Correct. For better security and user control all available updates can now be reviewed and installed manually. No auto-update anymore. Other controls added are listed in the changelog above. ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Joselito_Javier
Explorer

Does this need to be installed on all CP nodes, or can it exist on the management server, and use to connect to the managed nodes?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Currently it's intended to install the script on each CP system.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend
Legend

I just have found out that using GAiA WebGUI Terminal window or Dashboard > Actions > Open Shell..., ccc navigation will not work - cursor moves one line down, then no more.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Exactly. Therefore the alternative t,f,g,h navigation was implemented. 😉

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend
Legend

Ah, everyday is a day to learn something new 😉

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

G_W_Albrecht
Legend
Legend

RFE: in FW Management + GW, we can find

# cpvinfo /opt/CPda/bin/DAService | grep Build

Build Number = 1671

But why not use the full command from sk92449 instead ?

# cpvinfo $DADIR/bin/DAService | grep -E "Build|Minor"

Build Number = 1671
Minor Release = megatron_ms1

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Improved in version 4.2

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

G_W_Albrecht
Legend
Legend

Very nice nu version !  But:

System Firewall Management (with Smart Event)
Type VMware Virtual Platform
Status during initialization
OS Gaia R80.20 JHF (Take 73) @ 64-bit
CPU 2 Cores | Load 8.45%
RAM 18 GB (Free: 11 GB) | Swapping 0 GB
Core dumps - | Crash dumps: -
Disk use / 19390744% | /var/log/ 6555932%

# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current 38G 18G 19G 48% /
/dev/sda1 289M 24M 251M 9% /boot
tmpfs 8.8G 4.0K 8.8G 1% /dev/shm
/dev/mapper/vg_splat-lv_

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Fixed in version 4.3

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos