Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Pearl

Common Check Point Commands (ccc)

🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!

ccc_logo.png ccc is a menu-driven script to run Check Point CLI tasks and show advanced system summary information.
License: GPL

Installation (expert mode) or download:
curl_cli -k https://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc

ccc.pngccc_cpx2020.png

221 Replies
Highlighted
Ivory

Thanks for the reply.. Its required many times during troubleshooting... Hopefully someone will share the command...

0 Kudos
Highlighted

I looked into this when researching the second edition of my book, and there is simply no way to disable APCL/URLF "on the fly" for a security gateway without unchecking those features on the firewall object and reinstalling policy.  As to why, my guess is that APCL/URLF policy enforcement is a bit too tightly intertwined with Stateful Inspection and the other key firewall operations.  IPS/TP is more separated though, and can be disabled on the fly with the ips off and fw amw unload commands as detailed in my CPX360 presentation here:

Best of CheckMates CLI 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted

Hi and thank you for all the effort Smiley Happy Nicely done! 

I've found a syntax error in FIREWALL TROUBLESHOOTING -> CheckPoint Appliance -> show sysenv all 

Command is:  clish -c "show sysenv all | more" and ends with error: Invalid command:'show sysenv all | more'.

I think command should be: clish -c "show sysenv all" | more

Best regards Smiley Happy 

Highlighted
Pearl

Fixed in version 3.5

Highlighted

Hi Danny

There is a non ASCII Character in the ccc Skript. line 58:

TIME=`cpstat fw | grep "Install time" | awk '{print $4" "$5" "$7" ´"$6}' | cut -d':' -f1,2`; echo -n .

Between the $7 and the $6. Can you please remove it?

Thanks and best regards
Martin

Highlighted
Pearl

Fixed in version 3.6

Highlighted

How about adding (as per sk62873)

cpca_client lscert -kind SIC

... to view all SIC certificates?

Maybe even limited to list those with expiration e.g. +/- 90 days.

0 Kudos
Highlighted
Platinum

What about to check if LOM is available and in case yes, what is the version ? Compare the installed version with the latest LOM firmware map and inform user that it would be good idea to upgrade LOM. This check would be better available within Healthcheck script.

Kind regards,
Jozko Mrkvicka
Highlighted

What a great job.

Thanks a lot!

0 Kudos
Highlighted

Great!

Thanks

0 Kudos
Highlighted
Pearl

That's already integrated, see: cpca_client lscert | grep -A 2 cp_mgmt

Highlighted

Thanks; I'll check it out 🙂

0 Kudos
Highlighted

Thank you Danny for such a great work.

is it possible to have a Custom commands section where users can easily add most used commands so they can easily access those commands which are used almost everyday in that particular environment.

I know I might be asking too much but it would be great if people can add their custom commands in one section, by following simple instructions editing the script.

0 Kudos
Highlighted
Pearl

That's a great idea. The most practical way to organize and run custom commands would probably be the first version of this script.

Just compare version 1 vs. version 2 to see the first version with the basic commands include. It allows for easy modification and customization

Highlighted

Thanks Danny for your prompt response. the above hyperlink did not work as It says I am not authorised. any other place I can get hold of older version please?

0 Kudos
Highlighted
Pearl

#!/bin/bash

echo "## Custom Check Point commands ##"
echo "1: cat /etc/cp-release - Show Check Point version"
echo "2: cplic print -x - Show installed CP licenses"
echo "3: df -h - Show available disk space"
echo ""
echo -en "Select a command: "

read i; case $i in
  1) cat /etc/cp-release ;;
  2) cplic print -x ;;
  3) df -h ;;
  *) exit 0
esac
exit 0
Highlighted

Thanks a lot

0 Kudos
Highlighted

Hi Danny,

is version 3.9 live now?

I still see  v3.8 in the script on below URL

http://dannyjung.de/ccc_v3.9.gz

0 Kudos
Highlighted
Pearl

Thanks, I just fixed it.

Highlighted

Ok Thanks for that. So the script will ask the user if he wants to update?

also what other user control options have been added please?

0 Kudos
Highlighted
Pearl

Correct. For better security and user control all available updates can now be reviewed and installed manually. No auto-update anymore. Other controls added are listed in the changelog above.
Highlighted

Does this need to be installed on all CP nodes, or can it exist on the management server, and use to connect to the managed nodes?

0 Kudos
Pearl

Currently it's intended to install the script on each CP system.

Highlighted
Sapphire

I just have found out that using GAiA WebGUI Terminal window or Dashboard > Actions > Open Shell..., ccc navigation will not work - cursor moves one line down, then no more.

0 Kudos
Highlighted
Pearl

Exactly. Therefore the alternative t,f,g,h navigation was implemented.😉

Highlighted
Sapphire

Ah, everyday is a day to learn something new 😉

0 Kudos
Highlighted
Sapphire

RFE: in FW Management + GW, we can find

# cpvinfo /opt/CPda/bin/DAService | grep Build

Build Number = 1671

But why not use the full command from sk92449 instead ?

# cpvinfo $DADIR/bin/DAService | grep -E "Build|Minor"

Build Number = 1671
Minor Release = megatron_ms1

0 Kudos
Highlighted
Pearl

Improved in version 4.2

0 Kudos
Highlighted
Sapphire

Very nice nu version !  But:

System Firewall Management (with Smart Event)
Type VMware Virtual Platform
Status during initialization
OS Gaia R80.20 JHF (Take 73) @ 64-bit
CPU 2 Cores | Load 8.45%
RAM 18 GB (Free: 11 GB) | Swapping 0 GB
Core dumps - | Crash dumps: -
Disk use / 19390744% | /var/log/ 6555932%

# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current 38G 18G 19G 48% /
/dev/sda1 289M 24M 251M 9% /boot
tmpfs 8.8G 4.0K 8.8G 1% /dev/shm
/dev/mapper/vg_splat-lv_log 25G 17G 6.3G 73% /var/log

0 Kudos
Highlighted
Pearl

Fixed in version 4.3

0 Kudos