Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lisa11
Explorer

Python Pexpect and Check Point Gaia Expert Mode

I administer a few Check Point Firewalls at work that run on the Gaia operating system. Gaia is a hardened, purpose-built Linux OS using the 2.6 kernel.

I am a novice at Python and I need to write a script that will enter "expert mode" from the clish shell. Entering expert mode is similar to invoking su as it gives you root privileges in the BASH shell. Clish is a Cisco like custom shell made to ease OS configuration changes.

I saw a similar discussion at pexpect and ssh: how to format a string of commands after su - root -c, but people responding recommended sudo. This is not an option for me as sudo is not supported by the OS and if you were to install it, clish would not recognize the command.

The goal of my script would be to SSH to the device, login, invoke expert mode, then run grep admin /etc/passwd and date. Again, sudo is not an option.

0 Kudos
3 Replies
Nick_Doropoulos
Advisor

Hi Lisa,

Thank you for raising this query.

Personally, I don't think there is a need for a script here as it's way easier by carrying out the instructions below:

1) Navigate to the firewall's expert mode and type chsh -s /bin/bash admin

The above command should put you in expert mode upon the next login.

2) Then, to display the output of certain commands upon login, you will need to edit the .bashrc file inside the /home/admin directory. Once inside the said directory:

vi .bashrc

Press Shift + G to go to the bottom of the file followed by 'o' to start editing the file.

Next type the commands that you want.

grep admin /etc/passwd
date

Have a look at this screenshot as well if needed:

Editing the bashrc file.PNG

3) Finally, press Escape followed by :wq to save the changes. The end result can be seen below next time you login:

 

End Result.PNG

4) Repeat the same process on every other firewall.

Since you said that you administer only a few firewalls I believe that would suffice.

I hope this helps.

0 Kudos
Lisa11
Explorer


@Nick_Doropoulos wrote:

Hi Lisa,

Thank you for raising this query.

Personally, I don't think there is a need for a script here as it's way easier by carrying out the instructions below:

1) Navigate to the firewall's expert mode and type chsh -s /bin/bash admin

The above command should put you in expert mode upon the next login.

2) Then, to display the output of certain commands upon login, you will need to edit the .bashrc file inside the /home/admin directory. Once inside the said directory:

vi .bashrc

Press Shift + G to go to the bottom of the file followed by 'o' to start editing the file.

Next type the commands that you want.

grep admin /etc/passwd diebestetest
date

Have a look at this screenshot as well if needed:

Editing the bashrc file.PNG

3) Finally, press Escape followed by :wq to save the changes. The end result can be seen below next time you login:

 

End Result.PNG

4) Repeat the same process on every other firewall.

Since you said that you administer only a few firewalls I believe that would suffice.

I hope this helps.


Happy to help! Thanks for leaving a comment.

0 Kudos
PhoneBoy
Admin
Admin

Note that we do not support the use of expect.
If it is absolutely required please work with your local office to put in an RFE.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events