This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
simonemanto
Participant
‎2020-05-29 04:24 PM

Web API when using add-group permission are set to read-only

Hello

I'm trying to realize a BASH script to automate the creation of object groups, when I perform the add-group, group is not created 'cause it's working in read-only mode.

Here follows my calls (made with cURL):

First, I login to the management server (192.168.1.202):

curl -H 'Content-Type: application/json' -X POST -d '{"user":"admin","password":"vpn123","read-only":"false"}' https://192.168.1.202/web_api/login --insecure

 

Second, I check if a specific object group exist or not

curl -H 'Content-Type: application/json' -H 'X-chkp-sid: 3lhppE2MdlMGpEOYUtUZ0Hiek2EsfXS0urk2BUttW1w' -X POST -d '{"name":"group1"}' https://192.168.1.202/web_api/show-group --insecure

 

If the object group doesn't exist I create it:

curl -H 'Content-Type: application/json' -H 'X-chkp-sid: 3lhppE2MdlMGpEOYUtUZ0Hiek2EsfXS0urk2BUttW1w' -X POST -d '{"name":"group1","color":"blue","comments":"Group1"}' https://192.168.1.202/web_api/add-group --insecure

 

This is the response when adding a group, where read-only is set to false

{
"uid" : "e5981105-9d77-496a-9863-a85c7be0e01b",
"name" : "group1",
"type" : "group",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"members" : [ ],
"groups" : [ ],
"comments" : "Group1",
"color" : "blue",
"icon" : "General/group",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1587536887663,
"iso-8601" : "2020-04-22T08:28+0200"
},
"last-modifier" : "admin",
"creation-time" : {
"posix" : 1587536887663,
"iso-8601" : "2020-04-22T08:28+0200"
},
"creator" : "admin"
},
"read-only" : true
}+ exit

 

What I'm missing?

 

Thanks

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-05-29 05:01 PM

What is the JSON output of your login attempt?
It should tell you if the login has read/write access.
Note there are a few things that block read/write access, the most common being someone has SmartDashboard open.
0 Kudos
simonemanto
Participant
‎2020-05-30 01:19 AM
In response to PhoneBoy

Hello PhoneBoy

this is the login command:

curl -H 'Content-Type: application/json' -X POST -d '{"user":"admin","password":"vpn123","read-only":"false"}' https://192.168.1.202/web_api/login --insecure

 

And this is the output:

{

  "uid" : "efee4f46-c382-4a35-9502-998744d37c0d",

  "sid" : "LQvkJy8ItVOLUzYvHr6lIN540O4MTiGw3d9urhufXbw",

  "url" : "https://192.168.1.202:443/web_api",

  "session-timeout" : 600,

  "last-login-was-at" : {

    "posix" : 1587538226636,

    "iso-8601" : "2020-04-22T08:50+0200"

  },

  "api-server-version" : "1.6"

 

Login has ben performed with SmartDashboard closed.

If I check on the SmartDashobard after executing the script, and permission are set to Read-Write for the session.

 

Thanks

0 Kudos
simonemanto
Participant
‎2020-05-30 12:34 PM
In response to simonemanto

At the end I've solved; it was my fault, I had not perform a call to publish; the new object is visible in SmartDashboard only after publishing the changes.

 

So it was a "human" issue not API issue.

 

Thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top