This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Niek-Vlessert
Participant
‎2019-02-02 12:31 PM

Checkpoint and the Linux kernel

Hello all,

I was wondering if someone can point me to some article about the way Checkpoint uses the Linux kernel. Kernel 3.10 is presented as something new, however it was released in june 2013 and declared EOL in 2017, no patches for security vulnerabilities are created anymore by the kernel community. I expect Checkpoint modifies the code heavily, but still, vulnerabilities are detected all the time, and how do they keep up with reality?

Regards

3 Replies
PhoneBoy
Admin
Admin
‎2019-02-02 05:29 PM

The kernel we use in Gaia comes with different versions of Red Hat Enterprise Linux.

  • The 2.6.18 kernel comes with RHEL 5 and is still receiving extended support from Red Hat.
  • The 3.10 kernel comes with RHEL 7 and is in production support from Red Hat.

This is obviously a different level of support from the what the Linux kernel team delivers.

Bottom line: the kernels, while older, are fully supported.

It's a lot easier to keep up with potential security vulnerabilities on a stripped-down, hardened OS.

Most of the modifications we make to the kernel and userspace packages are with this in mind.

HeikoAnkenbrand
Champion Champion
Champion
‎2019-02-03 10:44 AM
In response to PhoneBoy

At this time the following kernel available for Open Server:

3.10 kernel for HP DL 360/380 G10 >>>  At this time only G10 server suppots kernel 3.10 for gateways. As I understood it, more Open Servers should follow with R80.20 in the near future.

2.6.18 kernel for all other Open Server in HCL 

More see here: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/r802... 

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Timothy_Hall
Legend Legend
Legend
‎2019-02-04 05:16 AM
In response to HeikoAnkenbrand

It should also be noted that the new Smart-1 525, 5050, and 5150 boxes require the use of the 3.10 kernel due to their hardware.  However if you still want to run R80.10 on them there is a special backported version of R80.10 that uses the 3.10 kernel here:

sk120453: Smart-1 525 , 5050 and 5150

--

CheckMates Break Out Sessions Speaker

CPX 2019 Las Vegas & Vienna - Tuesday@13:30

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top