This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bjohnson
Participant
‎2020-03-19 01:26 PM

Display list of Smart Center users via CLI - R88.X

Version R88.X
Looking for a CLI command to display the list of SMART center users currently configured as well privilege (read, read/write).  Thank you.

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2020-03-21 11:19 PM

Probably the easiest way to do it:

mgmt_cli -r true --domain "System Data" --format json show administrators details-level full | jq -r '.objects[] | [.name, ."permissions-profile".name] | @csv '

This will show you the username and Permission Profile name in CSV format. 
This assumes the Permission Profile name is meaningful as it has a bunch of different permissions associated with it.

bjohnson
Participant
‎2020-03-23 07:58 AM
In response to PhoneBoy

The command provided works.  TYVM!!!

bjohnson
Participant
‎2020-03-27 06:34 AM
In response to PhoneBoy

Hi,

 

One follow up question.  The output appears to be truncated to 50 entries.  Can you please advise how to expand the output to exceed 50 entries?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-27 12:06 PM
In response to bjohnson

For performance reasons, the API only returns a limited number of results (50 in this case).
To get the next 50 results:

mgmt_cli -r true --domain "System Data" --format json show administrators details-level full limit 50 offset 50 | jq -r '.objects[] | [.name, ."permissions-profile".name] | @csv '

Repeat, incrementing offset by another 50, until you have all the results.
0 Kudos
tsnopek
Explorer
‎2020-04-23 03:04 AM
In response to PhoneBoy

Hello PhoneBoy,

your answer is helpful - thank you for that.

However let me please extend that question a bit.

I am wondering if there is any unified way how to extract those user from all versions of Checkpoints?

As far as I understand there are different methods used in versions 80.x and higher ... and older type 77.x

What I have found for older versions 77.x there is a solution shortly described here: http://expert-mode.blogspot.com/2011/11/checkpoint-how-to-export-list-of-vpn.html (using command: fwm dbexport -f /tmp/users_dump.xls   and then   cat /tmp/users_dump.xls)

Honestly it's a bit clumsy to work with such data since further delimitation and some polishing in Excel is needed, but still better than check it out manually in GUI.

My question is if there exists a solution to extract those users in the same way like for 80.x also for older versions.

We just simply need to extract those locally configured IDs and their privileges in order to run the outcome through a script to obtain results of periodical user access re-validation.

Your expertise can be greatly helpful!

Thank you in advance for your answer!

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-26 09:35 PM
In response to tsnopek

There is no unified way to do this between R77.x and R80.x as the management infrastructure in these versions is very different.
Also, locally defined users don't have supported API commands.
For users in known groups, you can use the script here: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/users-via-API/td-p/13578
0 Kudos
_Val_
Admin
Admin
‎2020-03-23 12:47 AM

Sorry, could not resist 🙂

Wow, how is it there in the future? Did we win against coronavirus yet? In my reality, it is still a bunch of R80.x releases in 2020. 

0 Kudos
bjohnson
Participant
‎2020-03-23 03:32 AM
In response to _Val_

😳oops, sorry for the typo. 

_Val_
Admin
Admin
‎2020-03-23 04:41 AM
In response to bjohnson

No worries, we all need a little joke one in a while, especially now 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events