Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Danilo_Molini
Explorer

Manually modified files

Hi all,

If I remember correctly, there was a SK with all the files that should be manually backup in case of upgrades as they would have been overwritten during the upgrade or export / import procedura on a new management, but I'm not able to find it anymore.

For example I mean crypt.def, user.def, implied_rule.def, table.def etc etc.

Someone remember this sk or some link with the information above?

Danilo

6 Replies
PhoneBoy
Admin
Admin

What I'd do is look at the output of ls -lrt $FWDIR/lib/*.def.

A whole bunch of the files will have similar date/timestamps.

The ones at the bottom of that list may have been modified and may be worth backing up.

If you manage gateways of an earlier version, you may have modified .def files in various backward compatibility packages also.

On gateways, a commonly modified file is $FWDIR/boot/modules/fwkern.conf

In general, anytime you manually modify one of these files, you should document it for future use.

0 Kudos
Norbert_Bohusch
Advisor

I always save original file as copy with some ending like .orig or .bak and by looking for those files I know I have altered the original one and can even do a diff to see my changes. 

0 Kudos
RickHoppe
Advisor

To be totally in control you should document every change you’ve manually made to files, just like Dameon Welch-Abernathy already said. But unfortunatly you probably are not the only one working on that firewall.


I was working on a script that allows you to copy a lot of known files that could have been changed. Afterwards you run it again to see if there are differences between the original files and the new ones.

I might post it to Check Mates sometime. But best practice will be to just document it and “friendly” remind your colleagues that don’t .

My blog: https://checkpoint.engineer
0 Kudos
xman03
Participant

@RickHoppe any chance you have this script? I just realized in a migration that I'm doing someone has customized several of the different table.def files residing on MDS, and I'll need to move/inspect all 56 instances of them.

0 Kudos
RickHoppe
Advisor

Unfortunately I haven’t been able to work on that script for a long time. I wasn’t expecting that when I posted a reply on this topic. The script is not ready for publishing and at this time it is merely focussed on Security Gateways.

Please take sk98339 in mind when migrating MDS to a new version as the location of your table.def files might change.

Also have a look at sk98239 for the naming convention of user.def when migrating MDS to a new version as this might change too.

In case you are migrating to R80.30  both SK’s are not updated for R80.30 yet. I’ve submitted feedback on those SK’s for updating them to include R80.30 instructions.

 

My blog: https://checkpoint.engineer
0 Kudos
xman03
Participant

Gotcha, figured it was worth asking 😊 For my instance I ended up using a find command and piping it to tar to keep the structure intact, so I'll be able to simply untar on the new box after the migrate export/import. Thanks anyways!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events