This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
S_E_
Advisor
‎2022-12-05 05:53 AM
Jump to solution

R81.20 Grub password

Hi

after upgrade of a smart-1 appliance from R81.10 to R81.20 following appeared.

Warning! Grub default password hasn't been changed. Sign in to clish and use 'set grub2-password' to change it.
Breaking News: HCP version updated! To see an overview of your machine health, run 'hcp -r all'. For further information please see sk171436

Seems to be new that there is now a need to setup a grub-password. Could not see any details in R81.20 admin guide.

Regards

 

[Expert@SMS:0]# hcp -v
HCP Take: 58
HCP RPM Build: hcp-1-592021.i386

[Expert@fSMS:0]# cpstat mg

Product Name: Check Point Security Management Server
Major version: 6
Minor version: 0
Build number: 997000440
Is started: 1
Active status: active

 

 

 

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend
Legend
‎2022-12-05 06:26 AM
Jump to solution

I have upgraded my ESX VMs from R81.10 to R81.20 and had the same warning both on SMS and GW !

Reason: See R81.20 (Titan) Release Notes: Software Changes

This section describes behavior changes from previous versions.

Gaia - The password for the Gaia GRUB (boot loader - maintenance mode) is a dedicated password (separated from the Expert mode password). You can configure the Gaia GRUB password during the Gaia First Time Configuration Wizard, or after the Gaia installation.

--> This is a new feature as the former expert pass also was the grub / maintenance mode PW...

CCSE CCTE CCSM SMB Specialist

View solution in original post

sharonab
Employee
Employee
‎2022-12-05 08:34 AM
In response to S_E_
Jump to solution

More info can be found in admin guide :

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Gaia_AdminGuide/Content/Topi... 

 

if grub password has not been set post upgrade ,we recommend it is set post upgrade , via the clish/webui tools .

View solution in original post

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2022-12-05 05:57 AM
Jump to solution

Hm, thats very odd, because I updated my R81.10 lab, though it was VM only, not smart-1, but never noticed that at all. Hope someone from CP can comment. Also did brand new R81.10 lab (mgmt + single gateway) and never seen it there either.

Andy

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-05 06:26 AM
Jump to solution

I have upgraded my ESX VMs from R81.10 to R81.20 and had the same warning both on SMS and GW !

Reason: See R81.20 (Titan) Release Notes: Software Changes

This section describes behavior changes from previous versions.

Gaia - The password for the Gaia GRUB (boot loader - maintenance mode) is a dedicated password (separated from the Expert mode password). You can configure the Gaia GRUB password during the Gaia First Time Configuration Wizard, or after the Gaia installation.

--> This is a new feature as the former expert pass also was the grub / maintenance mode PW...

CCSE CCTE CCSM SMB Specialist
the_rock
Legend
Legend
‎2022-12-05 06:33 AM
In response to G_W_Albrecht
Jump to solution

Thats weird then why I never got that when I upgraded my VM...unless it happens ONLY when you upgrade physical appliance?

0 Kudos
S_E_
Advisor
‎2022-12-05 06:38 AM
In response to G_W_Albrecht
Jump to solution

ok, so 'can' sounds like optional and not mandatory.

Thanks,

Regards

0 Kudos
sharonab
Employee
Employee
‎2022-12-05 08:34 AM
In response to S_E_
Jump to solution

More info can be found in admin guide :

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Gaia_AdminGuide/Content/Topi... 

 

if grub password has not been set post upgrade ,we recommend it is set post upgrade , via the clish/webui tools .

0 Kudos
G_W_Albrecht
Legend
Legend
‎2022-12-06 12:46 AM
In response to S_E_
Jump to solution

This is a new level of security, now you have:

  • user PW for clish
  • expert PW for bash
  • grub PW for maintenance mode

It does make sense to differentiate here, but you can use the same PW for all if you want (less hassle for Lab deployments)

CCSE CCTE CCSM SMB Specialist