This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mbaerwolff
Participant
‎2024-05-13 07:12 AM
Jump to solution

Sending of HCP Reports via E-Mail

Hey Checkmates, 

we have installed HCP on our gateways and integrated it into SmartConsole.
Now we would like to have the reports sent to us by e-mail.
Are any of you already using this and if so, how was it implemented?

Thank you in advance.

Best Regards, 
Maria

(1)
1 Solution

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-05-13 08:05 AM
Jump to solution

I'm not doing this, but my HCP output is typically 2.5-3 MB per cluster member. That seems awfully large to send via email on a regular basis. I would instead look into setting up a private SSH key on each firewall and a central server for them to send the HCP files to via SCP.

If you're sure this is something you want to do, R81.10 and R81.20 have msmtp 1.4.21 (released 2010-07-03) present as /sbin/sendmail. It allows you to specify a raw SMTP envelope. I haven't tried specifying attachments like that, but my understanding is they're just a MIME block with the attachment data in base64. I would start with something like this:

MTA=10.20.30.40 # Your SMTP relay
mailRecipients="address1@domain.example; address2@domain.example"
filenameToSend="Some file generated by the firewall.pdf"

printf "From: root@$(hostname)
MIME-Version: 1.0
Subject: My super-cool email
Content-Type: multipart/mixed;
	boundary=\"outer_boundary\"
To: ${mailRecipients}

--outer_boundary
Content-Type: multipart/alternative;
	boundary=\"inner_boundary\"

--inner_boundary
Content-Type: text/plain; charset=\"UTF-8\"
Content-Transfer-Encoding: 7bit

Plaintext version of this email!
--inner_boundary
Content-Type: text/html; charset=\"UTF-8\"
Content-Transfer-Encoding: quoted-printable

<html><body>HTML version of this email!</body></html>
--inner_boundary--
--outer_boundary
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=\"${filenameToSend}\"

$(cat "${filenameToSend}" | base64)
--outer_boundary--" \
| /sbin/sendmail --host="${MTA}" --read-envelope-from -t

This example is for a PDF. You will need to update the Content-Type in the bottom section with the MIME type of the file you want to send. I forget the type for GZIP data (probably application/gzip). I also forget the rules for generating the Content-Type boundaries. It might accept arbitrary strings like this, or it may need to be some kind of hash or something.

I use this basic pattern to send plaintext emails from my management servers. I haven't tried to send a multipart email like this before.

View solution in original post

6 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-05-13 08:05 AM
Jump to solution

I'm not doing this, but my HCP output is typically 2.5-3 MB per cluster member. That seems awfully large to send via email on a regular basis. I would instead look into setting up a private SSH key on each firewall and a central server for them to send the HCP files to via SCP.

If you're sure this is something you want to do, R81.10 and R81.20 have msmtp 1.4.21 (released 2010-07-03) present as /sbin/sendmail. It allows you to specify a raw SMTP envelope. I haven't tried specifying attachments like that, but my understanding is they're just a MIME block with the attachment data in base64. I would start with something like this:

MTA=10.20.30.40 # Your SMTP relay
mailRecipients="address1@domain.example; address2@domain.example"
filenameToSend="Some file generated by the firewall.pdf"

printf "From: root@$(hostname)
MIME-Version: 1.0
Subject: My super-cool email
Content-Type: multipart/mixed;
	boundary=\"outer_boundary\"
To: ${mailRecipients}

--outer_boundary
Content-Type: multipart/alternative;
	boundary=\"inner_boundary\"

--inner_boundary
Content-Type: text/plain; charset=\"UTF-8\"
Content-Transfer-Encoding: 7bit

Plaintext version of this email!
--inner_boundary
Content-Type: text/html; charset=\"UTF-8\"
Content-Transfer-Encoding: quoted-printable

<html><body>HTML version of this email!</body></html>
--inner_boundary--
--outer_boundary
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=\"${filenameToSend}\"

$(cat "${filenameToSend}" | base64)
--outer_boundary--" \
| /sbin/sendmail --host="${MTA}" --read-envelope-from -t

This example is for a PDF. You will need to update the Content-Type in the bottom section with the MIME type of the file you want to send. I forget the type for GZIP data (probably application/gzip). I also forget the rules for generating the Content-Type boundaries. It might accept arbitrary strings like this, or it may need to be some kind of hash or something.

I use this basic pattern to send plaintext emails from my management servers. I haven't tried to send a multipart email like this before.

RobRobbson
Explorer
‎2024-05-14 12:12 AM
In response to Bob_Zimmerman
Jump to solution

This is a great guide, we were looking for something like this!
It would be sufficient if the entire HTML check was not sent as *.tag.gz to save some data.
Surely it would be easier to write the text-based CLI output into an email?
Can the code be adapted to this?

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-05-15 09:16 AM
In response to RobRobbson
Jump to solution

As long as you can get the HTML file you want, I would start my experimentation with something like this:

MTA=10.20.30.40 # Your SMTP relay
mailRecipients="address1@domain.example; address2@domain.example"
htmlFileToSend="Some File.html"

printf "From: root@$(hostname)
MIME-Version: 1.0
Subject: My super-cool email
Content-Type: text/html; charset=\"UTF-8\"
To: ${mailRecipients}

$(cat "${htmlFileToSend}")" \
| /sbin/sendmail --host="${MTA}" --read-envelope-from -t

It will probably need some processing to turn HTML meant for use in a web browser to HTML suitable for an email. No idea what tags work in email, for example.

Also note that HTML meant to be viewed in a browser typically includes a lot of references to external resources like images. Those could probably be replaced with characters (remember, you have access to all of UTF-8) without too much trouble. Would take a fair bit of experimentation to figure out what replacements look decent.

RobRobbson
Explorer
‎2024-05-15 11:50 PM
In response to Bob_Zimmerman
Jump to solution

The last days I've made script (with a little help of ChatGPT 😉 ) which work now in our lab environment.
It calls the hcp --show-last-full command and writes the output to a file.
This file is also copied to an FTP-Server and, send via mail-attachment to multiple recipients.

I trigger the script over the GAiA Job-Scheduler or simply over the crontab command.

Maybe I can post a cleaned up version of the script here if it's desired.

0 Kudos
_Val_
Admin
Admin
‎2024-05-15 11:55 PM
In response to RobRobbson
Jump to solution

@RobRobbson @Bob_Zimmerman and everybody else. Just in case, a clean and flexible version of such a script could be a good candidate for our recent ToolBox Contest

Consider this 🙂

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-15 07:20 PM
Jump to solution

Hey Maria,

What Bob advised is probably your best bet, but if you need an official confirmation, maybe open TAC case to confirm.

Best,

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events