Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martin_Valenta
Advisor

One Time Scripts on Gaia Embedded

I would like to know, if CP is planning to provide same features "Script repository/One time scripts" available for GAIA gateway also on Gaia embedded applianicies. Currently you cannot rung any script from SmartConsole against Gaia embedded appliances, which is a little bit surprise to me. Is it on road map to add support or not?

12 Replies
PhoneBoy
Admin
Admin

I'm moving this to the https://community.checkpoint.com/community/infinity-general/smb-smp?sr=search&searchId=ff929676-e356...‌ space. 

I suspect (though do not know for sure) the reason this isn't supported on the SMB appliances is because they do not have cprid, which is used for this purpose.

0 Kudos
Martin_Valenta
Advisor

Cprid works also on Gaia Embedded, i've used it for restoring admin access to box, after stucked firmware upgrade proces..

0 Kudos
PhoneBoy
Admin
Admin

Ah, there's no separate cprid process.

Missed that Smiley Happy

0 Kudos
Martin_Valenta
Advisor

Would be great is somebody from CP could give some feedback on it Smiley Happy

0 Kudos
G_W_Albrecht
Legend
Legend

Although it might be more simple to use one time scripts from Dashboard on SMB, there is a littele more complicated way to achieve the same using e.g. a GAiA device, see Perform scheduled scripted tasks on SMB devices.

On the other hand, you always can use WinSCP and CLI to run the script directly on the SMB device...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Pedro_Espindola
Advisor

I know this won't replace what you need at all, but in case you don't know these features from SMB appliances:

You can use ZeroTouch to completely automate the deployment procedure.

With Reach My Device you can easily access the gateway even behind a NAT.

You lose in some places, but gain in others.

0 Kudos
Martin_Valenta
Advisor

Does One time script feature for Gaia OS, use CPRID, yes or no? I would bet that it use it. If yes, i don't see reason why same cannot be enabled for Gaia embedded.

0 Kudos
PhoneBoy
Admin
Admin

Unless cprid on Gaia Embedded doesn't support executing arbitrary commands (which is possible). 

Either way, it's not currently available from SmartConsole. 

0 Kudos
G_W_Albrecht
Legend
Legend

We found that cprid_util will work with centrally managed GAiA Embedded devices when taking care of environment variables, e.g.:

$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd /bin/bash -c "LOGNAME=admin bashUser on"

Without LOGNAME=admin, this will give the error: Current user cannot be determined

CCSE CCTE CCSM SMB Specialist
0 Kudos
Martin_Valenta
Advisor

$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd bash -c "more /etc/passwd"
this one works perfectly fine from management server, never had to specify anything with login

0 Kudos
G_W_Albrecht
Legend
Legend

Yes, see also sk119633 ! It seems that only "bashUser" needs this environment variable set. Also compare my last comments in Activate bashUser via script on a Embedded Gaia device?

CCSE CCTE CCSM SMB Specialist
0 Kudos
Maarten_Sjouw
Champion
Champion

though cprid util is very powerfull, back in the Edge days, there was a script page in the FW object where you could just enter a command that would be executed locally on the Edge device.

This was probably executed by a early cprid equivalent, but I think TS might be looking for something like this?

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events