Re: One Time Scripts on Gaia Embedded

Martin_Valenta · ‎2018-03-16

I would like to know, if CP is planning to provide same features "Script repository/One time scripts" available for GAIA gateway also on Gaia embedded applianicies. Currently you cannot rung any script from SmartConsole against Gaia embedded appliances, which is a little bit surprise to me. Is it on road map to add support or not?

PhoneBoy · ‎2018-03-16

I'm moving this to the https://community.checkpoint.com/community/infinity-general/smb-smp?sr=search&searchId=ff929676-e356...‌ space.

I suspect (though do not know for sure) the reason this isn't supported on the SMB appliances is because they do not have cprid, which is used for this purpose.

Martin_Valenta · ‎2018-03-18

Cprid works also on Gaia Embedded, i've used it for restoring admin access to box, after stucked firmware upgrade proces..

PhoneBoy · ‎2018-03-18

Ah, there's no separate cprid process.

Missed that

Martin_Valenta · ‎2018-03-21

Would be great is somebody from CP could give some feedback on it

G_W_Albrecht · ‎2018-07-05

Although it might be more simple to use one time scripts from Dashboard on SMB, there is a littele more complicated way to achieve the same using e.g. a GAiA device, see Perform scheduled scripted tasks on SMB devices.

On the other hand, you always can use WinSCP and CLI to run the script directly on the SMB device...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Pedro_Espindola · ‎2018-07-06

I know this won't replace what you need at all, but in case you don't know these features from SMB appliances:

You can use ZeroTouch to completely automate the deployment procedure.

With Reach My Device you can easily access the gateway even behind a NAT.

You lose in some places, but gain in others.

Martin_Valenta · ‎2018-07-06

Does One time script feature for Gaia OS, use CPRID, yes or no? I would bet that it use it. If yes, i don't see reason why same cannot be enabled for Gaia embedded.

PhoneBoy · ‎2018-07-06

Unless cprid on Gaia Embedded doesn't support executing arbitrary commands (which is possible).

Either way, it's not currently available from SmartConsole.

G_W_Albrecht · ‎2018-08-24

We found that cprid_util will work with centrally managed GAiA Embedded devices when taking care of environment variables, e.g.:

$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd /bin/bash -c "LOGNAME=admin bashUser on"

Without LOGNAME=admin, this will give the error: Current user cannot be determined

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Martin_Valenta · ‎2018-08-27

$CPDIR/bin/cprid_util -server <IP of SMB> -verbose rexec -rcmd bash -c "more /etc/passwd"
this one works perfectly fine from management server, never had to specify anything with login

G_W_Albrecht · ‎2018-08-27

Yes, see also sk119633 ! It seems that only "bashUser" needs this environment variable set. Also compare my last comments in Activate bashUser via script on a Embedded Gaia device?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Maarten_Sjouw · ‎2018-08-29

though cprid util is very powerfull, back in the Edge days, there was a script page in the FW object where you could just enter a command that would be executed locally on the Edge device.

This was probably executed by a early cprid equivalent, but I think TS might be looking for something like this?

Regards, Maarten

Are you a member of CheckMates?

One Time Scripts on Gaia Embedded