This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-02-06 04:57 AM
Jump to solution

Perform scheduled scripted tasks on SMB devices without using crond

Scripting was a weak point of SMB devices until firmware version R77.20.80: You can easily perform scripted tasks after each boot process (see sk52520 How to run commands at boot on an SG80/600/700/1100/1400/1200R -- UserScript for details), but no cron job was possible as crond did not run in GAiA Embedded (although the command crontab exists, it was unusable). There was a procedure to enable crond (Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R) if really needed. Since R77.20.80, crond is running, see the details in R77.20.80, cpdiag and crond.

But e.g. to issue a scripted reboot every two weeks at a certain time, we can also trigger the script over a SSH connection from another device. Details can be found in sk106836: How to configure SSH authentication using RSA key files on Security Gateway 80 / 600 / 700.... Remember to keep the passphrase empty when generating the key pair ! First step is to run # bashUser on while in expert mode to enable login directly into expert mode and WinSCP access. On the SMB box, we then create the file /pfrm2.0/etc/myreb.sh :

#!/bin/bash -f
source /fwtmp/opt/fw1/tmp/.CPprofile.sh
date >> /pfrm2.0/etc/lastReboot
(echo y ) | reboot

The second line is included as good practise and not needed here - but other commands will depend on environment variables set correctly (see sk77300 and sk90441).

On the unit that shall issue the command (based on GAiA or Unix) we follow sk95890 How to configure SSH authentication on Gaia OS using RSA key files and create /home/admin/sshreb.sh :

#!/bin/bash -f
source $CPDIR/tmp/.CPprofile.sh
ssh -i /home/admin/MyKey ip.x.x.x sh -l ./pfrm2.0/etc/myreb.sh

After first connect per ssh, the script is able to login and perform reboot automatically after being called using cron. This is easy e.g. on a Gaia device (in GAiA WebGUI, see under System Management > Job Scheduler). Such a script can also perform TP Updates automatically, but at different scheduled times for each blade using the online_update_cmd !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-03-05 12:35 AM
Jump to solution

That really is wild - i did not search for a cron binary, and crontab, as seen in the document, has no memory... We can see that this is a rather downsized busybox system, and that is understandable if we think of SG-80 or 600 models hardware capabilities . To create a symlink, a directory, call crond and write the crontab file on boot is working ok, but for me does not feel very comfortable. With current hardware, the need to trigger TP updates at different times - opposed to internaly scheduling all updates for the same time - is mostly gone, and scheduled backup works perfectly for me since a long time, and without any cron job...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
6 Replies
Brian_Deutmeyer
Collaborator
‎2018-03-02 11:42 AM
Jump to solution

Thanks for posting this.  Two things to note...

  • I had to specify my user in my ssh command (user@x.x.x.x)
  • Since this is SMB, I had to run bashUser on while in expert mode to enable login directly into expert mode to run my script

From the Check Point 600/700/1100/1200R/1400 Appliance R77.20.75 CLI Guide:

You can enable login directly to expert mode. To do this:

• Login to Expert mode using the "Expert" password.

• Run the command bashUser on

• You will now always login directly to expert mode (this mode is not deleted during reboot)

• To turn this mode off, run the command bashUser off

0 Kudos
HristoGrigorov
MVP Gold
MVP Gold
‎2018-03-03 09:51 AM
Jump to solution

Actually, it is possible to run cron jobs on SMB. I have followed this guide and it works for me very well:

Spikefish Solutions Blog: Enabling cron, the scheduling service on 600 / 700 / 1100 / 1200R 

G_W_Albrecht
MVP Silver
MVP Silver
‎2018-03-05 12:20 AM
Jump to solution

Yes, that is true - afair you have to ssh connect manually for one time, then you can use the script. For GUI based guys like me, bashUser on is the first command issued on every SMB unit so we can use WinSCP Smiley Happy.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-03-05 12:35 AM
Jump to solution

That really is wild - i did not search for a cron binary, and crontab, as seen in the document, has no memory... We can see that this is a rather downsized busybox system, and that is understandable if we think of SG-80 or 600 models hardware capabilities . To create a symlink, a directory, call crond and write the crontab file on boot is working ok, but for me does not feel very comfortable. With current hardware, the need to trigger TP updates at different times - opposed to internaly scheduling all updates for the same time - is mostly gone, and scheduled backup works perfectly for me since a long time, and without any cron job...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-03-05 04:39 AM
Jump to solution

I have changed the document by adding details from the comments - thank you all for them !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-06-02 03:40 AM
Jump to solution

Addition: Second line has changed with newer firmware:

#!/bin/bash -f
source /opt/fw1/tmp/.CPprofile.sh 
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events