The Great Exposure Reset
24 February 2026 @ 5pm CET / 11am EST
CheckMates Fest 2026
Watch Now!AI Security Masters
Hacking with AI: The Dark Side of Innovation
CheckMates Go:
CheckMates Fest
Somewhat similar to CIS script Danny Jung posted recently. dos2unix and chmod 777 needed.
Example from my lab:
[Expert@CP-GW:0]# ./cp_gateway_baseline_check.sh
Check Point Gateway Baseline Security Check
Timestamp: Fri Jan 30 17:47:57 EST 2026
Threshold: MAX_POLICY_AGE_DAYS=30
--------------------------------------------
INFO - Version (top lines):
Product version Check Point Gaia R82
OS build 777
OS kernel version 4.18.0-372.9.1cpx86_64
OS edition 64-bit
--------------------------------------------
FAIL - NTP does not appear enabled (show ntp active output: No).
PASS - NTP servers are configured (show ntp servers).
IP Address Type Version Preferred
ntp2.checkpoint.com server 4 no
ntp.checkpoint.com server 4 yes
--------------------------------------------
FAIL - Management 'allowed-client' looks too permissive (found any-host/any/0.0.0.0/0).
Type Address Mask Length
Host Any
--------------------------------------------
FAIL - SSH password authentication appears enabled (passwordauthentication yes).
FAIL - SSH root login appears enabled (permitrootlogin yes).
--------------------------------------------
PASS - SIC trust is established (cp_conf sic state).
--------------------------------------------
PASS - Policy installed recently (1 days ago) per fw stat.
INFO - fw stat line: localhost LAB-POLICY-Andy 29Jan2026 8:08:14 : [>eth0] [<eth0] [>eth1] [>eth2]
--------------------------------------------
WARN - App Control (appi) update status not up-to-date/unclear:
Update status: new
Update description: Gateway was updated with database version: 21012601.
Next update description: The next update will be run as scheduled.
DB version: 21012601
WARN - URL Filtering (urlf) update status not up-to-date/unclear:
Update status: new
Update description: Gateway was updated with database version: 21012601.
Next update description: The next update will be run as scheduled.
DB version: 21012601
PASS - Anti-Bot / Anti-Virus (antimalware) databases appear up-to-date.
--------------------------------------------
INFO - Cluster state (informational):
HA module not started.
This gateway not configured as cluster
--------------------------------------------
Summary: PASS=4 WARN=2 FAIL=4
[Expert@CP-GW:0]#
Somewhat similar to CIS script Danny Jung posted recently. dos2unix and chmod 777 needed.
Example from my lab:
[Expert@CP-GW:0]# ./cp_gateway_baseline_check.sh
Check Point Gateway Baseline Security Check
Timestamp: Fri Jan 30 17:47:57 EST 2026
Threshold: MAX_POLICY_AGE_DAYS=30
--------------------------------------------
INFO - Version (top lines):
Product version Check Point Gaia R82
OS build 777
OS kernel version 4.18.0-372.9.1cpx86_64
OS edition 64-bit
--------------------------------
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
