This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
Mark as Verified by CP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extend local users expiration - local API bash scripts

Tomas_Vobruba
Employee
Employee

 

Hi all,

 

I was asked by customer to help him with writing script to change expiration of local users. Our API from version 1.6.1 can handle this task quite easily.

 

There are two scripts:

Extend expiration of selected user:  script_change_expiration_of_selected_user.sh

https://gist.github.com/chkp-mkoldov/1f2ea190c6888be3f46091f815813d73

 

Extend expiration of all local users: script_change_expiration_of_users.sh 

https://gist.github.com/chkp-mkoldov/b030dc7cf5feb5230d4bfd77c4c1377b

...;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




0 Kudos
Mark as Verified by CP
5 Replies

vturan
Explorer
‎2022-11-20 07:37 AM

Hello Tomas,

Is there any template script to get an output like in the last screenshot above that checks the expiration time for all users (or specific users whose name includes  @VPN@)? Can it also show users' e-mail address details? And my last question is, can we print this output to a file with a command to be added to the script and copy it to a remote location such as ftp etc?

Note: Version R80.40 

Regards,

Volkan

;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free


0 Kudos
Mark as Verified by CP

Tomas_Vobruba
Employee
Employee
‎2022-11-20 10:14 AM

Hello,

 

script just reads on input user names, but mgmt_cli itself can  give you what are you looking for, but you have to change select from one user "command show user" to multi user select:

 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-users~v1.8.1%20


As you can see, management cli is returning name, so you can easy ask for that:

[Expert@cp-mgmt:0]# mgmt_cli -r true show users --format json|jq '.objects[] |select((.name)|contains("vpn")).name

...;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free


Mark as Verified by CP

CihanB
Explorer
‎2022-12-04 11:54 PM

Hello, is it possible to export this output to a .csv file and schedule a job to periodically update/create this file? Or do we have to do manually whole process?

;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free


0 Kudos
Mark as Verified by CP

PhoneBoy
Admin
Admin
‎2022-12-05 07:23 AM

Yes, jq (used in the CLI commands above) can also output in CSV…with the correct format.
And, yes, once you have worked out the correct CLI command that gives you the data in the format you want, you can have it run by cron periodically. 

;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free


0 Kudos
Mark as Verified by CP

Tomas_Vobruba
Employee
Employee
‎2022-12-05 07:56 AM

Hi, sorry for later reply. 

mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] |select(.name | contains("vpn"))| [.name, .email] |@csv' will do the job with data transformation.. 

 

output:

"user_vpn","user_vpn@test.com"
"user1_vpn","user1_vpn@test.com"

;
TO ACCESS CHECKMATES TOOLBOX
REGISTER SIGN IN
it's simple and free


0 Kudos
Mark as Verified by CP