Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Extend local users expiration - local API bash scripts

Tomas_Vobruba
Employee
Employee

 

Hi all,

 

I was asked by customer to help him with writing script to change expiration of local users. Our API from version 1.6.1 can handle this task quite easily.

 

There are two scripts:

Extend expiration of selected user:  script_change_expiration_of_selected_user.sh

https://gist.github.com/chkp-mkoldov/1f2ea190c6888be3f46091f815813d73

 

Extend expiration of all local users: script_change_expiration_of_users.sh 

https://gist.github.com/chkp-mkoldov/b030dc7cf5feb5230d4bfd77c4c1377b

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




0 Kudos
5 Replies

vturan
Explorer

Hello Tomas,

Is there any template script to get an output like in the last screenshot above that checks the expiration time for all users (or specific users whose name includes  @VPN@)? Can it also show users' e-mail address details? And my last question is, can we print this output to a file with a command to be added to the script and copy it to a remote location such as ftp etc?

Note: Version R80.40 

Regards,

Volkan

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Tomas_Vobruba
Employee
Employee

Hello,

 

script just reads on input user names, but mgmt_cli itself can  give you what are you looking for, but you have to change select from one user "command show user" to multi user select:

 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-users~v1.8.1%20


As you can see, management cli is returning name, so you can easy ask for that:

[Expert@cp-mgmt:0]# mgmt_cli -r true show users --format json|jq '.objects[] |select((.name)|contains("vpn")).name

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


CihanB
Explorer

Hello, is it possible to export this output to a .csv file and schedule a job to periodically update/create this file? Or do we have to do manually whole process?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

PhoneBoy
Admin
Admin

Yes, jq (used in the CLI commands above) can also output in CSV…with the correct format.
And, yes, once you have worked out the correct CLI command that gives you the data in the format you want, you can have it run by cron periodically. 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Tomas_Vobruba
Employee
Employee

Hi, sorry for later reply. 

mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] |select(.name | contains("vpn"))| [.name, .email] |@csv' will do the job with data transformation.. 

 

output:

"user_vpn","user_vpn@test.com"
"user1_vpn","user1_vpn@test.com"

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos