Unleashing Performance & Stability
with Harmony Endpoint E88.70!
It's Here!
CPX 2025 Content
Zero Trust: Remote Access and Posture
Help us with the Short-Term Roadmap
The Future of Browser Security:
AI, Data Leaks & How to Stay Protected!
CheckMates Go:
Recently on CheckMates
Tomas_Vobruba
Hi all,
I was asked by customer to help him with writing script to change expiration of local users. Our API from version 1.6.1 can handle this task quite easily.
There are two scripts:
Extend expiration of selected user: script_change_expiration_of_selected_user.sh
https://gist.github.com/chkp-mkoldov/1f2ea190c6888be3f46091f815813d73
Extend expiration of all local users: script_change_expiration_of_users.sh
https://gist.github.com/chkp-mkoldov/b030dc7cf5feb5230d4bfd77c4c1377b
Take this script as a skeleton. It might be changed in any kind of the manner.
Cheers Tomas
Hi all,
I was asked by customer to help him with writing script to change expiration of local users. Our API from version 1.6.1 can handle this task quite easily.
There are two scripts:
Extend expiration of selected user: script_change_expiration_of_selected_user.sh
https://gist.github.com/chkp-mkoldov/1f2ea190c6888be3f46091f815813d73
Extend expiration of all local users: script_change_expiration_of_users.sh
https://gist.github.com/chkp-mkoldov/b030dc7cf5feb5230d4bfd77c4c1377b
...;
Hello Tomas,
Is there any template script to get an output like in the last screenshot above that checks the expiration time for all users (or specific users whose name includes @VPN@)? Can it also show users' e-mail address details? And my last question is, can we print this output to a file with a command to be added to the script and copy it to a remote location such as ftp etc?
Note: Version R80.40
Regards,
Volkan
Hello Tomas,
Is there any template script to get an output like in the last screenshot above that checks the expiration time for all users (or specific users whose name includes @VPN@)? Can it also show users' e-mail address details? And my last question is, can we print this output to a file with a command to be added to the script and copy it to a remote location such as ftp etc?
Note: Version R80.40
Regards,
Volkan
;
Tomas_Vobruba
Hello,
script just reads on input user names, but mgmt_cli itself can give you what are you looking for, but you have to change select from one user "command show user" to multi user select:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-users~v1.8.1%20
As you can see, management cli is returning name, so you can easy ask for that:
[Expert@cp-mgmt:0]# mgmt_cli -r true show users --format json|jq '.objects[] |select((.name)|contains("vpn")).name'
user_vpn
user1_vpn
reading this specified email for output name of user can be done for example by:
mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] | select(.name | contains ("vpn")) | .email'
Both together:
mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] | select(.name | contains ("vpn")) | [.email,.name]'
[
"user_vpn@test.com",
"user_vpn"
]
Hope this is what you are looking for.
Tomas
Hello,
script just reads on input user names, but mgmt_cli itself can give you what are you looking for, but you have to change select from one user "command show user" to multi user select:
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-users~v1.8.1%20
As you can see, management cli is returning name, so you can easy ask for that:
[Expert@cp-mgmt:0]# mgmt_cli -r true show users --format json|jq '.objects[] |select((.name)|contains("vpn")).name
...;
Hello, is it possible to export this output to a .csv file and schedule a job to periodically update/create this file? Or do we have to do manually whole process?
PhoneBoy
Yes, jq (used in the CLI commands above) can also output in CSV…with the correct format.
And, yes, once you have worked out the correct CLI command that gives you the data in the format you want, you can have it run by cron periodically.
Yes, jq (used in the CLI commands above) can also output in CSV…with the correct format.
And, yes, once you have worked out the correct CLI command that gives you the data in the format you want, you can have it run by cron periodically.
Tomas_Vobruba
Hi, sorry for later reply.
mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] |select(.name | contains("vpn"))| [.name, .email] |@csv' will do the job with data transformation..
output:
"user_vpn","user_vpn@test.com"
"user1_vpn","user1_vpn@test.com"
Hi, sorry for later reply.
mgmt_cli -r true show users details-level full --format json | jq -r '.objects[] |select(.name | contains("vpn"))| [.name, .email] |@csv' will do the job with data transformation..
output:
"user_vpn","user_vpn@test.com"
"user1_vpn","user1_vpn@test.com"
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
