Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

ccc - Common Check Point Commands

Danny
Champion Champion
Champion

🏆 Code Hub Contribution of the Year 2018!
🎓 Featured in official Maestro courseware!
👍 Endorsed by Check Point Support!
📕 Books: Max Power, FW Admin
▶️ YouTube: Intro

ccc script to run CLI tasks & show system info.

Installation


    curl_cli $(if [[ `grep proxy:ip /config/active` ]];then echo -n '--proxy ';grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n';echo -n :;grep proxy:port /config/active|cut -f2 -d' ';fi) -k https://dannyjung.de/ccc|zc
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(2)
244 Replies

Moti
Admin
Admin

You sir are awesome!!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


MK9
Contributor

+1

Thank you!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Marko_Keca
Contributor

Great job!

Here is a little bit improved code (added hierarchy and some interactivity).

Dropbox - ccc 

Regards,

--

Marko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Moti
Admin
Admin

Thx, can u post in code-hub 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

I moved this thread to the Code Hub and added @Marko_Keca‌'s Interactive Mode to this ccc script. I corrected/removed an issue with the 'view all commands' option, cleaned the interactive interface, added more commands and therefore raised the version level to 0.4. Thanks everyone for all the interest and support within this project!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Mohammed_Jamshe
Participant

Hello Danny,

Thanks for this great work,a short 10 minute tutorial video on this will be aslo add great taste to it.

Thanks and Regards.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

I posted a video here.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend
Legend
That is really very helpfull! Just one line i have found that i do not understand:
9) fwm stat

This gives:


Usage:
fwm ver [-f] ...                                 # Display version
fwm load [opts] [filter-file|rule-base] targets  # Install Policy on targets
fwm unload [opts] targets                        # Uninstall targets
fwm dbload [targets]                             # Download the database
fwm logexport [-h] ...                           # Export log to ascii file
fwm gen [-RouterType

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


G_W_Albrecht
Legend
Legend

I now saw thet here, the installed_jumbo_take CLI command is used - this did work before, but see sk98028:

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Martin_Heim
Participant

The script is great.

I added a little improvement for the command #23: fw fetch mgmt.

if you do not want the name of the management to be hardcoded for each gateway:

read in the name of the management with
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }')

command#23:
fw fetch $MGMT

Best regards
Martin

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 0.6

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 0.6

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

I have a nice ClusterXL debug command:

clish -c "show routed cluster-state detailed"

It shows the gateway change time.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


(1)

Maarten_Sjouw
Champion
Champion

Another useful command in this list would be 

fw ctl arp

which will show all proxy arp's and active local.arp entries.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

This command is already implemented.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 0.8

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


MikaelJohnsson
Contributor

Hi, 

Great idea but place add it as fw ctl arp -n

to avoid dns-lookups.

Cheers

Mikael

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Sven_Glock
Advisor

Thanks Danny - nice script.

Improvement suggestion:

When the selected command shows lots of output you have to scroll up for checking the possibilities of your actual branch of the menu tree.

Prompting the menu again directly after the output will need you scrolling up for your requested output.

What about offering a short menu after a output - just one row?

Something like: ? Show actual Menu | 0: Main menu | q: EXIT

Cheers

Sven

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion Champion
Champion

I have adjusted the commands, so that only the physical interface is visible and not the Bond's anymore.

 ifconfig -a | grep encap | awk '{print $1}' | grep -v lo | grep -v bond | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'ethtool %; ethtool -i %' | grep '^driver\|Speed\|Duplex\|Setting' | sed "s/^/ /g" | tr -d "\t" | tr -d "\n" | sed "s/Settings for/\nSettings for/g" | awk '{print $5 " "$7 "\t " $9 "\t" $3}' | grep -v "Unknown"

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 0.9

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 0.9

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Did you read our comments in this thread? We are not relying on ifconfig for the reason that it doesn't show any disabled interfaces.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Sven_Glock
Advisor

Hi Danny,

thanks for adding parts of my improvements.

To be shure that you exactly know what I mean I added my idea to your code.

Just replace the relevant parts and you will see what I wanted to say.

# Variables
j=0;
i=0;
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }');
INST=$(if hash installed_jumbo_take 2>/dev/null; then echo installed_jumbo_take; fi);

q)
exit 0
;;
esac
echo
case $i in
''|*[!1-9]*) echo "0: MAIN MENU"; echo "q: QUIT";j=$i;;
*) ech
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Sven_Glock
Advisor

A GIT implementation into GAIA would be very helpful! 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Sven_Glock
Advisor

For some commands like

19) netstat -atun

 I think it would be better to add a "| more"

So the output can be read page by page.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Sven_Glock
Advisor

Some of the ccc I often use with "watch" to see what's goining on.

I played around with your code and implemented a function which enables you to add "watch" to some commands.

In my latest version it's only working with simple commands and need to be improved for more complex ones.

Is it worth sharing or isn't part or the scope?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion Champion
Champion

Implemented in version 1.0

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

Implemented in version 1.0

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion Champion
Champion

We always love to learn and improve. Just share your ideas and examples with us.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free