- CheckMates
- :
- CheckMates Toolbox
- :
- Scripts
- :
- Re: Common Check Point Commands (ccc)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ccc - Common Check Point Commands
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
🏆 Code Hub Contribution of the Year 2018!
🎓 Featured in official Maestro courseware!
👍 Endorsed by Check Point Support!
📕 Books: Max Power, FW Admin
▶️ YouTube: Intro
ccc script to run CLI tasks & show system info.
Installation
curl_cli $(if [[ `grep proxy:ip /config/active` ]];then echo -n '--proxy ';grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n';echo -n :;grep proxy:port /config/active|cut -f2 -d' ';fi) -k https://dannyjung.de/ccc|zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc;. ~/.bashrc
🏆 Code Hub Contribution of the Year 2018!
🎓 Featured in official Maestro courseware!
👍 Endorsed by Check Point Support!
📕 Books: Max Power, FW Admin
▶️ YouTube: Intro
ccc script to run CLI tasks & show system info.
Installation
curl_cli $(if [[ `grep proxy:ip /config/active` ]];then echo -n '--proxy ';grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n';echo -n :;grep proxy:port /config/active|cut -f2 -d' ';fi) -k https://dannyjung.de/ccc|zc
Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great job!
Here is a little bit improved code (added hierarchy and some interactivity).
Regards,
--
Marko
Great job!
Here is a little bit improved code (added hierarchy and some interactivity).
Regards,
--
Marko
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I moved this thread to the Code Hub and added @Marko_Keca's Interactive Mode to this ccc script. I corrected/removed an issue with the 'view all commands' option, cleaned the interactive interface, added more commands and therefore raised the version level to 0.4. Thanks everyone for all the interest and support within this project!
I moved this thread to the Code Hub and added @Marko_Keca's Interactive Mode to this ccc script. I corrected/removed an issue with the 'view all commands' option, cleaned the interactive interface, added more commands and therefore raised the version level to 0.4. Thanks everyone for all the interest and support within this project!
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Danny,
Thanks for this great work,a short 10 minute tutorial video on this will be aslo add great taste to it.
Thanks and Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is really very helpfull! Just one line i have found that i do not understand:
9) fwm stat
This gives:
Usage:
fwm ver [-f] ... # Display version
fwm load [opts] [filter-file|rule-base] targets # Install Policy on targets
fwm unload [opts] targets # Uninstall targets
fwm dbload [targets] # Download the database
fwm logexport [-h] ... # Export log to ascii file
fwm gen [-RouterType [-import]] rule-base # Generate an inspection
# script or a router access-list
fwm dbexport [-h] ... # Export the database
fwm ikecrypt <key> <password> # Crypt a secret with a key
# (for the dbexport command)
fwm dbimport [-h] ... # Import to database
fwm kill [-sig_no] procname # Kill firewall process
fwm getpcap ... # Fetch packet capture from gateway
Looks like there is no fwm stat like there is fw stat... I have replaced the line with
fwm ver
😉
That is really very helpfull! Just one line i have found that i do not understand:
9) fwm stat
This gives:
Usage:
fwm ver [-f] ... # Display version
fwm load [opts] [filter-file|rule-base] targets # Install Policy on targets
fwm unload [opts] targets # Uninstall targets
fwm dbload [targets] # Download the database
fwm logexport [-h] ... # Export log to ascii file
fwm gen [-RouterType
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I now saw thet here, the installed_jumbo_take CLI command is used - this did work before, but see sk98028:
On R80.10 with sk116380 - Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf), run this command:
[Expert@HostName:0]# cpinfo -y all
Notes:
- The installed_jumbo_take [-n | -h] command is not supported by the R80.10 Jumbo Hotfix Accumulator
I now saw thet here, the installed_jumbo_take CLI command is used - this did work before, but see sk98028:
On R80.10 with sk116380 - Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf), run this command:
[Expert@HostName:0]# cpinfo -y all
Notes:
- The installed_jumbo_take [-n | -h] command is not supported by the R80.10 Jumbo Hotfix Accumulator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The script is great.
I added a little improvement for the command #23: fw fetch mgmt.
if you do not want the name of the management to be hardcoded for each gateway:
read in the name of the management with
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }')
command#23:
fw fetch $MGMT
Best regards
Martin
The script is great.
I added a little improvement for the command #23: fw fetch mgmt.
if you do not want the name of the management to be hardcoded for each gateway:
read in the name of the management with
MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }')
command#23:
fw fetch $MGMT
Best regards
Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a nice ClusterXL debug command:
clish -c "show routed cluster-state detailed"
It shows the gateway change time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another useful command in this list would be
fw ctl arp
which will show all proxy arp's and active local.arp entries.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Danny - nice script.
Improvement suggestion:
When the selected command shows lots of output you have to scroll up for checking the possibilities of your actual branch of the menu tree.
Prompting the menu again directly after the output will need you scrolling up for your requested output.
What about offering a short menu after a output - just one row?
Something like: ? Show actual Menu | 0: Main menu | q: EXIT
Cheers
Sven
Thanks Danny - nice script.
Improvement suggestion:
When the selected command shows lots of output you have to scroll up for checking the possibilities of your actual branch of the menu tree.
Prompting the menu again directly after the output will need you scrolling up for your requested output.
What about offering a short menu after a output - just one row?
Something like: ? Show actual Menu | 0: Main menu | q: EXIT
Cheers
Sven
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have adjusted the commands, so that only the physical interface is visible and not the Bond's anymore.
ifconfig -a | grep encap | awk '{print $1}' | grep -v lo | grep -v bond | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'ethtool %; ethtool -i %' | grep '^driver\|Speed\|Duplex\|Setting' | sed "s/^/ /g" | tr -d "\t" | tr -d "\n" | sed "s/Settings for/\nSettings for/g" | awk '{print $5 " "$7 "\t " $9 "\t" $3}' | grep -v "Unknown"
Regards
Heiko
I have adjusted the commands, so that only the physical interface is visible and not the Bond's anymore.
ifconfig -a | grep encap | awk '{print $1}' | grep -v lo | grep -v bond | grep -v ":" | grep -v ^lo | xargs -I % sh -c 'ethtool %; ethtool -i %' | grep '^driver\|Speed\|Duplex\|Setting' | sed "s/^/ /g" | tr -d "\t" | tr -d "\n" | sed "s/Settings for/\nSettings for/g" | awk '{print $5 " "$7 "\t " $9 "\t" $3}' | grep -v "Unknown"
Regards
Heiko
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you read our comments in this thread? We are not relying on ifconfig for the reason that it doesn't show any disabled interfaces.
Did you read our comments in this thread? We are not relying on ifconfig for the reason that it doesn't show any disabled interfaces.
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Danny,
thanks for adding parts of my improvements.
To be shure that you exactly know what I mean I added my idea to your code.
Just replace the relevant parts and you will see what I wanted to say.
# Variables j=0; i=0; MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }'); INST=$(if hash installed_jumbo_take 2>/dev/null; then echo installed_jumbo_take; fi);
q) exit 0 ;;esacechocase $i in ''|*[!1-9]*) echo "0: MAIN MENU"; echo "q: QUIT";j=$i;; *) echo "------------------------------------------------"; echo "?: Show actual menu | 0: MAIN MENU | q: QUIT";;esacechoecho -en "Enter a command : "read iif [ $i == ? ]; then i=$jfiechodoneexit 0
I am not a programmer, but it's working
Cheers
Sven
Hi Danny,
thanks for adding parts of my improvements.
To be shure that you exactly know what I mean I added my idea to your code.
Just replace the relevant parts and you will see what I wanted to say.
# Variables j=0; i=0; MGMT=$(cat $FWDIR/conf/masters | awk 'NR>1 && NR<3 { print $0 }'); INST=$(if hash installed_jumbo_take 2>/dev/null; then echo installed_jumbo_take; fi);
q) exit 0 ;;esacechocase $i in ''|*[!1-9]*) echo "0: MAIN MENU"; echo "q: QUIT";j=$i;; *) ech
...;
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For some commands like
19) netstat -atun
I think it would be better to add a "| more"
So the output can be read page by page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some of the ccc I often use with "watch" to see what's goining on.
I played around with your code and implemented a function which enables you to add "watch" to some commands.
In my latest version it's only working with simple commands and need to be improved for more complex ones.
Is it worth sharing or isn't part or the scope?
Some of the ccc I often use with "watch" to see what's goining on.
I played around with your code and implemented a function which enables you to add "watch" to some commands.
In my latest version it's only working with simple commands and need to be improved for more complex ones.
Is it worth sharing or isn't part or the scope?
;- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content