Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

ccc - Common Check Point Commands

Champion
Champion

🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!

ccc is a menu-driven Bash script to run common Gaia CLI tasks and show advanced system summary information.

Installation


    curl_cli $(if [[ `grep proxy:ip /config/active` ]]; then echo -n '--proxy '; grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n'; echo -n :; grep proxy:port /config/active|cut -f2 -d' '; fi) -k https://dannyjung.de/ccc | zcat > /u
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
221 Replies

Participant

Hi there, I don't see an actual download for the script, can I just save the text in notepad and save it as ccc.sh, move it to my gateway and execute it by ./ccc.sh?

Thanks in advance and excellent job on the script and great collaboration between everyone!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

On R80.30 I see some problems.

1.  last -20 -w Show last 20 logins by name

[Executing:]# last -20 -w
last: invalid option -- w
Usage: last [-num | -n num] [-f file] [-t YYYYMMDDHHMMSS] [-R] [-x] [-o] [username..] [tty..]

Done.

2. tail $FGDIR/log/fgd.elg Show last 10 entries in QoS log

[Executing:]# tail /opt/CPsuite-R80.30/fg1/log/fgd.elg
tail: cannot open `/opt/CPsuite-R80.30/fg1/log/fgd.elg' for reading: No such file or directory

Done.

 

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Fixed in version 4.6

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Maybe you can also add treesize, a script I have on all the MDS servers I manage. It looks like this (I picked this one up a while back):

-----------

du -k --max-depth=1 | sort -nr | awk '
   BEGIN {
        split("KB,MB,GB,TB", Units, ",");
   }
   {
        u = 1;
        while ($1 >= 1024) {
             $1 = $1 / 1024;
             u += 1
        }
        $1 = sprintf("%.1f %s", $1, Units[u]);
        print $0;
    }
   '

---------

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Participant

Please disregard my question, I was able to figure it out, thanks again everyone for the great teamwork!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

I will share this later, atm I can not access my testlab...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

I love the new colors - great job!

At the moment the script shows all commands an all devices even if there are no relevant blades active on the device where you are executing the script.

For example: with "enabled_blades" you can check if vpn is active or not. If not you do not need th offer vpn relevant commands.

The same I can imagine with ips, threatemulation etc...

BTW: I am missing threatemulation commands. Do you need some?

Further it would be helpful to identif

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

As we are stepping into color era now, I would suggest to mark "dangerous" commands in red or orange color.

25 - fwaccel off - Disable SecureXL acceleration"
30 - fw unloadlocal; fw stat - Unload security policy on localhost"
36 - fw amw unload; fw stat -b AMW - Disable Threat Prevention"
47 - clusterXL_admin down - Create ClusterXL faildevice"
70 - mdsstop - Stop Multi-Domain Server"
72 - mdsstop_customer <DMS_ID or DMS_IP or DMS_Name> - Stop specific DMS
74 - cpwd_admin stop -name FWM -

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

System info, Threat Emulation & Extraction commands were implemented in version 1.1

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Attachments implemented in version 1.1

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Implemented in version 1.1

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Contributor

echo " ${BOLD}76${NORM} - ${WARN}cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw kill fwm"${NORM} - Stop Firewall Management only"

you have "$FWDIR/bin/fw"    ...missing the "m" on the end?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

The command is correct. There is no "m" missing on the end. Read here and there.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Participant

I like the system information when you start the script and added a litte improvement:

# Variables

...

MGMTIP=$(cat $CPDIR/registry/HKLM_registry.data | grep ICAip | awk '{print $2}')

...

and in the system output section:

          echo "-------------------------------------------------"
          echo "  ${BOLD}Common Check Point Commands (ccc) v1.1${NORM}"
          echo "-------------------------------------------------"
          echo "  System: ${BOLD}${SYSTEM}${NORM}"
   

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Implemented in version 1.2

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Hmmm - tried it on my SMS:

----------

[Expert@SMS8010:0]# ccc
cat: /opt/CPsuite-R80/fw1/conf/masters: No such file or directory
grep: /opt/CPsuite-R80/fw1/state/local/AMW/local.IPS.set: No such file or directory
date: invalid date `@'
--------------------------------------------------v1.2--
  ccc > SMS8010
--------------------------------------------------------
  System: SmartEvent Server
  Appliance / Server: VMware Virtual Platform
  Version: Check Point Gaia R80.10
  Uptime: 1 day
----------

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Implemented in version 1.3

Note: Even Check Point's cpview and healthcheck script v4.08 and cpconfig's 'Automatic start of Check Point Products' detect SmartCenter/SmartEvent Servers wrong. I fixed that by checking for the CPSEMD SmartEvent process instead.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

In the MDS part I did see mdsstart and mdsstart_customer, but I did not see the mdsstart -m and mdsstop -m to only stop the MDS itself, but not the domains.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Explorer

Just one suggestion: In case you have enabled sandblast on your firewall, it could be useful to watch stuck files in the local Check Point postfix mail queue. I implemented this on those firewalls with a bash alias: mailq='/opt/postfix/usr/sbin/postqueue -p -c /opt/postfix/etc/postfix/' Maybe this is useful for adding to the ccc script?

Maybe a funny fact about the name of the script ccc: CCC is in Germany the acronym for the Chaos Computer Club  🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Advisor

Hi Danny,

thanks for adding TE support.

Nummer 82 would look much nicer in this way:

echo "Global file throughput (TE+AV): $(tecli sh th m) | $(tecli sh th h) | $(tecli sh th d)"

An other nice command I like is

tecli s e e

It shows the running emulations and their states.

Additionally I would be helpful to have a command that is monitoring the mailqueune. I do not have access to my testlab, so I can not provide the relevant command, sorry...

Thanks Sven

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Collaborator

First of all, I love this script ! Thanks a lot Smiley Happy

Can we add another command here:

          echo "  ${BOLD}76${NORM} - ${WARN}cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw kill fwm"${NORM} - Stop Firewall Management only"
          echo "  ${BOLD}77${NORM} - ${ENAB}cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"${NORM} - Start Firewall Management only"

NEW echo "  ${BOLD}XX${NORM} - ${WARN}cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Participant

nice shared ,thanks a lot!!!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Employee+
Employee+

can we add IPv6 command as well?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Champion
Champion

Implemented in version 1.4

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Implemented in version 1.4

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Implemented in version 1.4

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Thanks for the suggestion! As you just want to run two commands after another, simply enter the relevant numbers after another. From my experience two seconds might not be enough to re-initiate the starting process after stopping it. This needs to be monitored by the admin in charge while executing such commands.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Champion
Champion

Of course! We are looking forward to your additions

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Collaborator

Indeed we can do that, but the impact is lower if we run "all in one" command.
But I understand the point.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos

Advisor

Hi Danny,

I checked the new Identity Awareness commands.

On dayly basis I use more often specifiy searches instead of "pep show user all" or "pdp monitor all".

What about adding some functions for more user interaction?

54 # Functions
55
56 pep_user_query () {
57 echo "Query Identity Awareness for specific"
58 echo "1) Match entries with <username>"
59 echo "2) Match entries with machine <machine name>"
60 echo "3) Match entries that were updated by the given PDP"
61

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free
Reply
0 Kudos