Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

ccc - Common Check Point Commands

Danny
Champion
Champion

🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!

ccc is a menu-driven Bash script to run common Gaia CLI tasks and show advanced system summary information.

Installation


    curl_cli $(if [[ `grep proxy:ip /config/active` ]]; then echo -n '--proxy '; grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n'; echo -n :; grep proxy:port /config/active|cut -f2 -d' '; fi) -k https://dannyjung.de/ccc | zcat > /u
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


222 Replies

Vladimir
Champion
Champion

Danny,

 

The CCC script is now pretty mature and perhaps it is possible to serve it from HTTPS with hash verification for installation from "Expert mode"?

Something along the lines of solution described here: https://stackoverflow.com/questions/2086424/creating-a-file-downloading-script-with-checksum-verification

Regards,

Vladimir

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Yes, that's on the roadmap.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Daniel_Hainich
Collaborator

very nice! thanks a lot!

 

 

daniel

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

@Vladimir: ccc is now served securely via HTTPS and uses SHA-512 to secure it's self-updates.

Secure Installation in expert mode :
src=`curl_cli -fsk https://dannyjung.de/ccc | zcat 2>/dev/null`; if [[ $? -eq 0 ]]; then if [[ `echo "$src" | sha512sum | cut -d " " -f 1` == `curl_cli -fsk https://dannyjung.de/ccc-sha512 | zcat` ]]; then echo "$src" > /usr/bin/ccc && chmod +x /usr/bin/ccc; else echo "SHA-512 doesn't match."; fi; else echo "No connection to dannyjung.de"; fi; unset src

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Vladimir
Champion
Champion

This is great!

Do you intend on hosting CCC yourself or are there considerations to move it to Check Point in the future?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

I would love to move it to Check Point, but they don't seem to be interested at the moment.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

@Danny &  @Vladimir, I think it is not a question of interest. There is an issue of support, updates and liabilities in case Check Point hosts this tool. It is not as easy as it seems...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

suhasbhoir
Explorer

Hi Danny Sir,

 

I am gatting below error

 

[Expert@CP-R80.20:0]# ccc
-bash: /usr/bin/ccc: Permission denied
[Expert@CP-R80.20:0]#

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

@suhasbhoir make sure your permissions are set properly:

chmod +x /usr/bin/ccc
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Flo
Participant

Hey Danny,
great tool. I recommend this to all my customers and use the tool almost every day.
Fantastic work!!!
Greetings Flo

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

G_W_Albrecht
Champion
Champion

Strange error with newest version:

 MAIN < FIREWALL GATEWAY

execute first line:

  fw stat; ips stat; fw stat -b AMW; cpstat -f all polsrv; cp_conf sic state  Show FW + IPS/TP + Policy Server + SIC status

 

/usr/bin/ccc: eval: line 471: unexpected EOF while looking for matching ``'

/usr/bin/ccc: eval: line 472: syntax error: unexpected end of file

 

Done.

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Fixed in version 4.5

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Bechor
Employee
Employee

Hi Danny,

Thank you for this great tool and keep it updated with more and more RFEs 🙂

Please consider adding the [ watch --i 1 --d 'cpstat -f fragments fw' ] to see if the GW is handling any fragmentation every sec.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Hi Bechor,

thanks for your support.

I'm working on an update that will cover all the requests regarding the watch command to be included.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Added in version 4.6

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

CSR
Contributor
Its Awesome...

Thanks,
CSR ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Haris_Chaudhry
Employee
Employee

AMAZING !

 

This should be renamed to 

"Ultimate Checkpoint Toolkit"

 

Thanks for all your handwork on this.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Denis_Spirin
Explorer

Does using scripts like this or installing other 3rd parties packages (lets say Python) affect Vendor Support? Void it somehow?

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Hugo_vd_Kooij
Advisor

The script seems to follow the normal (debug) commans you can find in SecureKnowledge.

No harm in using them. But as with every tool. You can also do some damage if you use it incorrectly.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

I'm glad to announce that ccc is recommended in the book:  📕 Max Power 2020 by  @Timothy_Hall .

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

The PDF slides of my CPX 2020 presentation in Vienna, which features a ccc special, can be found here.

I can provide you with the PPTX version upon request.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ryan_Ryan
Advisor

Danny, this tool is fantastic thank you!

 

I know this may be an impossible task because I am not sure these commands exist but would love to see:

  • IPsec VPN phase 1 (with local IP, peer IP and lifetime remaining)
  • IPsec VPN phase 2 security associations with encryption domain IP addresses in a readable format and lifetime remaining

thanks

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Sven_Glock
Advisor

Hi Danny,

long time no ccc install.

Today I installed ccc to a VSX R80.30 cluster and possibly I found a small bug.

The "shown blades" in the summary only shows "FW" even if there are more active blades.

 

More over:

ccc is showing that coreXL is off when running it on vsx.

This is correct, but somehow not the truth.

How about just showing "vsx" at corexl when ccc is detecting a vsx system?

 

Thanks for your efforts!

 

Cheers

Sven

 

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Hi  @Sven_Glock,

could you please tell me what enabled_blades is showing at your VSX host?

As for VSX and CoreXL, ccc is already showing that it's a VSX host, right?

Regards,
Danny

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

I'm glad to announce that ccc is now officially credited in Check Point's GAiA HealthCheck script for checks courtesy of ccc. Thanks  @Nathan_Davieau.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Sven_Glock
Advisor

People who has to use proxy can use this command to get ccc:

curl_cli --proxy proxy:port -k https://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

New version 4.7 released!

+ Added support for Maestro

thanks to  @Laszlo_Csosza ,  @Anatoly Masover,  @Tom_Hartig & Ilia Anokhin for training

thanks to  @Maarten_Sjouw for testing and his Maestro basic setup documentation

greetings to all Maestro experts,  @Evgeniy_Olkov  [1,2],  @Lari_Luoma@Tomas_Vobruba@Summer_Kablawi@Vinicius_Figuei@Andy_Yelnik1@Liran_Abir etc.

+ Integrated the One-liner for Remote Access VPN Statistics

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

ℹ️ For those wanting to see the system info screen only, run ccc like this: echo q | ccc | head -n-16

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Troy_Yeske
Employee Alumnus
Employee Alumnus

This is really nice.  Do you typically install this on the Mgmt server only or on Mgmt and GW's?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

ccc is typically installed on all types of Check Point Gaia based systems. This includes management servers, gateways, clusters, VSX environments and even Maestro Hyperscale solutions. Embedded Gaia (SMB) is not supported yet.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos