- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!
ccc is a menu-driven Bash script to run common Gaia CLI tasks and show advanced system summary information.
curl_cli $(if [[ `grep proxy:ip /config/active` ]]; then echo -n '--proxy '; grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n'; echo -n :; grep proxy:port /config/active|cut -f2 -d' '; fi) -k https://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc
🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!
ccc is a menu-driven Bash script to run common Gaia CLI tasks and show advanced system summary information.
curl_cli $(if [[ `grep proxy:ip /config/active` ]]; then echo -n '--proxy '; grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n'; echo -n :; grep proxy:port /config/active|cut -f2 -d' '; fi) -k https://dannyjung.de/ccc | zcat > /u
Thanks for the reply.. Its required many times during troubleshooting... Hopefully someone will share the command...
I looked into this when researching the second edition of my book, and there is simply no way to disable APCL/URLF "on the fly" for a security gateway without unchecking those features on the firewall object and reinstalling policy. As to why, my guess is that APCL/URLF policy enforcement is a bit too tightly intertwined with Stateful Inspection and the other key firewall operations. IPS/TP is more separated though, and can be disabled on the fly with the ips off and fw amw unload commands as detailed in my CPX360 presentation here:
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
I looked into this when researching the second edition of my book, and there is simply no way to disable APCL/URLF "on the fly" for a security gateway without unchecking those features on the firewall object and reinstalling policy. As to why, my guess is that APCL/URLF policy enforcement is a bit too tightly intertwined with Stateful Inspection and the other key firewall operations. IPS/TP is more separated though, and can be disabled on the fly with the ips off and fw amw unload comma
...;Hi and thank you for all the effort Nicely done!
I've found a syntax error in FIREWALL TROUBLESHOOTING -> CheckPoint Appliance -> show sysenv all
Command is: clish -c "show sysenv all | more" and ends with error: Invalid command:'show sysenv all | more'.
I think command should be: clish -c "show sysenv all" | more
Best regards
Hi and thank you for all the effort Nicely done!
I've found a syntax error in FIREWALL TROUBLESHOOTING -> CheckPoint Appliance -> show sysenv all
Command is: clish -c "show sysenv all | more" and ends with error: Invalid command:'show sysenv all | more'.
I think command should be: clish -c "show sysenv all" | more
Best regards
Hi Danny
There is a non ASCII Character in the ccc Skript. line 58:
TIME=`cpstat fw | grep "Install time" | awk '{print $4" "$5" "$7" ´"$6}' | cut -d':' -f1,2`; echo -n .
Between the $7 and the $6. Can you please remove it?
Thanks and best regards
Martin
Hi Danny
There is a non ASCII Character in the ccc Skript. line 58:
TIME=`cpstat fw | grep "Install time" | awk '{print $4" "$5" "$7" ´"$6}' | cut -d':' -f1,2`; echo -n .
Between the $7 and the $6. Can you please remove it?
Thanks and best regards
Martin
How about adding (as per sk62873)
cpca_client lscert -kind SIC
... to view all SIC certificates?
Maybe even limited to list those with expiration e.g. +/- 90 days.
What about to check if LOM is available and in case yes, what is the version ? Compare the installed version with the latest LOM firmware map and inform user that it would be good idea to upgrade LOM. This check would be better available within Healthcheck script.
What about to check if LOM is available and in case yes, what is the version ? Compare the installed version with the latest LOM firmware map and inform user that it would be good idea to upgrade LOM. This check would be better available within Healthcheck script.
;Thank you Danny for such a great work.
is it possible to have a Custom commands section where users can easily add most used commands so they can easily access those commands which are used almost everyday in that particular environment.
I know I might be asking too much but it would be great if people can add their custom commands in one section, by following simple instructions editing the script.
Thank you Danny for such a great work.
is it possible to have a Custom commands section where users can easily add most used commands so they can easily access those commands which are used almost everyday in that particular environment.
I know I might be asking too much but it would be great if people can add their custom commands in one section, by following simple instructions editing the script.
;That's a great idea. The most practical way to organize and run custom commands would probably be the first version of this script.
Just compare version 1 vs. version 2 to see the first version with the basic commands include. It allows for easy modification and customization
That's a great idea. The most practical way to organize and run custom commands would probably be the first version of this script.
Just compare version 1 vs. version 2 to see the first version with the basic commands include. It allows for easy modification and customization
;Thanks Danny for your prompt response. the above hyperlink did not work as It says I am not authorised. any other place I can get hold of older version please?
#!/bin/bash
echo "## Custom Check Point commands ##"
echo "1: cat /etc/cp-release - Show Check Point version"
echo "2: cplic print -x - Show installed CP licenses"
echo "3: df -h - Show available disk space"
echo ""
echo -en "Select a command: "
read i; case $i in
1) cat /etc/cp-release ;;
2) cplic print -x ;;
3) df -h ;;
*) exit 0
esac
exit 0
#!/bin/bash
echo "## Custom Check Point commands ##"
echo "1: cat /etc/cp-release - Show Check Point version"
echo "2: cplic print -x - Show installed CP licenses"
echo "3: df -h - Show available disk space"
echo ""
echo -en "Select a command: "
read i; case $i in
1) cat /etc/cp-release ;;
2) cplic print -x ;;
3) df -h ;;
*) exit 0
esac
exit 0
;
Hi Danny,
is version 3.9 live now?
I still see v3.8 in the script on below URL
Hi Danny,
is version 3.9 live now?
I still see v3.8 in the script on below URL
;Ok Thanks for that. So the script will ask the user if he wants to update?
also what other user control options have been added please?
Does this need to be installed on all CP nodes, or can it exist on the management server, and use to connect to the managed nodes?
I just have found out that using GAiA WebGUI Terminal window or Dashboard > Actions > Open Shell..., ccc navigation will not work - cursor moves one line down, then no more.
RFE: in FW Management + GW, we can find
# cpvinfo /opt/CPda/bin/DAService | grep Build
Build Number = 1671
But why not use the full command from sk92449 instead ?
# cpvinfo $DADIR/bin/DAService | grep -E "Build|Minor"
Build Number = 1671
Minor Release = megatron_ms1
RFE: in FW Management + GW, we can find
# cpvinfo /opt/CPda/bin/DAService | grep Build
Build Number = 1671
But why not use the full command from sk92449 instead ?
# cpvinfo $DADIR/bin/DAService | grep -E "Build|Minor"
Build Number = 1671
Minor Release = megatron_ms1
Very nice nu version ! But:
System Firewall Management (with Smart Event)
Type VMware Virtual Platform
Status during initialization
OS Gaia R80.20 JHF (Take 73) @ 64-bit
CPU 2 Cores | Load 8.45%
RAM 18 GB (Free: 11 GB) | Swapping 0 GB
Core dumps - | Crash dumps: -
Disk use / 19390744% | /var/log/ 6555932%
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current 38G 18G 19G 48% /
/dev/sda1 289M 24M 251M 9% /boot
tmpfs 8.8G 4.0K 8.8G 1% /dev/shm
/dev/mapper/vg_splat-lv_log 25G 17G 6.3G 73% /var/log
Very nice nu version ! But:
System Firewall Management (with Smart Event)
Type VMware Virtual Platform
Status during initialization
OS Gaia R80.20 JHF (Take 73) @ 64-bit
CPU 2 Cores | Load 8.45%
RAM 18 GB (Free: 11 GB) | Swapping 0 GB
Core dumps - | Crash dumps: -
Disk use / 19390744% | /var/log/ 6555932%
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current 38G 18G 19G 48% /
/dev/sda1 289M 24M 251M 9% /boot
tmpfs 8.8G 4.0K 8.8G 1% /dev/shm
/dev/mapper/vg_splat-lv_
🏆 Code Hub Contribution of the Year 2018!
👍 Endorsed by Check Point Support!
📕 Max Power 2020 advice!
ccc is a menu-driven Bash script to run common Gaia CLI tasks and show advanced system summary information.
curl_cli $(if [[ `grep proxy:ip /config/active` ]]; then echo -n '--proxy '; grep proxy:ip /config/active|cut -f2 -d' '|tr -d '\n'; echo -n :; grep proxy:port /config/active|cut -f2 -d' '; fi) -k https://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY