- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Is there a command to issue to show when I manually updated gateway's JHF/versions with CPUSE? RE: 80.10, 80.20, 80.30, R80.40, R81. Specifically they want System generated list of production configuration changes for the past 12 months (including software and firmware updates/patches, firewall/router/switch configuration changes, etc.) in excel format
Currently, I am NOT using the CDT.
Some of my gateway's have recently been formatted and rebuilt, so not much history there.
Hi @Daniel_Kavan ,
Several options here:
- you can use the 'cpinfo -y all' command to see list of installed hotfixes
- in clish you can run 'show installer installed packages' or 'show installer download packages' and so on...
- you can check /opt/CPInstLog/DA_Actions.xml for installed JHF/versions/etc...
- If you are using R81 and you installed your hotfixes/JHF via SmartConsole you can see the list there
- for configuration/routing/etc... you have the 'show config' clish command
-and of course in CPUSE webUI you can see the list of hotfixes that are installed
Hope this helps.
Hi,
RE: software updates: Thank you. That DA_Actions.xml file is perfect.
RE: configuration The auditors aren't looking for the current configuration(show configuration), they want the history of changes over and throughout 2020. I turned in a 'diff' on a configuration early and later in the year. We'll see how they like that.
@Tsahi_Etziony does CPUSE track history in this way?
Hi
CPUSE track installation history in DA_Actions.xml (100 last actions including internally initiated actions like Deployment Agent self update).
It does not track configuration changes that are seen on "show configuration"
What I'm being asked today on this.... I said I would request an enhancement. 😚
Per auditor request, this requirement asks for system-generated lists of production configuration changes for the past 12 months. Will generating a list of 100 always cover an entire year for future audits? Is it not possible to change the setting to a period of time (1 year) instead of a number (100)?
If you're making a LOT of changes in a year, or we update the Deployment Agent a lot of times, or a combination thereof, then maybe not.
Unless @Boaz_Orshav or someone else says this is tunable somehow, I'd make a formal request through your local Check Point office.
Notice these are two different things:
1. Show configuration - related to OS configuration. CPUSE is not aware of (most) of these changes hence can't track them.
2. Packages deployed by CPUSE (HF/Jumbo/Version upgrade) - this can be a nice enhancement to keep track of. As suggested above - I also think the best way to make it happen is to formalize the request.
Every modification on the gateway should be properly documented internally. Most orgs are using ticketing tools for that, where you are allowed to do something only in case you have valid ticket for it.
That said, if you have it in place, it is matter of couple of clicks in the ticketing tool to get all tickets within specific timestamp which were done on the gateway.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY