May The Fourth
CloudMates Live Show
days
hours
minutes
seconds
CPX 360 2021 Wrap Up
As the Cyber World Turns:
A Strategy to Increase Security Efficiency
Secure DevOps Access
to Cloud Workloads with Zero Trust
End of Support Policy Update
For R80.10 Release
Check Point Harmony
An In-Depth Look
Is there a command to issue to show when I manually updated gateway's JHF/versions with CPUSE? RE: 80.10, 80.20, 80.30, R80.40, R81. Specifically they want System generated list of production configuration changes for the past 12 months (including software and firmware updates/patches, firewall/router/switch configuration changes, etc.) in excel format
Currently, I am NOT using the CDT.
Some of my gateway's have recently been formatted and rebuilt, so not much history there.
shlomip
Hi @Daniel_Kavan ,
Several options here:
- you can use the 'cpinfo -y all' command to see list of installed hotfixes
- in clish you can run 'show installer installed packages' or 'show installer download packages' and so on...
- you can check /opt/CPInstLog/DA_Actions.xml for installed JHF/versions/etc...
- If you are using R81 and you installed your hotfixes/JHF via SmartConsole you can see the list there
- for configuration/routing/etc... you have the 'show config' clish command
-and of course in CPUSE webUI you can see the list of hotfixes that are installed
Hope this helps.
Hi,
RE: software updates: Thank you. That DA_Actions.xml file is perfect.
RE: configuration The auditors aren't looking for the current configuration(show configuration), they want the history of changes over and throughout 2020. I turned in a 'diff' on a configuration early and later in the year. We'll see how they like that.
PhoneBoy
@Tsahi_Etziony does CPUSE track history in this way?
Boaz_Orshav
Hi
CPUSE track installation history in DA_Actions.xml (100 last actions including internally initiated actions like Deployment Agent self update).
It does not track configuration changes that are seen on "show configuration"
What I'm being asked today on this.... I said I would request an enhancement. 😚
Per auditor request, this requirement asks for system-generated lists of production configuration changes for the past 12 months. Will generating a list of 100 always cover an entire year for future audits? Is it not possible to change the setting to a period of time (1 year) instead of a number (100)?
PhoneBoy
If you're making a LOT of changes in a year, or we update the Deployment Agent a lot of times, or a combination thereof, then maybe not.
Unless @Boaz_Orshav or someone else says this is tunable somehow, I'd make a formal request through your local Check Point office.
Boaz_Orshav
Notice these are two different things:
1. Show configuration - related to OS configuration. CPUSE is not aware of (most) of these changes hence can't track them.
2. Packages deployed by CPUSE (HF/Jumbo/Version upgrade) - this can be a nice enhancement to keep track of. As suggested above - I also think the best way to make it happen is to formalize the request.
JozkoMrkvicka
Every modification on the gateway should be properly documented internally. Most orgs are using ticketing tools for that, where you are allowed to do something only in case you have valid ticket for it.
That said, if you have it in place, it is matter of couple of clicks in the ticketing tool to get all tickets within specific timestamp which were done on the gateway.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY