This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
MVP Gold
MVP Gold
‎2021-01-22 06:20 AM

FISMA auditor wants to see a command generated history of configuration/JHF changes done on a gw

Is there a command to issue to show when I manually updated gateway's JHF/versions with CPUSE?  RE: 80.10, 80.20, 80.30, R80.40, R81.  Specifically they want System generated list of production configuration changes for the past 12 months (including software and firmware updates/patches, firewall/router/switch configuration changes, etc.) in excel format

Currently, I am NOT using the CDT.

Some of my gateway's have recently been formatted and rebuilt, so not much history there.

8 Replies
shlomip
Employee Alumnus
Employee Alumnus
‎2021-01-22 07:23 AM

Hi @Daniel_Kavan ,

Several options here:

 - you can use the 'cpinfo -y all' command to see list of installed hotfixes

- in clish you can run 'show installer installed packages' or 'show installer download packages' and so on...

- you can check /opt/CPInstLog/DA_Actions.xml for installed JHF/versions/etc...

- If you are using R81 and you installed your hotfixes/JHF via SmartConsole you can see the list there

- for configuration/routing/etc... you have the 'show config' clish command

 -and of course in CPUSE webUI you can see the list of hotfixes that are installed 

Hope this helps.

 

Daniel_Kavan
MVP Gold
MVP Gold
‎2021-01-22 07:33 AM
In response to shlomip

Hi,

RE: software updates: Thank you.  That DA_Actions.xml  file is perfect.

RE: configuration The auditors aren't looking for the current configuration(show configuration), they want the history of changes over and throughout 2020.   I turned in a 'diff' on a configuration early and later in the year.  We'll see how they like that.

 

PhoneBoy
Admin
Admin
‎2021-01-22 09:35 AM

@Tsahi_Etziony does CPUSE track history in this way?

0 Kudos
Boaz_Orshav
Employee
Employee
‎2021-01-24 10:11 PM
In response to PhoneBoy

Hi

CPUSE track installation history in DA_Actions.xml (100 last actions including internally initiated actions like Deployment Agent self update).

It does not track configuration changes that are seen on "show configuration"

 

Daniel_Kavan
MVP Gold
MVP Gold
‎2021-01-25 12:33 PM
In response to Boaz_Orshav

What I'm being asked today on this....  I said I would request an enhancement.  😚

Per auditor request, this requirement asks for system-generated lists of production configuration changes for the past 12 months. Will generating a list of 100 always cover an entire year for future audits? Is it not possible to change the setting to a period of time (1 year) instead of a number (100)?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-25 02:40 PM
In response to Daniel_Kavan

If you're making a LOT of changes in a year, or we update the Deployment Agent a lot of times, or a combination thereof, then maybe not.
Unless @Boaz_Orshav or someone else says this is tunable somehow, I'd make a formal request through your local Check Point office.

0 Kudos
Boaz_Orshav
Employee
Employee
‎2021-01-25 11:08 PM
In response to PhoneBoy

Notice these are two different things:

1. Show configuration - related to OS configuration. CPUSE is not aware of (most) of these changes hence can't track them. 

2. Packages deployed by CPUSE (HF/Jumbo/Version upgrade) - this can be a nice enhancement to keep track of. As suggested above - I also think the best way to make it happen is to formalize the request.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2021-01-25 11:05 PM

Every modification on the gateway should be properly documented internally. Most orgs are using ticketing tools for that, where you are allowed to do something only in case you have valid ticket for it.

That said, if you have it in place, it is matter of couple of clicks in the ticketing tool to get all tickets within specific timestamp which were done on the gateway.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events