This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moudar
Advisor
‎2024-07-19 02:24 AM
Jump to solution

First time wizard oneliner

Hi

When i run this oneliner for FTW:

[Expert@myhost:0]# config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
Done
Configuring OS parameters:      Done
Configuring products:           \

 

 

 

 

you can see: 

 

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected

 

 

What does that mean? How to get rid of it?

I have checked the  /bin/config_system text file:

 

# If one of required parameters is uninitialized or NULL/empty,
    # set ERROR_MSG and return 1
	#/usr/libexec/cp_is_initial_passwd >> $FTW_LOG 2>&1
	#is_admin_pw_default=$?
	#if [ $is_admin_pw_default -eq 0 ] && [ -z "$admin_hash" ]; then 
	#	ERROR_MSG="$MSG1 admin_hash"; 
	#	return 1; 
	#fi
	#########next line is line 1178############
	if [[ $is_maintenance_pw_not_mandatory == $TRUE ]]; then
		#is_maintenance_pw_not_mandatory is a flag for cloud usage. If 'true' then ignore maintenance validation
		log "is_maintenance_pw_not_mandatory flag detetected. Passing validation for maintenance password."
	else
		is_default_maintenance_pw=$(dbget grub2pwd:changeme)
		if [ $is_default_maintenance_pw -eq 1 ] && [ -z "$maintenance_hash" ]; then
			ERROR_MSG="$MSG1 maintenance_hash"; 
			return 1;
		fi
	fi

 

but still don't understand why that message is showing up!

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority
‎2024-07-19 09:06 AM
In response to Moudar
Jump to solution

Okay. That's the problem. To work around it, try setting the variable is_maintenance_pw_not_mandatory to the string "true" before running your config_system command:

is_maintenance_pw_not_mandatory="true"
config_system ...

View solution in original post

13 Replies
the_rock
Legend
Legend
‎2024-07-19 03:54 AM
Jump to solution

Hey bro,

What exactly are you trying to do?

Andy

0 Kudos
Moudar
Advisor
‎2024-07-19 05:49 AM
In response to the_rock
Jump to solution

Want to have oneliner for FTW, mine is working but I wonder why i get that message:

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
0 Kudos
the_rock
Legend
Legend
‎2024-07-19 06:04 AM
In response to Moudar
Jump to solution

Let me see if I can test it later, not sure at this point, never tried it.

Andy

0 Kudos
Peter_Lyndley
Advisor
Advisor
‎2024-07-19 06:26 AM
In response to Moudar
Jump to solution

I think it is because in R81.20 you'll need to specify the grub2 password as a mandatory part of FTW... As you have not, its erroring.. It might 'work' but maybe thats why.

Moudar
Advisor
‎2024-07-19 06:36 AM
In response to Peter_Lyndley
Jump to solution

I found this:

# Default maintenance password (hash)
# To generate a hash of maintenance password - in expert mode:
# grub2-mkpasswd-pbkdf2

[Expert@myhost:0]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.A5B3E328B7E541CAD88FA32D356033522BF85739B5E3720255A159F4F36AD23D8FCEFFE0ED520D9CB138C1BB9056848DA94C363163862A3F816B3999841F65D8.249EED31E31E829BDEF4A4337B3540B206E2C19037D17C5BCCF32A05EB3B5FE5435382DEC94549746F78052BDF96819CAD03114B5421F2D62276F4D23F94AFC5
config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"&maintenance_hash='grub.pbkdf2.sha512.10000.A5B3E328B7E541CAD88FA32D356033522BF85739B5E3720255A159F4F36AD23D8FCEFFE0ED520D9CB138C1BB9056848DA94C363163862A3F816B3999841F65D8.249EED31E31E829BDEF4A4337B3540B206E2C19037D17C5BCCF32A05EB3B5FE5435382DEC94549746F78052BDF96819CAD03114B5421F2D62276F4D23F94AFC5'
[1] 94213
[Expert@myhost:0]#
Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
Done
Configuring OS parameters:      Done

still getting that message!

 

 

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-19 07:31 AM
In response to Moudar
Jump to solution

You need to remove the quote here:

ftw_sic_key=Admin123"&maintenance_hash

and put it at the end, after the single tick closing the hash. I'm pretty sure that still won't work, because what's actually failing is the 'dbget grub2pwd:changeme' command.

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-19 06:46 AM
Jump to solution

What version are you trying to deploy? Where did you get the image?

I'm pretty sure you actually got the wrong line 1178. In config_system on my R81.20 systems, 1178 is the "if [ $is_default_maintenance_pw -eq 1 ] ..." line. What do you get if you run this command:

is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

0 Kudos
Moudar
Advisor
‎2024-07-19 06:51 AM
In response to Bob_Zimmerman
Jump to solution

This is a LAB machine in Vmware, it is line 1178! check above

 show ver
myhost> show version all
Product version Check Point Gaia R81.20
OS build 631
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit
myhost> cpinfo -y all

This is Check Point CPinfo Build 914000231 for GAIA
[MGMT]
        No hotfixes..
[IDA]
        No hotfixes..
[CPFC]
        No hotfixes..
[FW1]
        HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
        HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 703
kernel: R81.20 - Build 597
[SecurePlatform]
        No hotfixes..
[CPinfo]
        No hotfixes..
[PPACK]
        No hotfixes..
[AutoUpdater]
        No hotfixes..

 

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-19 07:33 AM
In response to Moudar
Jump to solution

What do you get if you run this command:

is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

0 Kudos
Moudar
Advisor
‎2024-07-19 08:22 AM
In response to Bob_Zimmerman
Jump to solution

I get nothing:

[Expert@myhost:0]# is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

[Expert@myhost:0]#
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-19 09:06 AM
In response to Moudar
Jump to solution

Okay. That's the problem. To work around it, try setting the variable is_maintenance_pw_not_mandatory to the string "true" before running your config_system command:

is_maintenance_pw_not_mandatory="true"
config_system ...
Moudar
Advisor
‎2024-07-19 09:18 AM
In response to Bob_Zimmerman
Jump to solution

now it is working, would you explain what does that command do?

[Expert@myhost:0]# is_maintenance_pw_not_mandatory="true" config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"

Validating configuration file:  Done
Configuring OS parameters:      Done
Configuring products:           Done
Verifying installation...

First time configuration was completed!

Reboot is required in order to complete the installation, please perform it manually
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2024-07-19 10:28 AM
In response to Moudar
Jump to solution

The conditional which failed was this one:

[ $is_default_maintenance_pw -eq 1 ]

It has nothing on the left, which can't be compared to an integer at all, so the comparison fails with "[: -eq: unary operator expected". (Note to Check Point: integer comparisons are fundamentally unsafe in bash. You need to test that the variable exists and contains an integer first, or wrap both sides in quotes and do a string comparison.) That comparison is only attempted in the 'else' branch of this comparison, though:

if [[ $is_maintenance_pw_not_mandatory == $TRUE ]]

The variable 'is_maintenance_pw_not_mandatory' is never actually set in the script, so it expects the value to come from outside. As a result, we can just manipulate this comparison to not take the failing branch. Presto: no failure.

Note that this just bypasses the check for whether config_system should require you to specify a maintenance mode password. It still accepts the maintenance_hash value and sets the hash if the value is present. Otherwise, it leaves the password at the default value, which appears to be 'changeme'.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events