Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Moudar
Advisor
Jump to solution

First time wizard oneliner

Hi

When i run this oneliner for FTW:

[Expert@myhost:0]# config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
Done
Configuring OS parameters:      Done
Configuring products:           \

 

 

 

 

you can see: 

 

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected

 

 

What does that mean? How to get rid of it?

I have checked the  /bin/config_system text file:

 

# If one of required parameters is uninitialized or NULL/empty,
    # set ERROR_MSG and return 1
	#/usr/libexec/cp_is_initial_passwd >> $FTW_LOG 2>&1
	#is_admin_pw_default=$?
	#if [ $is_admin_pw_default -eq 0 ] && [ -z "$admin_hash" ]; then 
	#	ERROR_MSG="$MSG1 admin_hash"; 
	#	return 1; 
	#fi
	#########next line is line 1178############
	if [[ $is_maintenance_pw_not_mandatory == $TRUE ]]; then
		#is_maintenance_pw_not_mandatory is a flag for cloud usage. If 'true' then ignore maintenance validation
		log "is_maintenance_pw_not_mandatory flag detetected. Passing validation for maintenance password."
	else
		is_default_maintenance_pw=$(dbget grub2pwd:changeme)
		if [ $is_default_maintenance_pw -eq 1 ] && [ -z "$maintenance_hash" ]; then
			ERROR_MSG="$MSG1 maintenance_hash"; 
			return 1;
		fi
	fi

 

but still don't understand why that message is showing up!

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority

Okay. That's the problem. To work around it, try setting the variable is_maintenance_pw_not_mandatory to the string "true" before running your config_system command:

is_maintenance_pw_not_mandatory="true"
config_system ...

View solution in original post

13 Replies
the_rock
Legend
Legend

Hey bro,

What exactly are you trying to do?

Andy

0 Kudos
Moudar
Advisor

Want to have oneliner for FTW, mine is working but I wonder why i get that message:

Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
0 Kudos
the_rock
Legend
Legend

Let me see if I can test it later, not sure at this point, never tried it.

Andy

0 Kudos
Peter_Lyndley
Advisor
Advisor

I think it is because in R81.20 you'll need to specify the grub2 password as a mandatory part of FTW... As you have not, its erroring.. It might 'work' but maybe thats why.

Moudar
Advisor

I found this:

# Default maintenance password (hash)
# To generate a hash of maintenance password - in expert mode:
# grub2-mkpasswd-pbkdf2

[Expert@myhost:0]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.A5B3E328B7E541CAD88FA32D356033522BF85739B5E3720255A159F4F36AD23D8FCEFFE0ED520D9CB138C1BB9056848DA94C363163862A3F816B3999841F65D8.249EED31E31E829BDEF4A4337B3540B206E2C19037D17C5BCCF32A05EB3B5FE5435382DEC94549746F78052BDF96819CAD03114B5421F2D62276F4D23F94AFC5
config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"&maintenance_hash='grub.pbkdf2.sha512.10000.A5B3E328B7E541CAD88FA32D356033522BF85739B5E3720255A159F4F36AD23D8FCEFFE0ED520D9CB138C1BB9056848DA94C363163862A3F816B3999841F65D8.249EED31E31E829BDEF4A4337B3540B206E2C19037D17C5BCCF32A05EB3B5FE5435382DEC94549746F78052BDF96819CAD03114B5421F2D62276F4D23F94AFC5'
[1] 94213
[Expert@myhost:0]#
Validating configuration file:  /bin/config_system: line 1178: [: -eq: unary operator expected
Done
Configuring OS parameters:      Done

still getting that message!

 

 

0 Kudos
Bob_Zimmerman
Authority
Authority

You need to remove the quote here:

ftw_sic_key=Admin123"&maintenance_hash

and put it at the end, after the single tick closing the hash. I'm pretty sure that still won't work, because what's actually failing is the 'dbget grub2pwd:changeme' command.

0 Kudos
Bob_Zimmerman
Authority
Authority

What version are you trying to deploy? Where did you get the image?

I'm pretty sure you actually got the wrong line 1178. In config_system on my R81.20 systems, 1178 is the "if [ $is_default_maintenance_pw -eq 1 ] ..." line. What do you get if you run this command:

is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

0 Kudos
Moudar
Advisor

This is a LAB machine in Vmware, it is line 1178! check above

 show ver
myhost> show version all
Product version Check Point Gaia R81.20
OS build 631
OS kernel version 3.10.0-1160.15.2cpx86_64
OS edition 64-bit
myhost> cpinfo -y all

This is Check Point CPinfo Build 914000231 for GAIA
[MGMT]
        No hotfixes..
[IDA]
        No hotfixes..
[CPFC]
        No hotfixes..
[FW1]
        HOTFIX_PUBLIC_CLOUD_CA_BUNDLE_AUTOUPDATE
        HOTFIX_GOT_TPCONF_AUTOUPDATE

FW1 build number:
This is Check Point's software version R81.20 - Build 703
kernel: R81.20 - Build 597
[SecurePlatform]
        No hotfixes..
[CPinfo]
        No hotfixes..
[PPACK]
        No hotfixes..
[AutoUpdater]
        No hotfixes..

 

0 Kudos
Bob_Zimmerman
Authority
Authority

What do you get if you run this command:

is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

0 Kudos
Moudar
Advisor

I get nothing:

[Expert@myhost:0]# is_default_maintenance_pw=$(dbget grub2pwd:changeme);echo "$is_default_maintenance_pw"

[Expert@myhost:0]#
0 Kudos
Bob_Zimmerman
Authority
Authority

Okay. That's the problem. To work around it, try setting the variable is_maintenance_pw_not_mandatory to the string "true" before running your config_system command:

is_maintenance_pw_not_mandatory="true"
config_system ...
Moudar
Advisor

now it is working, would you explain what does that command do?

[Expert@myhost:0]# is_maintenance_pw_not_mandatory="true" config_system -s "install_security_gw=true&gateway_daip=false&gateway_cluster_member=true&install_security_management=false&download_info=true&upload_info=true&upload_crash_report=true&ftw_sic_key=Admin123"

Validating configuration file:  Done
Configuring OS parameters:      Done
Configuring products:           Done
Verifying installation...

First time configuration was completed!

Reboot is required in order to complete the installation, please perform it manually
0 Kudos
Bob_Zimmerman
Authority
Authority

The conditional which failed was this one:

[ $is_default_maintenance_pw -eq 1 ]

It has nothing on the left, which can't be compared to an integer at all, so the comparison fails with "[: -eq: unary operator expected". (Note to Check Point: integer comparisons are fundamentally unsafe in bash. You need to test that the variable exists and contains an integer first, or wrap both sides in quotes and do a string comparison.) That comparison is only attempted in the 'else' branch of this comparison, though:

if [[ $is_maintenance_pw_not_mandatory == $TRUE ]]

The variable 'is_maintenance_pw_not_mandatory' is never actually set in the script, so it expects the value to come from outside. As a result, we can just manipulate this comparison to not take the failing branch. Presto: no failure.

Note that this just bypasses the check for whether config_system should require you to specify a maintenance mode password. It still accepts the maintenance_hash value and sets the hash if the value is present. Otherwise, it leaves the password at the default value, which appears to be 'changeme'.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events