This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ramakrishnan
Contributor
‎2023-03-13 10:20 AM
Jump to solution

Landing Expert Mode

HI All, 

 

When I login into Security gateway over SSH I am taking to directly to expert prompt login as showing below:

*************************************************************************
[Expert@nwseg1-pd-fw01:0]# pwd
/home/_nonlocl

But when I change to clish and give expert password throwing wrong password. Firewall is integrated with RADIUS (ISE)

My ISE team told I will use same password for login. Am I am landing on expert level, how I can verify I have expert level access. 

When I check our community when I land on nonlocal doesn't get into expert level 

0 Kudos
2 Solutions

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-03-13 11:45 AM
Jump to solution

"Expert" is really just BASH with root-level permissions. You can't go from BASH into clish, then back into BASH.

To confirm you have root privileges, run 'whoami'. It should show you are 'admin'.

View solution in original post

the_rock
MVP Platinum
MVP Platinum
‎2023-03-13 11:55 AM
Jump to solution

As @Bob_Zimmerman saud, you can run whoami and verify that. By the way, you can always change the mode by below command.

Lets assume admin username is simply admin, command would be as below:

chsh -s /etc/cli.sh admin

You can also do it from web UI from below screen:

 

Screenshot_1.png

 

 [Expert@quantum-firewall:0]# whoami
admin
[Expert@quantum-firewall:0]#

Best,
Andy

View solution in original post

4 Replies
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-03-13 11:45 AM
Jump to solution

"Expert" is really just BASH with root-level permissions. You can't go from BASH into clish, then back into BASH.

To confirm you have root privileges, run 'whoami'. It should show you are 'admin'.

Scottc98
Advisor
‎2023-03-14 09:40 AM
In response to Bob_Zimmerman
Jump to solution

" You can't go from BASH into clish, then back into BASH"

- Is that a limitation of an account via Radius or TACACS?      On a local account (i.e Admin), if I set the 'Shell' to '/bin/bash', it does land in BASH upon a SSH login.   Typing 'clish' puts me into clish mode.   If you type 'exit' it does take you back to the shell. (I.e. have to exit twice to end the SSH session if in direct clish mode). 

Am I missing something?       I have inquiry for either TACAC or Radius to avoid 'sharing' the 'expert' password (i.e Admin users direct to BASH; read only users direct to clish) so curious myself if there is some limitations to consider.    

@ramakrishnan   If you are doing Radius, what is the Super User UID you have set under "User Management => Authentication Servers =>"Radius Servers Advance Configuration".  Is it 96 or 0?

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-03-14 09:47 AM
In response to Scottc98
Jump to solution

You can leave clish, but you can't start another BASH session. That is, you can't log in to BASH, then run 'clish' to get into clish, then run 'expert' to get back into BASH. People try that all the time and are confused when they can "no longer get into expert mode".

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-03-13 11:55 AM
Jump to solution

As @Bob_Zimmerman saud, you can run whoami and verify that. By the way, you can always change the mode by below command.

Lets assume admin username is simply admin, command would be as below:

chsh -s /etc/cli.sh admin

You can also do it from web UI from below screen:

 

Screenshot_1.png

 

 [Expert@quantum-firewall:0]# whoami
admin
[Expert@quantum-firewall:0]#

Best,
Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events