This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AntonMakarychev
Contributor
Contributor
‎2023-03-29 06:37 AM
Jump to solution

Removal hostname information from Gaia Web UI

Hi, Checkmates!

I would like to share with you one tip I found out when I was trying to resolve audit findings.

One of audit findings was that there shouldn't be hostname exposed when Gaia portal page is loaded.

I haven't found any Check Point article regarding that so made my own investigation.

Using Browser developers tools I found out that the file login.js is loading during the page opening.

After that I logged in to the gateway and found the location of the file is /web/htdocs2/js/

And the section which is responsible for hostname displaying:

Picture 1.jpg

 

Instruction how to disable hostname from Check Point Gaia Web UI:

  1. Connect to the gateway
  2. Go to path /web/htdocs2/js/
  3. Backup the login.js file as below

           cp login.js login.js_bkp

4. Edit the login.js file using Vi editor

5. Remove the below lines related to hostname 

{

xtype: 'displayfield',

id: 'hostname_caption_id',

//cls: 'webui_version_hbox',

value: hostname,

hidden: false,

hideLabel: true,

listeners: {

 beforerender: function(){

 if (this.value == "") {

 this.hidden=true;

 }

 else {

this.hidden=false;

 }

}

6. Save the file.

7. Restart the httpd2 process on the gateway using below commands:

tell pm httpd2

tell pm httpd2 t

 

Hope this helps! Thank you!

 

Update:

You can change the setting also through Web UI settings:

Screenshot2.png

If this checkbox is disabled but you still have hostname shown just enable and then disable it again.

 

 

 

 

1 Solution

Accepted Solutions
AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:17 AM
In response to the_rock
Jump to solution

Actually I found this setting in the portal:

Screenshot2.png

It was disabled by default but hostname was shown.

After I enabled/disabled it once again the hostname disappeared.

View solution in original post

14 Replies
the_rock
Legend
Legend
‎2023-03-29 06:44 AM
Jump to solution

Thanks for sharing!

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-03-29 06:51 AM
In response to the_rock
Jump to solution

Do you understand what is hidden here ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2023-03-29 06:57 AM
In response to G_W_Albrecht
Jump to solution

Lets let @AntonMakarychev confirm, but I believe he may be referring to below:

 

Screenshot_1.png

0 Kudos
AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:05 AM
In response to the_rock
Jump to solution

I attached the screenshot, the hostname is exposed in the login page. Here it doesn't make sense to hide anything as an intruder needs to know credentials to get to this page.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-03-29 07:05 AM
In response to the_rock
Jump to solution

He talks about something shown before login.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-03-29 06:47 AM
Jump to solution

You wrote: One of audit findings was that there shouldn't be hostname exposed when Gaia portal page is loaded.

Can you show in a screenshot what you mean ? I never see a hostname for my GWs, only IPs !

Also, why deleting lines at all ? Usually you just comment them out and leave a note there when and why you did that...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:01 AM
In response to G_W_Albrecht
Jump to solution

screenshot1.jpg

That's hostname that will be hidden. As a potential intruder will be able to load this page and get information about naming convention in the organisation.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-03-29 07:04 AM
In response to AntonMakarychev
Jump to solution

hn.png

I have  defined a GW hostname but never had anything at that spot !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2023-03-29 07:06 AM
In response to G_W_Albrecht
Jump to solution

Me neither, checked 5 devices 🙂

 

Screenshot_1.png

0 Kudos
AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:17 AM
In response to the_rock
Jump to solution

Actually I found this setting in the portal:

Screenshot2.png

It was disabled by default but hostname was shown.

After I enabled/disabled it once again the hostname disappeared.

the_rock
Legend
Legend
‎2023-03-29 07:21 AM
In response to AntonMakarychev
Jump to solution

100% correct...I found one appliance in my lab where it shows and that setting is the reason 👍

0 Kudos
AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:25 AM
In response to the_rock
Jump to solution

But anyway it is good to know how you can customise the login page.

the_rock
Legend
Legend
‎2023-03-29 07:38 AM
In response to AntonMakarychev
Jump to solution

100percentYesGIF.gif

AntonMakarychev
Contributor
Contributor
‎2023-03-29 07:03 AM
In response to G_W_Albrecht
Jump to solution

Regarding deletion, yes you can comment this section - the result will be the same.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events