This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Bill_Ng
Collaborator
‎2020-09-17 06:38 AM

backing up configuration and pulling file to different location

All,

We’d like to setup a system where our MoveIT server will be able to pull our gateway config backups.  Is there a way for us to create a Local account with only access /var/log/CPbackup/backups?  If possible we would like restrict this account to only pull from the folder.  Which roles would be required to do so if possible to do so?

Thanks,

Bill

0 Kudos
4 Replies
Danny
Champion
Champion
‎2020-09-17 06:41 AM

First you'll want to create a scponly user.

scottikon
Contributor
‎2020-09-17 08:50 AM
In response to Danny

Alternatively, could you write a script that scps files from /var/log/CPbackup/backups to your server and then crontab that script to run periodically?

Bill_Ng
Collaborator
‎2020-09-17 12:13 PM
In response to Danny

Can this be isolated to  /var/log/CPbackup/backups folder?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-20 01:52 PM

What you’re describing would be best achieved through use of a chroot jail.
While I’m not sure you can execute these exact steps on Gaia OS, this outlines the basic process.
Create the users and groups using standard Gaia OS commands using scponly shell. 

https://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/