checkpoint gateway login with bash 4.4 shell

-K- · ‎2021-12-23

Hi

Does anybody have an idea when radius user is doing ssh to the gateway it lends to bash-4.4 shell instead of expert mode as we have set aaa radius-servers default-shell /bin/bash & add rba role radius-group-any domain-type System all-features.

Local user lands properly to /bin/bash or expert mode but the issue is only with radius user.

Gateway is running on R80.40 - T120, tried all possible

any clue how this issue to be fixed ?

Please suggest, thanks.

Bob_Zimmerman · ‎2021-12-23

I suspect there may be some confusion. Bash is expert mode.

-K- · ‎2022-01-11

yes /bin/bash is expert mode, when user logs in using radius account it goes into bash4.4 which is kernal should go to expert mode.

When user logs in using local user it works perfectly fine going to /bin/bash expert mode.

Bob_Zimmerman · ‎2022-01-11

As of GAiA 3.10, the version of bash included is 4.4.19. Expert mode is bash, and bash is expert mode.

What is the difference you are seeing?

-K- · ‎2022-01-12

not all commands working from bash4.4 and post going to clish respective commands works.

But when I use local user credentials - its going directly to expert mode which is (/bin/bash) expected but not the same case for Radius users.

Bob_Zimmerman · ‎2022-01-12

[Expert@DallasSA]# echo $SHELL
/bin/bash
[Expert@DallasSA]# $SHELL --version
GNU bash, version 4.4.19(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
[Expert@DallasSA]# fwm ver
This is Check Point Security Management Server R81 - Build 009
[Expert@DallasSA]#

Again, bash 4.4 is expert mode. What exactly are you calling "bash4.4"? Is the prompt different, or something?

Bob_Zimmerman · ‎2022-01-18

I think I figured out what you mean! If the /etc/bashrc doesn't run, you wind up with a prompt like this:

This system is for authorized use only.
Last login: Tue Jan 18 19:48:04 2022 from <address>
-bash-4.4#

That just means you weren't able to run the bashrc, which is where the prompt is changed. That is very weird, though, because /etc is world-readable and world-traversable, and /etc/bashrc is world-readable. If this is the prompt you see when you log in, I suspect something is seriously wrong with the permissions on your system.

-K- · ‎2022-01-19

Yes and another rest of the firewallls are good so no issue from permission point of view but something wrong with specific affected node. still trying to figure out what is the cause of this.

nmelay · ‎2022-01-19

That's probably login shell vs non-login shell, rather than a filesystem permission issue.

the_rock · ‎2021-12-23

@Bob_Zimmerman is absolutely right, bash IS expert mode. So say you have user called "radiususer", below are 2 most common commands to change the shell (though there are 7 of them I believe).

To keep default mode (so they have to go to expert themselves), you would execute below, or keep it as default:

chsh -s /etc/cli.sh radiususer

To get them to expert mode when they log in:

chsh -s /bin/bash radiususer

For embedded gaia, its bashUser on and bashUser off

Andy

Best,
Andy

-K- · ‎2022-01-11

Tried this but it seems this works with only local users and not with user as radiususer.

chsh: can only change local entries.

Are you a member of CheckMates?

checkpoint gateway login with bash 4.4 shell