This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Brian_Deutmeyer
Collaborator
‎2018-09-04 09:11 AM
Jump to solution

Delete or Hide Tasks from SmartConsole

I'd like to change all my LOM passwords using ipmitool via the API using run script. The issue I'm facing is the new password will be visible in SmartConsole when looking at tasks that have been run.  Is there a way to delete or hide certain tasks so we can keep certain data safe (like passwords)?

1 Solution

Accepted Solutions
Uri_Bialik
Mod
Mod
‎2018-10-18 02:01 AM
Jump to solution

Thank you for bringing this to our attention!

We had several RnD meetings to discuss this issue and we're considering changing the run-script command so that sensitive data will not be leaked by mistake.

 

In the meanwhile, you'll be glad to know that there is a way to avoid this issue today (no API change is required):

* The run-script API has an "args" parameter.

* The data in the "args" parameter is passed to the script however the data in the "args" parameter does not appear in the audit logs.

 

For example:

"mgmt_cli run-script script-name 'sample1' script 'my_script.sh -p $1' args 'my secret password' targets r80_20_ga -r true"

The audit log for the above script would show "my_script.sh -p $1" and will not include the secret password.

 

We'll update the run-script API documentation to bring it to the attention of other users.

View solution in original post

2 Replies
Uri_Bialik
Mod
Mod
‎2018-10-18 02:01 AM
Jump to solution

Thank you for bringing this to our attention!

We had several RnD meetings to discuss this issue and we're considering changing the run-script command so that sensitive data will not be leaked by mistake.

 

In the meanwhile, you'll be glad to know that there is a way to avoid this issue today (no API change is required):

* The run-script API has an "args" parameter.

* The data in the "args" parameter is passed to the script however the data in the "args" parameter does not appear in the audit logs.

 

For example:

"mgmt_cli run-script script-name 'sample1' script 'my_script.sh -p $1' args 'my secret password' targets r80_20_ga -r true"

The audit log for the above script would show "my_script.sh -p $1" and will not include the secret password.

 

We'll update the run-script API documentation to bring it to the attention of other users.

Brian_Deutmeyer
Collaborator
‎2018-12-09 08:16 PM
In response to Uri_Bialik
Jump to solution

Thanks, Uri!

As a side question, would you anticipate a performance or database issue with running 1000-1500 run-script API calls per day?  I’m considering using run-script to call fw sam on our MDS from SmartEvent. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events