This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maarten_Sjouw
Champion
Champion
‎2018-06-28 01:42 PM

IPS Update check per domain R77.30

Hi, I´m looking for a way to run a script that will check each domain on a MDS if there was a IPS update scheduled and what is the latest date of the update.

The frame for running the script over all domains is available, but I need to find which files to check per domain and what command to run to see this information.

Regards, Maarten
7 Replies
Alejandro_Mont1
Collaborator
‎2018-06-29 11:02 AM

I am not sure of a specific CheckPoint command that can be run to check the IPS update stats and can't help with the script, however I believe the info you're looking for is in the $FWDIR/conf directory of each domain- specifically the asm.C file. In it there are a bunch of lines that show "asm_last_update_time", the last of which lists the last time protections were updated in epoch format. The line "asm_update_version_vpn1" shows the current protection version.

 

If you'd like to look at the IPS update schedule, note the name of the IPS time object (click on Edit Schedule and note the name). Search the objects_5_0.C file for that string and its attributes will be below.

Maarten_Sjouw
Champion
Champion
‎2018-06-29 01:53 PM
In response to Alejandro_Mont1

What I have been able to take from that file asm.C is that the value on the field asm_update_version_vpn1 is the loaded version on that specific CMA/Domain.

With the aid of SK93392 I knoew how to convert this version number into a package date, this is what I can use!

I will rework my script to list all domains with their package number and it's date.

If there is any interest in the script, please let me know and I will post it here.

Regards, Maarten
0 Kudos
PhoneBoy
Admin
Admin
‎2018-07-02 03:44 PM
In response to Alejandro_Mont1

As far as I know, there is no CLI command to check that.

Sounds like you can parse it from asm.C, though (which I had forgotten about Smiley Happy).

0 Kudos
Arne_Boettger
Collaborator
‎2018-07-12 12:38 AM

Hello,

take a look at sk120437 - How to obtain IPS Database version via CLI on Security Management Server  .

Would you mind sharing your script once it is complete? I could use it, too 😉

regards, Arne 

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-07-16 02:27 PM
In response to Arne_Boettger

So far the script will collect the domain in 1 rule and the next rule will hold some text and the version number. I have no scripting skills to get this reworked to list a Domain name, package number and date.

What it does allow me to do is put this info in an email per MDS, from there it is simply a text find and replace and a move to excel  where some simple formulas will give you the right output, be this part manual but it works.

We use a separate file called FWLib which sets the variables used in the different scripts we have:

#!/bin/sh
#-----------------------------------------------------------
# FWlib - library holds common libraries for FW*
# script files
#-----------------------------------------------------------

# Set Script constants ...
SCRIPT=`basename $0`
BASEDIR=/backup

SCRIPTDIR=$BASEDIR/scripts
LOG=$SCRIPTDIR/$SCRIPT.log
BCK=$SCRIPTDIR/$SCRIPT.bck

# Set MDS constants ...
MDS_CPDIR=/opt/CPshrd-R77 # needed if script is run from cronjob
# Set FW logfiles constants ...
LOGDIR=/var/log/Our-log
LOGBCK=$BASEDIR/log.bck
TMPDIR=/var/log/Our-logtmp
EXPORT=/var/log/Our-export

# Set MAIL constants ...
readonly MAILSVR=<IP-Address Mailserver>
readonly MAILFROM=`uname -n`@aaa.com
readonly MAILTO=admin@aaa.com
readonly MAILCHK=admin@aaa.com
readonly MAILERROR=admin@aaa.com

# Include Check Point MDS commands and variables ...
source $MDS_CPDIR/tmp/.CPprofile.sh

# aplications
GREP=/bin/grep

function timestamp {
# ---------------------------------------------------------------------------
# Write entry to logfile
# ---------------------------------------------------------------------------
echo `date --utc +%H:%M` "$*"

}

The actual script FWIPSverto run through all Domains on the MDS it is run from:

#!/bin/sh
#-----------------------------------------------------------
# FWIPSver - collects info from all Domains about the actual version 
# of the IPS database.
#-----------------------------------------------------------
# If the script is called with one or more Domain names on
# the command line, these Domains are processed. Otherwise
# the script iterates over the entire Multi Domain
# installation
#-----------------------------------------------------------

# Link additional constants and functions library ...
source `dirname $0`/FWlib

# Declare other variables
declare -a CMAs
# Assign CMAs from the commandline (if any) ...
CMAs=( $* )

#---------------------------------------------------------

# Determine date to be used in filenames
#---------------------------------------------------------
DT=`date --utc +%Y%m%d`

#---------------------------------------------------------
# Initialize Logfile and output file and keep the previous as .bck
#---------------------------------------------------------
# Backup old logfile ...
[ -e $BCK ] && rm $BCK
[ -e $LOG ] && mv $LOG $BCK

# Backup old logfile ...
[ -e data.bck ] && rm data.bck
[ -e data.txt ] && mv data.txt data.bck

# Backup and create new logdir ...
[ -d $LOGDIR ] && rm -R $LOGDIR
[ ! -d $LOGDIR ] && mkdir $LOGDIR

# Remove and create new tmpdir ...
[ ! -d $TMPDIR ] && mkdir $TMPDIR

# Create new logfile ...
echo '**************************************' >$LOG
echo 'Collect IPS versions of all Domains ... ' >>$LOG
echo '**************************************' >>$LOG
echo 'Provider-1 server: '`uname -n` >>$LOG
echo 'Current date : '`date --utc +%d-%m-%Y` >>$LOG
echo 'Current time : '`date --utc +%H:%M` >>$LOG
echo >>$LOG

#---------------------------------------------------------
# Find all Domains
#---------------------------------------------------------

# Set environment to the MDS environment ...
mdsenv

if [ ${#CMAs[@]} = 0 ]; then
# Get all CMA names ...
j=0
for i in `mdsquerydb CMAs`; do
CMAs[j++]=`expr $i : '\(.*\)_\._\._'`
done
fi

#---------------------------------------------------------
for CMA in ${CMAs[@]}; do
echo '============================================' >>$LOG
echo 'Determining IPS Version on CMA: '$CMA >>$LOG
echo '============================================' >>$LOG

# Switch environment to CMA ...
mdsenv $CMA >>NULL
if [ "$?" = "0" ]; then
echo $CMA >>data.txt
cat $FWDIR/conf/asm.C | grep asm_update_version_vpn >>$LOG
cat $FWDIR/conf/asm.C | grep asm_update_version_vpn >>data.txt
echo >>$LOG
else
echo "CMA does not live on this machine" >>$LOG
fi

done
# End of script; close logfile ...
echo >>$LOG
echo '--------------------------------------------' >>$LOG
timestamp 'End of FWIPSver script ... ' >>$LOG
echo '--------------------------------------------' >>$LOG

# Send resulting log file to mail group ...
/opt/CPsuite-R77/fw1/bin/sendmail -t $MAILSVR -s "FW IPS Version check results" -f $MAILFROM $MAILTO <$LOG

/opt/CPsuite-R77/fw1/bin/sendmail -t $MAILSVR -s "FW IPS Version check results" -f $MAILFROM $MAILTO <data.txt

That is all there is to it.

If anyone knows of a simple way to collect just the version number and convert this on the MDS itself before we mail it out that would really help.

Regards, Maarten
0 Kudos
Arne_Boettger
Collaborator
‎2018-07-17 12:31 AM
In response to Maarten_Sjouw

Hello,

Thanks a lot for sharing - I was curious about how you got to the list of CMAs.

I changed it so that it produces a CSV file with CMA Name and Version in one Line. Also, I changed it so I look for the version number according to sk120437. Now, you can sort it by version with the command

 sort -t ";" -k 2 -n data.txt

My diff:

--- FWIPSverto.orig     2018-07-17 07:30:32.000000000 +0200
+++ FWIPSverto  2018-07-17 08:15:57.000000000 +0200
@@ -60,9 +60,11 @@
 # Switch environment to CMA ...
 mdsenv $CMA >>NULL
 if [ "$?" = "0" ]; then
-echo $CMA >>data.txt
-cat $FWDIR/conf/asm.C | grep asm_update_version_vpn >>$LOG
-cat $FWDIR/conf/asm.C | grep asm_update_version_vpn >>data.txt
+echo -n "$CMA;" >>data.txt
+IPSver=$(cat $FWDIR/conf/asm.C | grep -A20 ASMPostInstallProcedures | grep "asm_update_version " | awk '{print $2}')
+IPSver=${IPSver#(}
+IPSver=${IPSver%)}
+echo $IPSver | tee -a $LOG >>data.txt
 echo >>$LOG
 else
 echo "CMA does not live on this machine" >>$LOG

Maarten_Sjouw
Champion
Champion
‎2018-07-17 08:37 AM
In response to Arne_Boettger

Thanks Arne, this was the missing bit to make it useful.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events