Maciej Maczka

Check Point Diagnostic Console (cdc)

Discussion created by Maciej Maczka on Aug 22, 2018
Latest reply on Aug 30, 2018 by Maciej Maczka

Hi Check Mates,


Inspired by Danny Jung and his Common Check Point Commands (ccc) I decided to create a fork of this tool, that will allow to achieve more.





CDC is set of scripts that allows to show CKP parameters, do some simple configuration and do debugs. Scirpts are organized in following way:






  • show - show CKP parameters
  • config - change something
  • debug - start/stop, show debug, test something, show logs




  • MGMT - scripts for Management
  • Gateway - scripts for Gateway



  • Corexl
  • SecureXL
  • Threat Prevention
  • and other stuff



  • enable - start debug
  • show - show debug
  • other - no rules here. Just to kepp is simple



How to use it:


======================== GENERAL ==============================


(go to directory)

cd cdc


(run command)



Hint: Use tab to finish command or to show commands available.



======================== SHOW COMMANDS ==============================


To see all commands  available run:   ls

To search for specific command:   ls  | grep module.  


For example:

[Expert@te:0]# ls | grep securexl


You can alse use  search here: 



======================== SHOW ==============================


All commands start with "show"


[Expert@te:0]# ./show_mgmt_manager_status
Check Point Security Management Server is running and ready


======================== DEBUG ==============================


All commands start with "debug"


To start debug:

Most debugs require 3 commands: enable, show, disable_debug. Some only show.


For example:




This will start debug of ssl inspect module. All kernel variable will be set for you. After that, what to do next message will be presented:




 debug_gateway_ssl_inspect_show | grep <options>


 debug_gateway_debug_disable to turn off debug!


 | grep CN   - to check certificate CN processed by SSL Inspect
 | grep domain - to check search for specific domain
 Check log number. Use grep -A 10 -B 10





To see debug in this example:



CTRL + C to break.


To disable debug




======================== CONFIG  ==============================


All commands start with "config"


[Expert@te:0]# ./config_gateway_identity_users_excluded_clear
Warning this will CLEAR excluded users list!!!
Do you wan't to continue? (Hit any key to continue. CTRL+C to exit)


The suspected service accounts list has been cleared.



There should be a message, what this command will do. You need to press Enter to continue.




====================== HOW TO INSTALL ===================================


In expert mode.

Go to directory where do you want to install. Run:


curl_cli -O
tar xvfz cdc.tar.gz
cd cdc
chmod 755 *
mkdir /var/log/cdc
cat about.txt


You can hind change log here: 


========================== WHAT CAN YOU DO =============================




You can share, edit, add / remove scirpts. Please, be so kind and share changes . Internet access is not required. If you don't want to share changes just edit your scripts.


If you need a new command or feel need to change one, just send a script with correct file name to me


Suggestion, comments, ideas are welcome.

Please also let me know if you see a need to maintain this tool.


Right now we have more than 150 scripts. Hoping for me.



Have fun