on Sep 22, 2018Hey,
Has anyone installed mgmt_cli on Ubuntu (no Check Point installation on this server)? Which libraries etc. do I need to get it working?
Thanks!
Hey,
Has anyone installed mgmt_cli on Ubuntu (no Check Point installation on this server)? Which libraries etc. do I need to get it working?
Thanks!
Step 1: from SMS R80.10, copy the following files to a "temporay dir"
cp /lib/libaudit.so.0 .
cp /lib/libpam.so.0 .
cp /opt/CPshrd-R80/lib/libAppUtils.so .
cp /opt/CPshrd-R80/lib/libckpssl.so .
cp /opt/CPshrd-R80/lib/libcom_err.so.3 .
cp /opt/CPshrd-R80/lib/libComUtils.so .
cp /opt/CPshrd-R80/lib/libcpbcrypt.so .
cp /opt/CPshrd-R80/lib/libcpca.so .
cp /opt/CPshrd-R80/lib/libcpcert.so .
cp /opt/CPshrd-R80/lib/libcpcryptutil.so .
cp /opt/CPshrd-R80/lib/libcpopenssl.so .
cp /opt/CPshrd-R80/lib/libcp_policy.so .
cp /opt/CPshrd-R80/lib/libcpprng.so .
cp /opt/CPshrd-R80/lib/libDataStruct.so .
cp /opt/CPshrd-R80/lib/libEncode.so .
cp /opt/CPshrd-R80/lib/libEventUtils.so .
cp /opt/CPshrd-R80/lib/libfwsetdb.so .
cp /opt/CPshrd-R80/lib/libgssapi_krb5.so.2 .
cp /opt/CPshrd-R80/lib/libk5crypto.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5support.so.0 .
cp /opt/CPshrd-R80/lib/liblibcurl.so .
cp /opt/CPshrd-R80/lib/libmgmt_cli_utils.so .
cp /opt/CPshrd-R80/lib/libndb.so .
cp /opt/CPshrd-R80/lib/libOS.so .
cp /opt/CPshrd-R80/lib/libProdUtils.so .
cp /opt/CPshrd-R80/lib/libReg.so .
cp /opt/CPshrd-R80/lib/libResolve.so .
cp /opt/CPshrd-R80/lib/libsicauth.so .
cp /opt/CPshrd-R80/lib/libsic.so .
cp /opt/CPshrd-R80/lib/libskey.so .
cp /opt/CPshrd-R80/bin/mgmt_cli .
Step 2:
a) backup the files using tar (mgmt_cli.tar.gz)
b) download mgmt_cli.tar.gz from SMS
c) upload mgmt_cli.tar.gz to Ubuntu
Step 3:
On Ubuntu 64 bit:
Create a dir. E.g.: /opt/checkpoint
untar mgmt_cli.tar.gz to /opt/checkpoint
All the files from Step 1 should be visible under /opt/checkpoint
Step 4:
Because R80.10 has some 32 bit binaries, execute the following:
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386
sudo apt-get install libncurses5:i386
sudo apt-get install libstdc++6:i386
export LD_LIBRARY_PATH=/opt/checkpoint
After you have completed step 1 until 4, you should be able to run mgmt_cli from Ubuntu.
I was using it in the beginning; now I am using Ansible.
Thanks Kris! However, I'm getting an error on one Check Point library. I think it needs to be compiled to Ubuntu to get it working. I do have it in the directory.
Which version of Ubuntu are you using? I didn't need to compile anything.
E.g. libmgmt_cli_utils.so library is a dynamic library. You need to tell Linux where it can locate it at runtime.
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/checkpoint"
When you enter
# echo $LD_LIBRARY_PATH
the path /opt/checkpoint should be listed.
Can you try this? Maybe a ldconfig is necessary?
Let me know what the outcome is. If negative, I will build a new Linux system and let you know the steps required to find the libraries at runtime.
See also:
https://help.ubuntu.com/community/EnvironmentVariables
https://askubuntu.com/questions/950313/set-ld-library-path-permanently-ubuntu
Sorry, for nagging, but what you are trying to do is an unsupported configuration.
API support in Management Server R80 and above SK says: Check Point offers the mgmt_cli binary for Gaia OS and mgmt_cli.exe for Windows OS
Thanks Valeri! We should state it more clearly in the SK that the mgmt_cli is not supported in other operating systems than Gaia and Windows. Case closed!
Hi Valeriu,
Are you sure it is unsupported? What would make mgmt_cli unsupported on Ubuntu Linux?
From Check Point's Security Management Architecture Overview:
The mgmt_cli tool is portable and can run on any Linux or Windows machine. A Linux version of the mgmt_cli
command line tool is included in all R80.10 Gaia installations. A windows version (mgmt_cli.exe) is in the R80.10
SmartConsole installation.
A Check Point TAC engineer confirmed to me that the mgmt_cli is supported on Ubuntu Linux.
I have to admit: Check Point's documentation is in some situations contradictory or non-existent. I experience it on a daily basis.
Kind regards,
Kris
I have to admit, Valeriu is the best of all typos.
Kris Pellens, I was quoting an official SK for the tool. It names two specific OS platforms only. Yet, to clarify the issue, I will ask Tomer Sole to comment on this
You are correct. The documentation is not clear on this topic. Once we get a final verdict on this, I'll do my best to clarify the SK as well.
Hi all,
The official answer will be provided in a couple of days, please stand by
Hi Valeri,
Did you receive an answer so far? Would be interesting to know what the official statement is regarding the usage in a different linux environment besides Gaia/RH.
Regards,
Maik
The better question is, why not go for REST API instead and use this, instead of tinkering with the binary...
Because mgmt_cli is a ready made client and easier to use than REST API. It doesn’t also require any coding experience. With REST you have to use Curl or some programming language to make it work.
Apologize for the late response. The instructions are incomplete and require a file that we have not posted. We are working on fixing the SK and the API documentation portal. Will update here once the instructions are set.
Does it mean Ubuntu deployment is actually supported?
I believe this is the plan, yes.
I was given a binary privately that, provided the correct libraries are installed, runs on Ubuntu.
You could try to copy the mgmt_cli.exe from a SmartConsole Windows installation to the ubuntu device & run it via wine. Not sure if this works, but it would be worth a try as the mgmt_cli.exe comes together with the SmartConsole but can be executed on its own without any depencies regarding the install directory of the SmartConsole.
Edit: Seems like it works... somehow. During the first startup of the tool (wine) it asks to download some depencies like the .net framework. As soon as you execute some commands via "wine mgmt_cli.exe [command]" you will see the rubbish as shown below but afterwards the execution ends just fine. For my example I used the command shown in the end (via a cloud demo instance) and it even prompted me for a username and password (as shown below). Maybe there is also a way to ignore these warnings, as they appear to be related to some images (png files). I currently to not have time to dig deeper into it - but it's a start I guess. At least the functionality seems to be fine.
Btw. the mgmt_cli that comes with Gaia seems to have the following depencies: