AnsweredAssumed Answered

mgmt_cli on Ubuntu

Question asked by Lari Luoma

on Sep 22, 2018
Latest reply on Jan 24, 2019 by Maik Dummer

Like • Show 1 Like1
Comment • 19

Hey,

Has anyone installed mgmt_cli on Ubuntu (no Check Point installation on this server)? Which libraries etc. do I need to get it working?

Thanks!

1 person has this question

Outcomes

19 Replies

Maik Dummer Sep 23, 2018 5:16 AM
Mark Correct
Correct Answer
You could try to copy the mgmt_cli.exe from a SmartConsole Windows installation to the ubuntu device & run it via wine. Not sure if this works, but it would be worth a try as the mgmt_cli.exe comes together with the SmartConsole but can be executed on its own without any depencies regarding the install directory of the SmartConsole.

Edit: Seems like it works... somehow. During the first startup of the tool (wine) it asks to download some depencies like the .net framework. As soon as you execute some commands via "wine mgmt_cli.exe [command]" you will see the rubbish as shown below but afterwards the execution ends just fine. For my example I used the command shown in the end (via a cloud demo instance) and it even prompted me for a username and password (as shown below). Maybe there is also a way to ignore these warnings, as they appear to be related to some images (png files). I currently to not have time to dig deeper into it - but it's a start I guess. At least the functionality seems to be fine.

Btw. the mgmt_cli that comes with Gaia seems to have the following depencies:
Dependent Libraries=mgmt_cli_utils:jsoncpp:Reg:libcurl:OS:sicauth:cpopenssl:cpbcrypt:Resolve:cpcert
1 person found this helpful
Like • Show 1 Like1
Actions
- Lari Luoma @ Maik Dummer on Sep 23, 2018 2:44 PM
  Mark Correct
  Correct Answer
  Thanks Maik! I will give it a try.
  Like • Show 0 Likes0
  Actions
- Lari Luoma @ Maik Dummer on Sep 23, 2018 5:10 PM
  Mark Correct
  Correct Answer
  I tested and it works! Thanks a lot for assistance.
  Like • Show 0 Likes0
  Actions
Kris Pellens Sep 23, 2018 5:10 PM
Mark Correct
Correct Answer
Step 1: from SMS R80.10, copy the following files to a "temporay dir"
cp /lib/libaudit.so.0 .
cp /lib/libpam.so.0 .
cp /opt/CPshrd-R80/lib/libAppUtils.so .
cp /opt/CPshrd-R80/lib/libckpssl.so .
cp /opt/CPshrd-R80/lib/libcom_err.so.3 .
cp /opt/CPshrd-R80/lib/libComUtils.so .
cp /opt/CPshrd-R80/lib/libcpbcrypt.so .
cp /opt/CPshrd-R80/lib/libcpca.so .
cp /opt/CPshrd-R80/lib/libcpcert.so .
cp /opt/CPshrd-R80/lib/libcpcryptutil.so .
cp /opt/CPshrd-R80/lib/libcpopenssl.so .
cp /opt/CPshrd-R80/lib/libcp_policy.so .
cp /opt/CPshrd-R80/lib/libcpprng.so .
cp /opt/CPshrd-R80/lib/libDataStruct.so .
cp /opt/CPshrd-R80/lib/libEncode.so .
cp /opt/CPshrd-R80/lib/libEventUtils.so .
cp /opt/CPshrd-R80/lib/libfwsetdb.so .
cp /opt/CPshrd-R80/lib/libgssapi_krb5.so.2 .
cp /opt/CPshrd-R80/lib/libk5crypto.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5support.so.0 .
cp /opt/CPshrd-R80/lib/liblibcurl.so .
cp /opt/CPshrd-R80/lib/libmgmt_cli_utils.so .
cp /opt/CPshrd-R80/lib/libndb.so .
cp /opt/CPshrd-R80/lib/libOS.so .
cp /opt/CPshrd-R80/lib/libProdUtils.so .
cp /opt/CPshrd-R80/lib/libReg.so .
cp /opt/CPshrd-R80/lib/libResolve.so .
cp /opt/CPshrd-R80/lib/libsicauth.so .
cp /opt/CPshrd-R80/lib/libsic.so .
cp /opt/CPshrd-R80/lib/libskey.so .
cp /opt/CPshrd-R80/bin/mgmt_cli .

Step 2:
a) backup the files using tar (mgmt_cli.tar.gz)
b) download mgmt_cli.tar.gz from SMS
c) upload mgmt_cli.tar.gz to Ubuntu

Step 3:
On Ubuntu 64 bit:
Create a dir. E.g.: /opt/checkpoint
untar mgmt_cli.tar.gz to /opt/checkpoint
All the files from Step 1 should be visible under /opt/checkpoint

Step 4:
Because R80.10 has some 32 bit binaries, execute the following:
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386
sudo apt-get install libncurses5:i386
sudo apt-get install libstdc++6:i386
export LD_LIBRARY_PATH=/opt/checkpoint

After you have completed step 1 until 4, you should be able to run mgmt_cli from Ubuntu.

I was using it in the beginning; now I am using Ansible.
Like • Show 1 Like1
Actions
- Lari Luoma @ Kris Pellens on Sep 23, 2018 8:29 PM
  Mark Correct
  Correct Answer
  Thanks Kris! However, I'm getting an error on one Check Point library. I think it needs to be compiled to Ubuntu to get it working. I do have it in the directory.
  Like • Show 0 Likes0
  Actions
  - Kris Pellens @ Lari Luoma on Sep 24, 2018 1:01 AM
    Mark Correct
    Correct Answer
    Which version of Ubuntu are you using? I didn't need to compile anything.
    
    E.g. libmgmt_cli_utils.so library is a dynamic library. You need to tell Linux where it can locate it at runtime.
    
    export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/checkpoint"
    
    When you enter
    # echo $LD_LIBRARY_PATH
    the path /opt/checkpoint should be listed.
    
    Can you try this? Maybe a ldconfig is necessary?
    
    Let me know what the outcome is. If negative, I will build a new Linux system and let you know the steps required to find the libraries at runtime.
    
    See also:
    https://help.ubuntu.com/community/EnvironmentVariables
    https://askubuntu.com/questions/950313/set-ld-library-path-permanently-ubuntu
    Like • Show 0 Likes0
    Actions
Valeri Loukine Sep 24, 2018 3:18 AM
Mark Correct
Correct Answer
Sorry, for nagging, but what you are trying to do is an unsupported configuration.

API support in Management Server R80 and above SK says: Check Point offers the mgmt_cli binary for Gaia OS and mgmt_cli.exe for Windows OS
Like • Show 0 Likes0
Actions
- Lari Luoma @ Valeri Loukine on Sep 24, 2018 8:42 AM
  Mark Correct
  Correct Answer
  Thanks Valeri! We should state it more clearly in the SK that the mgmt_cli is not supported in other operating systems than Gaia and Windows. Case closed!
  Like • Show 0 Likes0
  Actions
- Kris Pellens @ Valeri Loukine on Sep 24, 2018 9:58 AM
  Mark Correct
  Correct Answer
  Hi Valeriu,
  
  Are you sure it is unsupported? What would make mgmt_cli unsupported on Ubuntu Linux?
  
  From Check Point's Security Management Architecture Overview:
  
  The mgmt_cli tool is portable and can run on any Linux or Windows machine. A Linux version of the mgmt_cli
  command line tool is included in all R80.10 Gaia installations. A windows version (mgmt_cli.exe) is in the R80.10
  SmartConsole installation.
  
  A Check Point TAC engineer confirmed to me that the mgmt_cli is supported on Ubuntu Linux.
  
  I have to admit: Check Point's documentation is in some situations contradictory or non-existent. I experience it on a daily basis.
  
  Kind regards,
  Kris
  Like • Show 1 Like1
  Actions
  - Valeri Loukine @ Kris Pellens on Sep 24, 2018 10:15 AM
    Mark Correct
    Correct Answer
    I have to admit, Valeriu is the best of all typos.
    
    Kris Pellens, I was quoting an official SK for the tool. It names two specific OS platforms only. Yet, to clarify the issue, I will ask Tomer Sole to comment on this
    Like • Show 1 Like1
    Actions
  - Lari Luoma @ Kris Pellens on Sep 24, 2018 10:39 AM
    Mark Correct
    Correct Answer
    You are correct. The documentation is not clear on this topic. Once we get a final verdict on this, I'll do my best to clarify the SK as well.
    Like • Show 0 Likes0
    Actions
Valeri Loukine Sep 25, 2018 1:16 AM
Mark Correct
Correct Answer
Hi all,

The official answer will be provided in a couple of days, please stand by
1 person found this helpful
Like • Show 0 Likes0
Actions
- Maik Dummer @ Valeri Loukine on Oct 10, 2018 11:34 PM
  Mark Correct
  Correct Answer
  Hi Valeri,
  
  Did you receive an answer so far? Would be interesting to know what the official statement is regarding the usage in a different linux environment besides Gaia/RH.
  
  Regards,
  Maik
  Like • Show 0 Likes0
  Actions
Norbert Bohusch Sep 27, 2018 4:40 AM
Mark Correct
Correct Answer
The better question is, why not go for REST API instead and use this, instead of tinkering with the binary...
Like • Show 0 Likes0
Actions
- Lari Luoma @ Norbert Bohusch on Sep 27, 2018 6:58 AM
  Mark Correct
  Correct Answer
  Because mgmt_cli is a ready made client and easier to use than REST API. It doesn’t also require any coding experience. With REST you have to use Curl or some programming language to make it work.
  Like • Show 1 Like1
  Actions
Tomer Sole Oct 11, 2018 3:44 AM
Mark Correct
Correct Answer
Apologize for the late response. The instructions are incomplete and require a file that we have not posted. We are working on fixing the SK and the API documentation portal. Will update here once the instructions are set.
Like • Show 2 Likes2
Actions
- Valeri Loukine @ Tomer Sole on Oct 11, 2018 11:59 PM
  Mark Correct
  Correct Answer
  Does it mean Ubuntu deployment is actually supported?
  Like • Show 0 Likes0
  Actions
  - Dameon Welch-Abernathy @ Valeri Loukine on Oct 12, 2018 12:43 AM
    Mark Correct
    Correct Answer
    I believe this is the plan, yes.
    I was given a binary privately that, provided the correct libraries are installed, runs on Ubuntu.
    Like • Show 1 Like1
    Actions
- Maik Dummer @ Tomer Sole on Jan 24, 2019 12:34 AM
  Mark Correct
  Correct Answer
  Hey,
  
  Sorry to dive back into a relatively old topic but I'm just curious... do you have any updates regarding this 'case'?
  
  Regards,
  Maik
  Like • Show 1 Like1
  Actions

mgmt_cli on Ubuntu

Outcomes

Related Content

Recommended Content