Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lari_Luoma
Ambassador Ambassador
Ambassador

mgmt_cli on Ubuntu

Hey,

Has anyone installed mgmt_cli on Ubuntu (no Check Point installation on this server)? Which libraries etc. do I need to get it working?

Thanks!

23 Replies
Maik
Advisor

You could try to copy the mgmt_cli.exe from a SmartConsole Windows installation to the ubuntu device & run it via wine. Not sure if this works, but it would be worth a try as the mgmt_cli.exe comes together with the SmartConsole but can be executed on its own without any depencies regarding the install directory of the SmartConsole.

Edit: Seems like it works... somehow. During the first startup of the tool (wine) it asks to download some depencies like the .net framework. As soon as you execute some commands via "wine mgmt_cli.exe [command]" you will see the rubbish as shown below but afterwards the execution ends just fine. For my example I used the command shown in the end (via a cloud demo instance) and it even prompted me for a username and password (as shown below). Maybe there is also a way to ignore these warnings, as they appear to be related to some images (png files). I currently to not have time to dig deeper into it - but it's a start I guess. At least the functionality seems to be fine. Smiley Happy

Btw. the mgmt_cli that comes with Gaia seems to have the following depencies:

Dependent Libraries=mgmt_cli_utils:jsoncpp:Reg:libcurl:OS:sicauth:cpopenssl:cpbcrypt:Resolve:cpcert

Lari_Luoma
Ambassador Ambassador
Ambassador

Thanks Maik! I will give it a try.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

I tested and it works! Thanks a lot for assistance.

0 Kudos
Kris_Pellens
Collaborator

Step 1: from SMS R80.10, copy the following files to a "temporay dir"

cp /lib/libaudit.so.0 .
cp /lib/libpam.so.0 .
cp /opt/CPshrd-R80/lib/libAppUtils.so .
cp /opt/CPshrd-R80/lib/libckpssl.so .
cp /opt/CPshrd-R80/lib/libcom_err.so.3 .
cp /opt/CPshrd-R80/lib/libComUtils.so .
cp /opt/CPshrd-R80/lib/libcpbcrypt.so .
cp /opt/CPshrd-R80/lib/libcpca.so .
cp /opt/CPshrd-R80/lib/libcpcert.so .
cp /opt/CPshrd-R80/lib/libcpcryptutil.so .
cp /opt/CPshrd-R80/lib/libcpopenssl.so .
cp /opt/CPshrd-R80/lib/libcp_policy.so .
cp /opt/CPshrd-R80/lib/libcpprng.so .
cp /opt/CPshrd-R80/lib/libDataStruct.so .
cp /opt/CPshrd-R80/lib/libEncode.so .
cp /opt/CPshrd-R80/lib/libEventUtils.so .
cp /opt/CPshrd-R80/lib/libfwsetdb.so .
cp /opt/CPshrd-R80/lib/libgssapi_krb5.so.2 .
cp /opt/CPshrd-R80/lib/libk5crypto.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5.so.3 .
cp /opt/CPshrd-R80/lib/libkrb5support.so.0 .
cp /opt/CPshrd-R80/lib/liblibcurl.so .
cp /opt/CPshrd-R80/lib/libmgmt_cli_utils.so .
cp /opt/CPshrd-R80/lib/libndb.so .
cp /opt/CPshrd-R80/lib/libOS.so .
cp /opt/CPshrd-R80/lib/libProdUtils.so .
cp /opt/CPshrd-R80/lib/libReg.so .
cp /opt/CPshrd-R80/lib/libResolve.so .
cp /opt/CPshrd-R80/lib/libsicauth.so .
cp /opt/CPshrd-R80/lib/libsic.so .
cp /opt/CPshrd-R80/lib/libskey.so .
cp /opt/CPshrd-R80/bin/mgmt_cli .

Step 2:

a) backup the files using tar (mgmt_cli.tar.gz)

b) download mgmt_cli.tar.gz from SMS

c) upload mgmt_cli.tar.gz to Ubuntu

Step 3:

On Ubuntu 64 bit:
Create a dir. E.g.:  /opt/checkpoint

untar mgmt_cli.tar.gz to /opt/checkpoint

All the files from Step 1 should be visible under /opt/checkpoint

Step 4:

Because R80.10 has some 32 bit binaries, execute the following:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install libc6:i386
sudo apt-get install libncurses5:i386
sudo apt-get install libstdc++6:i386
export LD_LIBRARY_PATH=/opt/checkpoint

After you have completed step 1 until 4, you should be able to run mgmt_cli from Ubuntu.

I was using it in the beginning; now I am using Ansible.

Lari_Luoma
Ambassador Ambassador
Ambassador

Thanks Kris! However, I'm getting an error on one Check Point library. I think it needs to be compiled to Ubuntu to get it working. I do have it in the directory.

0 Kudos
Kris_Pellens
Collaborator

Which version of Ubuntu are you using? I didn't need to compile anything.

E.g. libmgmt_cli_utils.so library is a dynamic library. You need to tell Linux where it can locate it at runtime.

export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/checkpoint"

When you enter

# echo $LD_LIBRARY_PATH

the path /opt/checkpoint should be listed.

Can you try this? Maybe a ldconfig is necessary?

Let me know what the outcome is. If negative, I will build a new Linux system and let you know the steps required to find the libraries at runtime.

See also:

https://help.ubuntu.com/community/EnvironmentVariables

https://askubuntu.com/questions/950313/set-ld-library-path-permanently-ubuntu

0 Kudos
_Val_
Admin
Admin

Sorry, for nagging, but what you are trying to do is an unsupported configuration.

API support in Management Server R80 and above SK says: Check Point offers the mgmt_cli binary for Gaia OS and mgmt_cli.exe for Windows OS

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

Thanks Valeri! We should state it more clearly in the SK that the mgmt_cli is not supported in other operating systems than Gaia and Windows. Case closed!

0 Kudos
Kris_Pellens
Collaborator

Hi Valeriu,

Are you sure it is unsupported? What would make mgmt_cli unsupported on Ubuntu Linux?

From Check Point's Security Management Architecture Overview:


The mgmt_cli tool is portable and can run on any Linux or Windows machine. A Linux version of the mgmt_cli
command line tool is included in all R80.10 Gaia installations. A windows version (mgmt_cli.exe) is in the R80.10
SmartConsole installation.

A Check Point TAC engineer confirmed to me that the mgmt_cli is supported on Ubuntu Linux.

I have to admit: Check Point's documentation is in some situations contradictory or non-existent. I experience it on a daily basis.

Kind regards,

Kris

_Val_
Admin
Admin

I have to admit, Valeriu is the best of all typos.

Kris Pellens, I was quoting an official SK for the tool. It names two specific OS platforms only. Yet, to clarify the issue, I will ask Tomer Sole to comment on this

Lari_Luoma
Ambassador Ambassador
Ambassador

You are correct. The documentation is not clear on this topic. Once we get a final verdict on this, I'll do my best to clarify the SK as well.

0 Kudos
_Val_
Admin
Admin

Hi all,

The official answer will be provided in a couple of days, please stand by

0 Kudos
Maik
Advisor

Hi Valeri,

Did you receive an answer so far? Would be interesting to know what the official statement is regarding the usage in a different linux environment besides Gaia/RH.

Regards,

Maik

0 Kudos
Norbert_Bohusch
Advisor

The better question is, why not go for REST API instead and use this, instead of tinkering with the binary...

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

Because mgmt_cli is a ready made client and easier to use than REST API. It doesn’t also require any coding experience. With REST you have to use Curl or some programming language to make it work. 

Tomer_Sole
Mentor
Mentor

Apologize for the late response. The instructions are incomplete and require a file that we have not posted. We are working on fixing the SK and the API documentation portal. Will update here once the instructions are set.

_Val_
Admin
Admin

Does it mean Ubuntu deployment is actually supported?

0 Kudos
PhoneBoy
Admin
Admin

I believe this is the plan, yes.

I was given a binary privately that, provided the correct libraries are installed, runs on Ubuntu. 

Maik
Advisor

Hey,

Sorry to dive back into a relatively old topic but I'm just curious... do you have any updates regarding this 'case'?

Regards,

Maik

Herold
Contributor

Hi,

Can anyone share the mgmt_cli package for Ubuntu or point me to the right SK? 

Regards,

Herold

 

 

0 Kudos
PhoneBoy
Admin
Admin

One does not exist currently.
Not sure what the plan is for releasing this, if at all.
0 Kudos
Herold
Contributor

Thanks.

Is there a mgmt_cli package for any linux distirbution?

Regards,

 

 

 

0 Kudos
Maik
Advisor

If you are familiar with Python you can use this module/sdk.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events