Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Paulo_Feitosa
Explorer

Commands for baseline security

Hello Guys,

I'm working on the firewall's security baseline using the algosec tool, where one of the requirements is to execute the commands below:

more $FWDIR/conf/objects.C | grep rlogin_max_auth_allowed


more $FWDIR/conf/objects.C | grep telnet_max_auth_allowed


As for the objects.C file was found, but not the part of "rlogin_max_auth_allowed" and telnet_max_auth_allowed

Do you know where to find these parameters?

0 Kudos
15 Replies
_Val_
Admin
Admin

You are looking in the wrong file. Use $FWDIR/conf/objects_5_0.C

Also, correct me if I am wrong, but this guidance is for R77 and below. What version of Check Point are you running?

0 Kudos
Paulo_Feitosa
Explorer

Exactly, algosec asks to check this objects_5_0.C file but it doesn't exist, I think.

The files found were:
objects.C and objects.C_41


My firewall version is R80.30

0 Kudos
_Val_
Admin
Admin

Yes it does exist 🙂

Show us your "ls -la $FWDIR/conf/ grep object" output

0 Kudos
Paulo_Feitosa
Explorer

-rw-rw---- 1 admin root 0 Sep 23 2020 nku_from_gw
-rw-r----- 1 admin bin 519 May 12 2020 notify_cert_revocation_vsx.conf
-rw-r----- 1 admin bin 61245 May 12 2020 objects.C
-rw-r----- 1 admin bin 36876 May 12 2020 objects.C_41
-rw-r----- 1 admin bin 3 May 12 2020 observable_overrides.C
-rw-r----- 1 admin bin 10772 May 12 2020 osfingerprint.eng
-rw-r----- 1 admin bin 6885 May 12 2020 outbound_and_encrypted.W_vpnddcate
-rw-r----- 1 admin bin 148878 May 12 2020 parserTopicToSdTopicMappings.C

0 Kudos
G_W_Albrecht
Legend
Legend

It only exists on the SMS:

# more $FWDIR/conf/objects_5_0.C | grep rlogin_max_auth_allowed

:rlogin_max_auth_allowed (3)

Which AlgoSec product and version are you using, looks rather old from the details you mention... 

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

Nice to get output, but what is the reason? On a firewall module R80.40 i get:

:comments ("Remote login (rlogin)")

On R81.10 SMS:

[Expert@SMS8110:0]# more $FWDIR/conf/objects.C | grep rlogin

:rlogin_transparent_server_connection (true)

:rlogin_transparent_server_connection (true)

:rlogin_transparent_server_connection (true)

:rlogin_transparent_server_connection (true)

:rlogin_max_auth_allowed (3)

:rlogin_msg ()

:rlogin_use_fwnetso (true)

[Expert@SMS8110:0]# more $FWDIR/conf/objects.C | grep telnet

:telnet_transparent_server_connection (true)

:telnet_transparent_server_connection (true)

:telnet_transparent_server_connection (true)

:telnet_transparent_server_connection (true)

: (FW1_clntauth_telnet

: (telnet

: FW1_clntauth_telnet

: telnet

: telnet

:handler (telnet_env_cmd_block)

: (solaris_telnet

:protocol_name (solaris_telnet)

:handler (solaris_telnet_block_code)

:handler (telnet_reflection_code)

:telnet_use_fwnetso (true)

:telnet_msg ()

:telnet_max_auth_allowed (3)

CCSE CCTE SMB Specialist
0 Kudos
_Val_
Admin
Admin

Exactly, the guidance is for the MGMT side here

0 Kudos
Paulo_Feitosa
Explorer

On my firewalll don't appear, look:

 

1-MGT:0]# more $FWDIR/conf/objects.C | grep telnet
: (FW1_clntauth_telnet
: FW1_clntauth_telnet
: (telnet
: telnet

0 Kudos
_Val_
Admin
Admin

Are you looking on the GW or management?

0 Kudos
Paulo_Feitosa
Explorer

GW, because algosec collects the command data about the GWs.

0 Kudos
G_W_Albrecht
Legend
Legend

Did you read my post ? GW only gives the output:

:comments ("Remote login (rlogin)")

 

CCSE CCTE SMB Specialist
0 Kudos
_Val_
Admin
Admin

You misread their guidance rules. Those GW parameters are defined on the MGMT server and not directly on those GWs

0 Kudos
G_W_Albrecht
Legend
Legend

AFAIK, Algosec connects to the SMS using OPSEC and communicates using the Management API - but not with the GW...

CCSE CCTE SMB Specialist
0 Kudos
Paulo_Feitosa
Explorer

Folks,

In this case, where can I get this data in GW?

more $FWDIR/conf/objects_5_0.C | grep rlogin_max_auth_allowed

more $FWDIR/conf/objects_5_0.C | grep telnet_max_auth_allowed

0 Kudos
_Val_
Admin
Admin

I think we have answered this question three times already 🙂 These queries should be done on your management server and not on the GWs.

0 Kudos