This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
Legend Legend
Legend
‎2018-08-02 02:04 AM

R77.20.80, cpdiag and crond

During testing R77.20.80 EA versions, cpdiag was mentioned in the email conversation by CP specialists. I can even search SKs for cpdiag and will even find sk123294 R77.20.80 for Small and Medium Business Appliances in the list of results, but the term/command is not mentioned in the documents visible part (same is true of sk97443: Support Debug Tools). So what does it really do when used as a command ? Download an update:


[Expert@zwelfhundertr]# cpdiag
Log path: /opt/fw1/log/cpdiag.elg
CPDiag update:
Verifying CK
CK is 00-1C-7F-...
Version is cip
bUseProxy is 0
Found update, name is cpdiag_991100024.tar.gz, revision is 991100024
CPDiag running build: 991100019
CPDiag download center build: 991100024
Started downloading updated package
Download completed
Update returned: 1
Launching new version
Log path: /opt/fw1/log/cpdiag.elg

The mentioned log file contains error messages, in my case it is a licensing warning of cosmetic nature..

But also a new daemon can be found in top:

5247     1 root   S    1084   6720   1%   0% /usr/sbin/crond

That is brand new - and we can see what it does call in file /pfrm2.0/etc/crontabs/root:

22 1 * * * /storage/cpdiag/bin/cpdiag --periodic

So we now have some new possibilities, as cron jobs need only new line(s) in /pfrm2.0/etc/crontabs/root !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
10 Replies
Djelo_Arnautali
Participant
‎2018-10-06 12:47 PM

I have the 730 appliance with wifi at home and want to turn off the radio at night and turn it on back in the morning so i have created two very simple bash scripts...one that turns off the wifi and other that turns it off. The scripts works when trigered manually. The issue is with schedulling with the crond. The firmware on my appliance is the latest R77.20.80 (990172392) and i have crond running. In the logs i can see that crond tried to run the script at the correct time but there is some kind of error that i dont understand.

 

2018 Oct 6 21:05:01 FW cron.notice crond[5853]: USER root pid 24301 cmd /SCRIPTS/iskljuci_wifi.sh  
2018 Oct 6 21:05:02 FW user.err root: [System error] CODE_SYS_ERROR (000.000.000) - Unexpected error: attempt to index upvalue '' (a nil value) (Log reference: 153885

The scripts to turn of the wifi:

#!/bin/bash -f
clish -c "set wlan radio off"

Can somebody explain me the error i can see in the log?

Thanks,

0 Kudos
Pedro_Espindola
Advisor
‎2018-10-07 07:26 PM

Could you please share the line added to cron?

0 Kudos
Djelo_Arnautali
Participant
‎2018-10-08 09:55 AM

30 17 * * * /SCRIPTS/iskljuci_wifi.sh
00 07 * * * /SCRIPTS/ukljuci_wifi.sh
50 2 * * * /storage/cpdiag/bin/cpdiag --periodic

Regards,

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-09 02:37 AM

Did you already try something like

* * * * * echo "testing123testing" | logger

in /var/spool/cron/crontabs/root - a egrep 'testing' /var/log/messages should show the success of the command. Running the script from CLI does work as expected?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Djelo_Arnautali
Participant
‎2018-10-09 03:42 AM

The script works when run from cli manually so the syntax is correct. I will try what you have suggested ,see the result and will let you know.

Regards,

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-09 06:11 AM

Am i right to assume that /SCRIPTS/iskljuci_wifi.sh  contains the complete path ? Maybe some environment variables are not present when triggered by cron - can you make a cron job that writes the env output to a file ? Then, compare it to the env output from bash CLI. I have had a similar issue before as you can see here: Activate bashUser via script on a Embedded Gaia device?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Djelo_Arnautali
Participant
‎2018-10-16 10:52 AM

The scripts iskjuci_wifi.sh has the full path /SCRIPTS/iskljuci_wifi.sh. I have also put in the script a line that writes a text to a file and the result when crond run the scrips it is the same with the error:

2018 Oct 16 19:47:02 FW user.err root: [System error] CODE_SYS_ERROR (000.000.000) - Unexpected error: attempt to index upvalue '' (a nil value) (Log reference: 1539712022)

The only difference is that this time the script writes the text in the file...so the crond is executing the scripts and the script writes the text as expected but can't turn off the wlan.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2018-10-17 04:13 AM

This needs TAC involvement, i would suppose.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Greg_Harbers
Collaborator
‎2019-08-06 08:41 PM

Hi,

To confirm, cron and cpdiag is only included in the 1400 series of devices, correct? I have just tried to access this on an 1180 appliance runnin R77.20.80 and it does not appear to work there..

eg

[Expert@1180_FWL1]# fw ver
This is Check Point's 1100 Appliance R77.20.80 - Build 455
[Expert@1180_FWL1]# cpdiag
-bash: cpdiag: command not found
[Expert@1180_LFWL1]# ls /pfrm2.0/etc/crontabs
ls: /pfrm2.0/etc/crontabs: No such file or directory
-bash: cron: command not found
[Expert@1180_FWL1]#

 

where as on a 1450 appliance I get:

[Expert@1450_FWL1]# fw ver
This is Check Point's 1450 Appliance R77.20.75 - Build 239
[Expert@1450_FWL1]# cpdiag
Log path: /opt/fw1/log/cpdiag.elg
CPDiag update:
Verifying CK
CK is 00-1C-7F-XX-XX-XX
Version is anp
bUseProxy is 1
Proxy is http://10.XX.XX.XX:8181
Found update, name is cpdiag_991100024.tar.gz, revision is 991100024
CPDiag running build: 991100014
CPDiag download center build: 991100024
Started downloading updated package
Download completed
Update returned: 1
Launching new version
Log path: /opt/fw1/log/cpdiag.elg
[Expert@1450_FWL1]# ls /pfrm2.0/etc/crontabs/
root
[Expert@1450_FWL1]#

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2019-08-06 10:18 PM
In response to Greg_Harbers

Just to mention that cron daemon is for internal use only (no support from TAC for it). Whatever you add there will be reset one the next firmware upgrade so keep a copy of it somewhere.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events