This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chinmaya_Naik
Advisor
‎2022-05-16 02:53 AM

Showing bash instead of name as Expert (When openning Expert Mode)

Hi Checkmates,

We able to see "bashxx" instead of "Expert with hostname".

In clish mode its showing as per the expectation 👍

Able to run Expert related command👍

BASH_2.png

1. For testing we change the shell to /bin/bash/ but no luck 👎

Reboot is Pending for test but can't because its a live environment.

Please help if any one face  this kind of issue or anyone have any suggestion.

"/etc/passwd" of FW1 :

admin:x:0:0::/home/admin:/bin/bash
monitor:x:102:100:Monitor:/home/monitor:/etc/cli.sh
root:x:0:0:root:/root:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
postfix:x:1001:1001:Postfix:/home/postfix:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
pcap:x:77:77::/var/arpwatch:/sbin/nologin
halt:x:7:0:halt:/sbin:/sbin/halt
cp_postgres:x:1008:0:Postgres:/home/cp_postgres:/bin/sh
cp_extensions:x:8086:1:CP Extensions:/home/cp_extensions:/bin/sh
bsphcl:x:0:0:Bsphcl:/home/bsphcl/:/etc/cli.sh      (Additional Line which not available on FW2 which showing bash)
cpep_user:x:1500:1500::/home/cpep_user:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
_nonlocl:x:96:100:Non-local user:/home/_nonlocl:/etc/cli.sh
sshd:x:74:74:Privilege-separated:/var/empty/sshd:/sbin/nologin

"/etc/passwd" of FW2 :

admin:x:0:0::/home/admin:/bin/bash
monitor:x:102:100:Monitor:/home/monitor:/etc/cli.sh
root:x:0:0:root:/root:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
postfix:x:1001:1001:Postfix:/home/postfix:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
pcap:x:77:77::/var/arpwatch:/sbin/nologin
halt:x:7:0:halt:/sbin:/sbin/halt
cp_postgres:x:1008:0:Postgres:/home/cp_postgres:/bin/sh
cp_extensions:x:8086:1:CP Extensions:/home/cp_extensions:/bin/sh
cpep_user:x:1500:1500::/home/cpep_user:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
_nonlocl:x:96:100:Non-local user:/home/_nonlocl:/etc/cli.sh
sshd:x:74:74:Privilege-separated:/var/empty/sshd:/sbin/nologin

@Chinmaya_Naik 

0 Kudos
5 Replies
_Val_
Admin
Admin
‎2022-05-16 04:43 AM

Your admin shell is set to bash: admin:x:0:0::/home/admin:/bin/bash, that's why.

Set to cli.sh, similar to "monitor" user. It is most probably was changed manually.

Bob_Zimmerman
Authority
Authority
‎2022-05-16 07:04 AM
In response to _Val_

That's not the problem. The problem is the prompt is showing 'bash-4.4#', which happens when the /etc/bashrc isn't run for some reason.

With the user's shell set to /bin/bash, BASH should be launched as an interactive shell and a login shell. Both of those should cause the /etc/bashrc to be run. When the user's shell is set to /etc/cli.sh and they elevate to expert, BASH is launched as an interactive shell (so /etc/bashrc still runs) but not a login shell. Since it clearly isn't working as expected, maybe /etc/bashrc isn't readable?

the_rock
Legend
Legend
‎2022-05-16 07:14 AM
In response to Bob_Zimmerman

Did not know that, learned something new.

0 Kudos
Chinmaya_Naik
Advisor
‎2022-05-16 10:16 AM
In response to Bob_Zimmerman

@Bob_Zimmerman 

Yes correct explanation about my issue.

Only I need to know solution and the difference between them like Expert and bash name as per the screenshot.

@Chinmaya_Naik 

0 Kudos
the_rock
Legend
Legend
‎2022-05-16 05:28 AM

@_Val_ is 100% right, as usual. You need to change the shell...so /bin/bash is to expert mode right away and /etc/cli.sh is regular shell.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events