Script on your firewall or management server

Posted on August 7, 2012

0



You can put your own script in Checkpoint Firewall or Management with SPLAT. If you need just a specific info from SPLAT continuously, that can be reached with a simple command you can implement it in SPLAT with a bash script.

1. To start your script on boot you have to put it in /etc/rc.d/rc.local. See the output of the file:

[Expert@myfirewall]# cat /etc/rc.d/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you do not
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

if [ -f /opt/CPshared/5.0/tmp/.CPprofile.sh ]; then
# Register log rotation process
 . /opt/CPshared/5.0/tmp/.CPprofile.sh
cpd_sched_config add RotateLogs -c /sbin/cp_logrotate -e 100 -s
fi

if [ -f /etc/rc.d/rc.local.user ]; then
 . /etc/rc.d/rc.local.user
fi
< --insert_the_lines_here-- >

There is an SK for that with a live example for Cluster: sk35780

2. To monitor your own script, maybe you can use cpwd_admin.

cpwd_admin – cpwd (also known as WatchDog) is a process that invokes and monitors critical processes
such as Check Point daemons on the local machine, and attempts to restart them if they fail. Among the
processes monitored by Watchdog are cpd, fwd, fwm.

Usage
cpwd_admin start -name -path -command
Example:
cpwd_admin start -name FWM -path “$FWDIR/bin/fwm” -command “fwm”

Example output from an SMS (Security Management Server):

[Expert@mymgmt]# cpwd_admin list
cpwd_admin:
APP        PID    STAT  #START  START_TIME             COMMAND              MON
CPD        3075   E     1       [19:21:58] 29/7/2012   cpd                  Y
MPDAEMON   3106   E     1       [19:22:07] 29/7/2012   mpdaemon /opt/CPshrd-R75.20/log/mpdaemon.elg /opt/CPshrd-R75.20/conf/mpdaemon.conf N
FWD        3140   E     1       [19:22:13] 29/7/2012   fwd -n               N
FWM        3143   E     1       [19:22:16] 29/7/2012   fwm                  N
STPR       3167   E     1       [19:22:21] 29/7/2012   status_proxy         N
SVR        3231   E     1       [19:22:26] 29/7/2012   SVRServer            N
CPSEAD     3268   E     1       [19:22:27] 29/7/2012   cpsead               N
CPWMD      3276   E     1       [19:22:29] 29/7/2012   cpwmd -D -app SmartPortal N
CPHTTPD    3279   E     1       [19:22:29] 29/7/2012   cp_http_server -f '/opt/CPportal-R75.20/portal/conf/cp_httpd_admin.conf' N
CPSM       3432   E     1       [19:22:33] 29/7/2012   cpstat_monitor       N

Example output from a firewall:

[Expert@mygwy]# cpwd_admin list
cpwd_admin:
APP        PID    STAT  #START  START_TIME             COMMAND              MON
CPD        3196   E     1       [20:25:24] 29/7/2012   cpd                  Y
MPDAEMON   3220   E     1       [20:25:30] 29/7/2012   mpdaemon /opt/multiportal/log/mpdaemon.elg /opt/multiportal/conf/mpdaemon.conf N
CI_CLEANUP 3271   E     1       [20:25:45] 29/7/2012   avi_del_tmp_files    N
CIHS       3283   E     1       [20:25:45] 29/7/2012   ci_http_server -j -f /opt/CPsuite-R75/fw1/conf/cihs.conf N
FWD        3285   E     1       [20:25:46] 29/7/2012   fwd                  N
Advertisement
Tagged: , , ,
Posted in: Checkpoint, Other, R75 CCSE Notes, Security