Wednesday 26 October 2011

CMA Customer Export Script

Hello everyone,

From time to time a situation arises where a customer needs to be 'exported' from an MDS and moved to a standalone Smart Center (SCS). The reasons for this can vary, however the tools for doing this are nearly non-existant.

One would love to use the uprade_export tool for a situation like this, however it simply isn't supported in a Provider-1 environment. According to CheckPoint's sk33067, this isn't even supported.

As such, I've written up a quick script to collect the required files that I need to export a customer's configuration. Please feel free to use it and share at your discretion.

When utilizing it, you'll see the following:
--------------------------------
Please specify the name of the customer (no spaces)
expertmode
Please enter the IP address of the CMA you wish to export
10.80.80.55


Thank you

You have specified to use the following CMA:
|expertmode-cma-10.80.80.55

Is this correct (yes or no)
yes

Collecting the required files...
Collection complete

Compressing...

Compression complete

Cleaning up

Done
Your files are located at /var/tmp/expertmode_migrate.tgz
Goodbye
--------------------------------

You can find the script hosted on Google docs here

As to what the script is actually grabbing, it's pretty simple:
$FWDIR/conf
$FWDIR/database
$CPDIR/conf
$CPDIR/registry

Cheers,

Friday 21 October 2011

ByteRange Filter Denial of Service Vulnerability in Check Point Products

Hello everyone,

A security update just came in that you should be aware of:

Check Point has acknowledged a vulnerability in multiple Check Point products, which could be exploited to cause a DoS (Denial of Service). This vulnerability is the Apache ByteRange Filter vulnerability, CVE-2011-3192, reported earlier this year. Because this affects network filtering and protection devices, this flaw has the potential to impact other network devices dependent on that filter, resulting in a much larger DoS. Please refer to the Check Point advisory for the list of impacted products. Users of Check Point devices should check with the vendor and apply any updates as soon as possible.

Hotfixes have been released for:
  • Connectra R66.1, R66.1n
  • R71.40, R75.20
  • DLP-1 R71.20



https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65222
http://httpd.apache.org/security/CVE-2011-3192.txt
http://secunia.com/advisories/46474/
http://secunia.com/SA45606/

Saturday 1 October 2011

SCP: How to transfer multiple files

Kudos goes to Joyce Babu, whose blog can be found at:
http://www.joycebabu.com/blog/copying-multiple-files-with-scp.html

Copying from her article

When you have to copy multiple files to your remote server, the syntax is similar to the cp command.
scp file1.sql file2.sh joyce@joycebabu.com:~/upload
Where file1.sql and file2.sh are the files to be copied, joyce is the username, joycebabu.com is the hostname and ~/upload is the destination directory on the remote server.
In order to download multiple files from the remote server, the command to be used is
scp joyce@joycebabu.com:"file1.log file2.log" ~/logs
Where file1.log and file2.log are the files to be downloaded and ~/logs is the destination directory on the local server. Notice the quotes around the filenames. This ensures that the filenames list is not parsed by the local shell and is passed to the remote shell. Similarly, when you want to download files using wildcards (*.php, files_?.log etc), you should enclose the name within quotes to ensure that the expansion is done by the remote server.
The -r option can be used to copy directories recursively.
scp -r joyce@joycebabu.com:~/logs ~/logs
This may not be a lifesaver tip and the time gained by this method may be small. After all, when a large number of files are to be transferred, I use FTP or tar my files and copy it. But at times when things go wrong, even this small gain can help.