Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Russian English Slang Dictionary of the Russian Hacking Community

Work in progress …

RHEL get firewall zones and their interfaces in one go

The firewall-cmd  doesn’t have an option to show all zones and to which one the server interfaces belong, so here is aone-line to show that:

 # for ii in `ls /usr/lib/firewalld/zones/`; do  echo ${ii%%.xml}: ; firewall-cmd --zone=${ii%%.xml} --list-interfaces; done 

The output:
eno16777736 eno50332184

Change colors of ls output in the bash shell

Usually colorization is put in action via alias : alias ls=’ls –color=auto’
You can turn off the colors each time you run ls: ls –color=never l or change the alias itself to disable fancy colors permanently or even simple \ls . But to change the colors you’d need to cause dircolors utility to read your own color database when the login session starts. So let’s do just that
1) Export existing db:

dircolors -p 	> dircolors.db

2) edit :

vi dircolors.db

e.g. change directories color from blue to red:

di=01;34 -> di=01;31

3) save changes
4) make bash to reload color scheme:

eval `dircolors dircolors.db`

5) put

eval `dircolors $HOME/dircolors.db`

into .profile file at the end of it.
That is it.

How to know Checkpoint UTM Appliance model from the cli

Many times you get to work on some UTM appliance remotely via ssh and need to know which exact model it is. It takes just one cli Expert level command to know: dmidecode | grep “Product Name” . Then you go and compare the output with the UTM models table which Tobias Lachmann diligently compiled for us Determine appliance hardware from command line .
As of 09/07/2016 Tobias’ website is down. So to preserve the useful info I put the list of UTM models to compare with:
G-50 Check Point 21400
P-230 Check Point 12600
P-220 Check Point 12400
P-210 Check Point 12200
T-180 Check Point 4800
T-160 Check Point 4600
T-140 Check Point 4400
T-120 Check Point 4200
T-110 Check Point 2200
L-50 Security Gateway 80

P-30 Power-1 11000 Series VSX-1 11000 Series
P-20 Power-1 9070 Connectra 9072 VSX-1 9070
P-10 Power-1 5070

U-40 UTM-1 3070 Connectra 3070 Smart-1 3074 VSX-1 3070
U-30 UTM-1 2070
U-20 UTM-1 1070
U-15 UTM-1 570
U-10 UTM-1 270 Connectra 270
U-5 UTM-1 130
C6P_UTM UTM-1 2050
C6_UTM UTM-1 1050
C2_UTM UTM-1 450

IP-150 IP-150
IP-282 IP-282
IP-295 IP-295
IP-395 IP-395
IP-565 IP-565
IP-695 IP-695
IP-1285 IP-1285
IP-2455 IP-2455

U-31 IPS-1 2076
P-11 IPS-1 5076
P-21 IPS-1 9076

U-42 DLP-1 2571
P-22 DLP-1 9571

S-10 Smart-1 5
S-20 Smart-1 25
S-21 Smart-1 25
S-30 Smart-1 50
S-40 Smart-1 150

Undocumented command to install policy on Locally managed Checkpoint UTM 1100 series appliance

I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case – crypt.def, do not take effect . It is actually logical as every SK asking you to do such changes also specifies that “Changes are to be done on SmartCenter/Management server and then you are to install Security Policy” . The catch here is “installing the policy” – if it is what is known as Locally managed UTM, i.e. you manage it via its Web interface, you have no such action – “install policy” .
One solution would be to restart the UTM – works, but kinda harsh. The other solution is this undocumented (not listed in any Checkpoint documentation I searched) command :
* You should be in Expert mode to run it . Also pay attention to the output – there should be no errors.

# fw_configload
Compiled OK.
Resolver Error 0 (no error)
Resolver Error 0 (no error)
Resolver Error 0 (no error)
Resolver Error 0 (no error)


Useful CLI commands for Cisco CUCM

Useful CLI commands for Cisco CUCM .

I don’t work on the command line of CUCM often, if ever – you may add, but when the need arises here is the short list of commands to keep. A little reminder – the latest (starting version 5 and on) of Cisco CUCM software is Linux (namely Red Hat) based,  which of course includes the terminal access – be it a physical via console or a network one over ssh .
You create a username/password for the terminal during the CUCM  installation.
As Cisco do not want us to mess with the underlying OS, our interaction is limited to a very restricted kind of shell . So you don’t have access to the Linux commands, but you do have a predefined set of CUCM commands of which I present most useful ones here.
I run the examples below on a MCS hardware server so your output may vary.


– Changing password for yourself/another user . Know that it is here, but do not play with it risking to lock yourself out of the server.

admin:set password { age* | complexity* | expiry* | inactivity* | user* }

–  Get the disk usage

show diskusage activelog

– Show the status of the fans (irrelevant for VMware based install)

admin:show environment fans
(RPMS)     Lower                     Critical

ID     Current   Threshold Status

Fan Sensor 1 7800     4200      OK
Fan Sensor 2 7950     4200      OK
Fan Sensor 3 7800     4200      OK
Fan Sensor 4 7350     4200      OK
Fan Sensor 5 7200     4200      OK

– Show the server temperature (irrelevant for VMware based install)

show environment temperatures

(Celcius)    Non-Critical   Critical   Threshold    Threshold

     ID       Current  Lower   Upper   Lower   Upper  Location Temperature Sensor
24          53          54           55        62   1

– Show the server hardware (irrelevant for VMware based install)

show hardware

HW Platform    : 7825I4
Processors     : 1
Type           : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz
CPU Speed      : 3000
Memory         : 2048 MBytes

show logins
administ pts/0   Wed Aug 12 09:56   still logged in

– Show physical memory (irrelevant for VMware based install)

show memory modules

Bank  Locator   Size  Active Status

– Show interface status (more useful for hardware based servers than VMware ones)

show network eth0

Ethernet 0
DHCP      : disabled        Status : up
IP Address   :     IP Mask :
Link Detected: yes             Mode    : Auto enabled, Full, 100 Mbits/s
Duplicate IP : no
DNS   Not configured.
Gateway   : on Ethernet 0

– Show number of open connections . If there is some network connectivity issue this number will be unusually low as each IP Phone/voice gateway is counted as a connection.
show network ip_conntrack


– Show open and accessible over the network ports

show network ipprefs public

Application  IPProtocol   PortValue Type      XlatedPort   Status    Description

———— ———— ———— ———— ———— ———— ————

sshd      tcp       22        public    –         enabled   sftp and ssh access
clm       udp       8500      public    –         enabled   cluster manager
clm       tcp       8500      public    –         enabled   cluster manager
tomcat    tcp       8443      translated   443       enabled   secure web access
tomcat    tcp       8080      translated   80        enabled   web access
ntpd      udp       123       public    –         enabled   network time sync Continue reading

Overlooked but nice utility from Checkpoint – cpview

Checkpoint has made available starting with R77 this helpful information utility called cpview of which not many are aware. This is basically a Bash script that runs a bunch of native Checkpoint commands in the background and displays the output on the terminal while updating the data every other second.
– Running the command (you have to be in the Expert mode):
– File location:
# which cpview
alias cpview='/bin/cpview_start.sh'

– Some of the commands the utility runs:
fw ctl pstat
fw ctl multik stat
fw ctl affinity -l -r

Example output:cpview

« Older posts

© 2016 yurisk.info

Theme by Anders NorenUp ↑