-
October 6th, 2003, 08:06 AM
#1
Junior Member
Checkpoint Firewall Configuration
Hi Folks,
anybody know how to obtain checkpoint firewall configuration from the shell command.
what file should I copy to see the configuration.
TIA,
--good_guy_id--
-
October 6th, 2003, 10:32 AM
#2
Hi good_guy_id,
I can tell you how to do this and dont mind doing so...But if you dont mind could you first explain why you need to do it this way? Surely having admin rights you should be able to see the policies through the Management station?
Cheers
V$D$
I remember when Nihil was ickle. Does that mean I'm old?
-
October 6th, 2003, 11:11 AM
#3
Junior Member
Hi VicE$DoS$,
I need to audit the firewall rules.
I only have an access to the checkpoint box through telnet with unprivilidge user.
The checkpoint guys., do not allow me to access the box through the Management station
if you don't mind , how is it? to obtain the config files.
Thanks in Advance.
good_guy_id
-
October 6th, 2003, 07:51 PM
#4
The reason you can't do this as an unpriveleged user is because YOU ARE NOT SUPPOSED TO. Don't you think it would defeat the purpose of a security device, if the configs were not secured?
If you need to get the config files, the first thing you need to do is get proper access to the machine. After that is done, there are various methods you can use to get the config files. The best way is probably via the objects_5_0.C, but it is not gonna do you much good unless you can write yourself a PERL utility to format the data into something a little more readable.
If you need to audit the firewall, ask your admin to get you a copy of the config...........
-
October 7th, 2003, 04:34 AM
#5
Junior Member
Hi iNViCTuS,
The reason i have to do this , is because i am at the auditor side, and the guys who administer the checkpoint as the auditee. He do not want me to look inside the F/W configuration. He ask me to do Pen-Test to the Box.
Now , I have got the root access. How is it to obtain the config files? What files should I copy?
Thanks. Rgrds.
--Good_guy_id--
-
October 7th, 2003, 04:50 AM
#6
Junior Member
-
October 7th, 2003, 06:16 AM
#7
A few things....
Firstly, why do you need a copy of the rulesets if you are doing a penetration test? (A typical hacker (who you are minicking during your "penetration test": does not have this luxury.)
Secondly, you already have root access (or commonly refered to during a penetration test as being compromised).... surely your penetration test would now be finished, and the hosts security failed dismally??
Thirdly, if someone came and audited my Firewalls, I wouldnt be too confident if they turned around and asked me where the ruleset configs are stored???
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
October 7th, 2003, 12:32 PM
#8
Well...I think the previous post just about saysit all, but lets assume for a minute that you really do have root access and really do want the firewalls configs for auditing. Like I said before, I sure hope you are good at PERL in order to make sense of the config files, but anyway checkpoint stores its configs under $FWDIR/conf. Almost all the files here make up the entire config, but there are probably two sets of files that are most important. One of which I mentioned previously:
objects_5_0.C - This is the firewall objects database. It will give you all the information about every object contained within the firewall. If you don't know what I mean when I say objects, you don't belong auditing a Checkpoint FW. BTW...this file will be called objects.C for Checkpoint prior to version NG.
<rulebasename>.W - These files are the scripts use to generate the firewall policy before it is installed to the firewall enforcement point. They are compiled to .pf files and then sent to the firewall. Under $FWDIR/conf, you can look for *.W and *.pf to get the actual rulebase configuration, but without the objects_5_0.C, it will do you no good.
I hope this helps, and to everyone else...this post was not necessarily intended as a solution to this specific thread, but is more of an informational post for any "legitimate" Checkpoint admins who may have wondered this.
-
October 7th, 2003, 03:09 PM
#9
Good_guy_id
Depending on the system there are various management routes, but on most systems you can only get at the good stuff via the management Gui, which is either Smart Centre, or in some cases (Checkpoint Small Office for instance) a web Gui.
From the command line you can configure remote machines to be allowed to connect using Smart Centre, so if you've lost your original management, you can set a new one up, and from the command line on the firewall permit this machine to manage the firewall. You should then be able to get into the rulebase.
Erm I'm not sure what the **** you are actually trying to do,
Personally I believe you are someone with very very special needs (prison)
But if you really are doing a pentest for these guys then this information would be available to you even from a basic google search.
Cheers
V$D$
I remember when Nihil was ickle. Does that mean I'm old?
-
October 10th, 2003, 07:15 AM
#10
Junior Member
Thanks, guys,
I learn a lot from all of U. I have got the config now.
TIA,
--good_guy_id--
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|