Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

mgmt_cli export

Docs

https://sc1.checkpoint.com/documents/latest/APIs/index.html#~v1.8%20

Basics

[Expert@site-mdsm1:0]# unset TMOUT

[Expert@site-mdsm1:0]# api status

Export users for each CMA:

Session Per CMA

[Expert@site-mdsm1:0]# mgmt_cli login -u "adminbgrokit" -d "fw1-cma"  --format json > session.txt
[Expert@site-mdsm1:0]# mgmt_cli login -u "adminbgrokit" -d "fw2-cma"  --format json > session.txt

Show user-Groups (each session)

[Expert@site-mdsm1:0]# m=(`mgmt_cli show user-groups details-level full limit 500 -s session.txt --format json | jq -r ".objects[].name"`); for m2 in "${m[@]}"; do mgmt_cli show user-group name $m2 -s session.txt -f json | jq -r --arg m2 "$m2" '.members[] | [$m2,.name,.domain.name] | @csv';  done >> allusers.csv

Logging Out

[Expert@site-mdsm1:0]# mgmt_cli -f json -s session.txt logout
[Expert@site-mdsm1:0]# rm session.txt

Other notes/Tests:

[Expert@site-mdsm1:0]# cat session.txt

{
  "uid" : "365dff18-4122-46cb-be6b-5195c4ded157",
  "sid" : "redbwXBbdFP1S5ZqmAQaLN2168fsJt8fte-kCbht7aM",
  "url" : "https://127.0.0.1:443/web_api",
  "session-timeout" : 600,
  "last-login-was-at" : {
    "posix" : 1690993460486,
    "iso-8601" : "2023-08-02T12:24-0400"
  },
  "api-server-version" : "1.8.1",
  "user-name" : "adminbgrokit",
  "user-uid" : "596e3ee1-f0d5-4cf1-8110-7f6dea7d1ec2"
}

Examples

[Expert@site-mdsm1:0]# mgmt_cli show user-groups details-level full limit 500 -s session.txt --format json | jq ".objects[].name | @sh " -r
'AllAccounts'
'Bit9_Admins'
'OT_Admins'
'OT_ArcSight'
'DB_Admins'
'DB_Admins2'
'G_Admins'

[Expert@site-mdsm1:0]# mgmt_cli show user-groups details-level full limit 500 -s session.txt --format json | jq ".objects[].name"
"AllAccounts"
"Bit9_Admins"
"OT_Admins"
"OT_ArcSight"
"DB_Admins"
"DB_Admins2"
"G_Admins"

[Expert@site-mdsm1:0]# mgmt_cli show user-group name "G_Admins" -s session.txt -f json| jq '.members[].name'
"adminbob"
"adminalice"
"adminjames"

[Expert@site-mdsm1:0]# mgmt_cli show user-group name "G_Admins" -s session.txt -f json| jq '.members[]| [.name]| @csv' -r
"adminbob"
"adminalice"
"adminjames"

[Expert@site-mdsm1:0]# mgmt_cli show user-group name "G_Admins" -s session.txt -f json| jq '.members[]| ["G_Admins",.name]| @csv' -r
"G_Admins","adminbob"
"G_Admins","adminalice"
"G_Admins","adminjames"

Final Script:

Now I understand the full command, using the session, how to loop over groups and have formatted the output the way I like

[Expert@site-mdsm1:0]#m=(`mgmt_cli show user-groups details-level full limit 500 -s session.txt --format json | jq -r ".objects[].name"`); for m2 in "${m[@]}"; do mgmt_cli show user-group name $m2 -s session.txt -f json | jq -r --arg m2 "$m2" '.members[] | [$m2,.name,.domain.name] | @csv';  done

Dump file and repeat for each CMA now

I can dump each CMA list to a single file now using the » operator.

[Expert@site-mdsm1:0]#m=(`mgmt_cli show user-groups details-level full limit 500 -s session.txt --format json | jq -r ".objects[].name"`); for m2 in "${m[@]}"; do mgmt_cli show user-group name $m2 -s session.txt -f json | jq -r --arg m2 "$m2" '.members[] | [$m2,.name,.domain.name] | @csv';  done >> allusers.csv