Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

standard services

cron

dbset cron:admin:job:count_pdp t
startup 0
daysinweek all
months all
daysinmonth all
hours all
minutes 10
command "/home/admin/foo.sh" > /dev/null 2>&1"
dbset :save

/bin/cron_xlate cron < /config/active

ntp

set ntp active on
set net server primary ntp1.com version 3
set ntp server secondary ntp2.com version 2

proxy

set proxy address some.some.com port 9443

dns

View existing dns settings

[Expert@fw:0]# clish -c "show configuration" | grep dns

Fastest DNS?

While this is not the most elegant test, it will provide a clue to which dns server might be failing/slow.

[Expert@fw:0]# DNSES="1.2.3.3 1.2.3.4 1.2.3.5"; for ip in $DNSES; do ping -c 1 $ip | grep from; done
64 bytes from 1.2.3.5: icmp_seq=1 ttl=124 time=1.03 ms
64 bytes from 1.2.3.4: icmp_seq=1 ttl=124 time=0.888 ms
64 bytes from 1.2.3.3: icmp_seq=1 ttl=124 time=0.52 ms

Set (Via Clish)

set dns mode default
set dns suffix some.com
set dns primary 1.2.3.4
set dns secondary 1.2.3.4

DNS Working?

[Expert@fw:0]# nslookup updates.checkpoint.com
Server:         1.2.7.13
Address:        1.2.7.13#53

Non-authoritative answer:
updates.checkpoint.com  canonical name = updates.g04.checkpoint.com.
updates.g04.checkpoint.com      canonical name = updates-prd-cloud-akamai.checkpoint.com.
updates-prd-cloud-akamai.checkpoint.com canonical name = updates-prd-cloud-akamai.checkpoint.com.edgekey.net.
updates-prd-cloud-akamai.checkpoint.com.edgekey.net     canonical name = e17340.dscd.akamaiedge.net.
Name:   e17340.dscd.akamaiedge.net
Address: 104.108.126.8

DNS Activity?

[Expert@fw:0] tcpdump -nnei eth3-02 port 53 and "host 1.2.3.4 or host 1.2.3.5 or host 1.2.3.3"

snmp

Polling

https://support.checkpoint.com/results/sk/sk168878

MIBS

  • sk90470
  • admin guide

View

clear && unset TMOUT && clish -c "show configuration" | egrep "snmp|usm" | grep -v "traps trap"

Cleanup v2

delete snmp community 1234511235
set snmp agent-version none

Basics

set snmp mode default
set snmp agent on
set snmp agent-version v3-Only
add snmp traps reciver 1.23.4.4 version v3

interfaces

add snmp interface eth1-01
add snmp interface lo

usm user

add snmp usm user someone security-level authPriv auth-pass-phrase 1234 privacy-pass-phrase 12345
set snmp usm user someone security-level authPriv auth-pass-phrase 1234 privacy-protocol AES256 authentication-protocol SHA256

Locations

set snmp location "APC bleh bleh"

Notications

set mail-notification username alerts@some.com
set snmp contact "firewall-alerts@some.com"

Traps

sk171394 set snmp traps advanced coldstart reboot-only off

Radius

unset TMOUT && gclish -c "show configuration" | egrep "apda1|tacacs|radius"
set aaa tacacs-servers user-uid 0

Add the User

set password-controls history-check off
add user someone uid 0 homedir /home/someone
add rba user someone roles adminRole
set user someone gid 100 shell /bin/bash
set user someone realname "Someone"
set user someone password

set password-controls history-checking on
save config

radius servers

set aaa tacacs-servers state off
add aaa radius-servers priority 1 host r1.com port 1812 secret somesecret timeout 3
add aaa radius-servers priority 2 host r2.com port 1812 secret somesecret timeout 3
set aaa radius-servers default-shell /bin/bash
set aaa radius-servers admin-user-uid 0
save config
exit