To save me time searching for commonly used commands for administering Check Point SecurePlatform (SPLAT) based boxes, I’ve started to put together a list of them here:
General:
chsh -s /bin/bash username – ensures that user “username” is dropped automatically into Expert Mode when logging in through the console
fw ctl pstat (displays data about Capacity, Kernel, INSPECT, connections, NAT and Sync on firewalls)
idle 120 – extends the CLI timeout to 120 seconds when logged into SPshell
unset tmout – disables the CLI timeout when logged into Bash shell or in Expert Mode
cpadmin stop – shuts down the WebUI management services
cpadmin start – starts the WebUI management services
rpm-qa | grep kernel – determine the kernel build
Cluster XL:
cphaprob state (shows the cluster load state)
cphaprob -a if (shows the status of interfaces monitored)
fw ctl pstat – check the output of the Sync section to confirm if sync packets are being sent/received between the cluster members:
Sync: Version: new Status: Able to Send/Receive sync packets Sync packets sent: total : 51348080, retransmitted : 7, retrans reqs : 0, acks : 2373 Sync packets received: total : 1026629, were queued : 0, dropped by net : 0 retrans reqs : 5, received 71 acks retrans reqs for illegal seq : 0 dropped updates as a result of sync overload: 0
Networking:
eth_set eth0 100f (sets the speed and duplex of eth0 to 100Mb Full Duplex – survives a reboot)
ethtool eth0 (displays the settings for interface eth0 such as speed/duplex etc
netstat -rn (to show the routing table of your device)
ifconfig ( to show the list of available interfaces)
tcpdump -i eth0 -s 1500 net 10.200.1.0/24 -w/var/tmp/xxw.pcap
* If you want to filter based on the network address, you should put as above, if filter based on host, change it to ‘host 10.200.1.1’.
**The -s 1500 indicate the normal 1500 size packet you want to capture. If you don’t define 1500, the packets captured will show incomplete details.
***-w is used to save the files to a specific folder. By defining the file extension with .pcap, you’d be able to double click the file to open it via ethereal.
netstat -rn | more (displays the routing table, without resolving names – if you wish to display it per page, use | more at the end of your command line)
netstat -i (displays the Interface Table – useful for displaying error statistics)
Other Useful Linux Commands
gtar -zxvf <file name.tgz> – extracts the contents of a .tgz file to the directory that you are currently in
cat /proc/meminfo or free – Will tell you how much memory is available, how much is used, and how much is swapped, as well asother metrics associated with memory.
grep command can be used at the end of the normal commands to grab specific names you wish to search for. eg. if you wish to see routing table entries for eth3, the command would be:
netstat -rn | grep eth3
df -h displays the amount free disk space no each mounted drive in human readable form ie. GB’s and MB’s. For example:
[Expert@checkpoint_box]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda6 1004M 160M 793M 17% / /dev/sda1 145M 11M 126M 8% /boot /dev/sda5 3.4G 3.4G 0 100% /opt /dev/sda2 1.5G 569M 861M 40% /sysimg /dev/sda7 215G 200G 3.9G 99% /var