When you login, you run your .profile (or .csh, whatever), which
normally sources the ".CPprofile.sh" script to set all your variables
like $FWDIR, $CPDIR, and so on. To run your script from cron, your
script needs to do that as well so it has the same variables you would
after logging in interactively.
To "source" the script, we're talking about running the Checkpoint
script to set the variables, but continue running your own shell script
after that without losing the variables, which normally means running it
with "<dot> <space>" in front of it in your script, as in:
. /opt/CPshrd-R60/tmp/.CPprofile.sh (in the case of R60 that I'm
backing up with upgrade-export here)
If you don't source it with <dot> <space>, but rather just run the
.CPprofile.sh script in the middle of your own shell script, you won't
get the results you're trying for.
The basic script I'm using for R60 is this (with other logic, tests,
reporting, cleanup, etc, wrapped around it, but this does the backup
part). This particular box is R60 on Solaris 9, but the basic script is
the same with possibly different locations for the checkpoint files in
R54. The #! line has to be on line 1, character 1 to work, so don't put
comments or blank lines above that command if you want it to force that
shell to run your script. Everything else you can change:
#!/bin/sh
. /opt/CPshrd-R60/tmp/.CPprofile.sh
CMD=$FWDIR/bin/upgrade_tools/upgrade_export
BKPDIR=/opt/backups/
FILE="`/bin/date '+%Y%m%d'`.cpbackup"
echo "\n" | $CMD ${BKPDIR}${FILE}
The echo part feeds a newline (enter key) to the program, because it
looks for one, obviously assuming nobody would ever plan to run it in a
shell script launched by a cron job, like a lot of us are doing ;-) By
scripting it like that, every time I upgrade the firewall version, I
just change the variables I have at the top of the script for file
locations, directory naming (like the CPshrd-R60 part), and so on, and
the rest of the script logic I can usually leave alone.
Hope that helps explain why your script is probably not working, and
clears up why you need to do it that way. If not, maybe someone else
can explain it better than I can.
Bruce
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Edouard
Zorrilla
Sent: Wednesday, January 03, 2007 21:29
To: [email protected]
Subject: Re: [FW-1] Automating upgrade_export to backing up FW-1 AI R54
configuration in Solaris 2.8
Thanks Sir,
Excuse me, but now I keep getting "source: not found", could you please
tell me what is your complete script otherwise how to overcome this
problem, I guess you have faced with this issue before.
Regards
----- Original Message -----
From: cisco4ng
To: Mailing list for discussion of Firewall-1
Cc: [EMAIL PROTECTED]
Sent: Wednesday, January 03, 2007 8:45 AM
Subject: Re: [FW-1] Automating upgrade_export to backing up FW-1 AI
R54 configuration in Solaris 2.8
I do not use R54 but I am using R55w and Provider-1 and the way to
automate
the upgrade_export process would be:
source /opt/CPshrd-R55/tmp/.CPprofile.csh
cd /tmp
echo "/opt/CPmds-R55" | /opt/CPmds-R55/scripts/mds_backup
The key line here is: source /opt/CPshrd-R55/tmp/.CPprofile.csh
You may have to change 55 to 54.
HTH
Edouard Zorrilla <[EMAIL PROTECTED]> wrote:
Hello,
I'm struggle with getting a crontab working to automate the
upgrade_export process on Checkpoint NG R54; even though I'm not a shell
guru, I believe my issue is with syntax of getting the crontab to
execute the upgrade_export command. I've pasted what I have done:
-------------------------------------------
bash-2.03# more /export/home/ezorrilla/cpbackup.sh
FWDIR=/opt/CPfw1-54
export FWDIR
YYMMDD=`getdate`
$FWDIR/bin/upgrade_tools/upgrade_export -n
/export/home/ezorrilla/BKP-CONFIG-$YYMMDD
bash-2.03#
-------------------------------------------
When I run the script using a crontab I get the error:
bash-2.03# more bkp.rerr
Checking the existence of necessary files...
Error: /opt/CPfw1-54/conf/rulebases.fws does not exists, aborting
upgrade
Error: Not all the necessary files have been exported.
Nevertheless, when I run this script inside solaris shell it works
and I get:
bash-2.03# $FWDIR/bin/upgrade_tools/upgrade_export -d -n
/export/home/ezorrilla/BKP-CONFIG-$YYMMDD
Checking the existence of necessary files...
Copying files to temp dir...
Building configuration file...
Compressing the files...
The export operation finished successfully.
Note: /export/home/ezorrilla/BKP-CONFIG-.tgz contains your Security
configuration, it is highly recommended to delete it after completing
the process.
Could someone tell me if you run into this issue before so that I
can make it works. Thanks in advance for your assistance.
Regards
Edouard
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
[EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email [EMAIL PROTECTED]
=================================================
***************************************************************************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be legally
privileged.
If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.
If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.
Thank You.
****************************************************************************
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
