Thanks for your replies Francisco and David, First of all, I´m very well aware of the fact that SPLAT is not Red Hat, I just mentioned it because I know it is based on it and there are certain things you can do on it as you would on RH. I´m also very aware that SPLAT is a hardened OS and is not intended for anything else but running Check Point software, but I´m sure you guys know that sometimes you just need to bend things a bit when working with limited resources and require to achieve miracles on a network.
This SPLAT machine is NOT a firewall, it's just running a SmartCenter and it is located on a very protected area of this network. As I mentioned before, several options have been analyzed prior to decide to go with the solution we are trying to implement and be sure we really know what we are doing. Actually I did not give out all the details of the deployment, so with all due respect, I don't think you are in a position to judge if I'm going in the right direction or not. Regarding the info you provided about the paths where I could find the CPprofile and about the fact that with the admin user you are just getting a cpshell and not bash will be of a big help, I had not thought about that and maybe what we need is to make a change in the /etc/passwd file to allow for admin to go straight to bash without having to use the expert command. Once again, I really appreciate the time you took to reply to my posting. Regards On 7/12/07, David DeSimone <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sergio Alvarez <[EMAIL PROTECTED]> wrote: > > OK, so nobody answered anything about my previous posting (bellow), > but I found the SPLAT installation disc contains an RPM for Telnet, so > we are going to try with that. I think nobody answered you because we may feel that you are proceeding in the wrong direction. The solution you describe is probably going to be fragile, and not really work as effectively as you think it will. > This guy, obviously more Linux knowledgeable than me, says he tried > adding the extra paths he needs using $path:, and usually on any other > Red Hat, he adds that in .profile or etc/profile so the changes are > not lost, but he did that in SPLAT and did not work, so we need to > know how to go about that. SPLAT is not "just a red hat box with checkpoint on it." It is a hardened OS platform. That means many features you find on a generic Linux server will be missing, and that is BY DESIGN. Missing components and services cannot be exploited. If you add them, you are reducing the security of your box. This box is just a firewall, and you would do better to treat it as just that. Your customer installed SPLAT for a reason. If he wanted a regular Red Hat box running Checkpoint, then he should have installed that. I guess he would have been happier that way. One of the problems you are likely running into is that the admin account has a shell of /bin/cpshell, which cannot just run standard commands. If you want to proceed with this, you might need to create another account, or use the root account, which has a shell of /bin/bash. The bash shell should obey your expecations about reading .profile or /etc/profile in order to set paths correctly. The "expert" shell that you get is a subshell, and so it does not read the .profile or /etc/profile, but that will not necessarily be the case for a script that you launch via cron, or some other mechanism. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGlrACFSrKRjX5eCoRAiBLAJ0eiMpjWlGyakMHtVuvKKvxeOT39ACfQ4md uj5aDH8GBH2GOBjSotQ7oxE= =DPD+ -----END PGP SIGNATURE----- ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
