Solved

Stop Checkpoint FW1 security policy from loading at boot: Solaris

Posted on 2004-08-07
9
1,472 Views
Last Modified: 2013-12-05
Solaris 8.
I am trying to get the fw1 module not to load at boot time. I have removed the startup and there is no FW process running.

From what I can tell in /etc/init.d there isn't anything loading.

Where is module being loaded from?

0
Comment
Question by:SrArtemis
9 Comments
 
LVL 4

Expert Comment

by:net_sec_guru
Comment Utility
check out /etc/fw.boot

and what about the file:
/etc/rc2.d/Sxxcpp??? - can't think of the exact file name right now... and the "xx" is the number it's assigned.

It's the file that starts the firewall service...
0
 

Author Comment

by:SrArtemis
Comment Utility
I removed all the FW startup files from the rc2 and rc3 directories already.  

Ps -ef | grep fw shows no processes. The security policy is being launched from something else.

0
 

Expert Comment

by:EdUSC
Comment Utility
do a cpstat -fw  to see what policy is loaded.  If there aren't any fw processes then the policy can't be active.

Why do you think it is loading?
0
 

Author Comment

by:SrArtemis
Comment Utility
I do not have cpstat on the machine unfortunately.

I know it is loading for two reasons:

1) on boot it shows FW-1 loading modules and fwstrmodwput for the interface.

2) When trying to connect via samba from windows it fails until I run /opt/CPfw1-41/bin/fwstop...then it reports to standard out:

Cannot kill fwp pid -fine we know it is not running
Cannot kill snmp pid - same
Cannot kill fwm pid -same
Unistalling security policy from all.all@host
Done

Then samba works fine.....

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Expert Comment

by:EdUSC
Comment Utility
run dmesg and see if you can pick out the startup line for the module.  It may have a path for you.

I didn't realize you were on 4.1 which does not have the cpstat command.
0
 
LVL 3

Accepted Solution

by:
dschwartzer earned 50 total points
Comment Utility
Firewall kernel loads the policy - not a user process.
If you're running NG, run cpconfig -> Automatic Start of Check Point products. There you can choose whether fw will load during boot.

Anyway to see the currently installed policy, run "fw stat", to unload the policy from the current computer and revert to "any-any-accept" run "fw unloadlocal".

Just for the information - any-any-accept is not completely equal to the absence of the FW on the machine - some kind of basic sanity inspection is still applied. This is not a problem for you, because if policy uninstall solves your problem.

HTH,
d
0
 

Author Comment

by:SrArtemis
Comment Utility
I am not running NG. I am really not sure what NG is?

I ran fw stat and the following was reported:

localhost defaultfilter 5aug2000: [>qfe1]

I then ran fw unload localhost.
unistalling security policy from all.all@bork

fw stat again:
localhost -                           : <qfe1

I tried running fw unload qfe1 and got back the following:
unistall security policy from qfe1: No license for remoter unistall.

When I reboot it doesn't change anything. dmesg reports back that fw0 is /pseudo/fw@0
FW-1: fwstrmodwput: loading default filter on qfe1

Thoughts





0
 

Expert Comment

by:EdUSC
Comment Utility
Uninstall Checkpoint or create a startup script that performs a fw unloadlocal.  S99local would work.
0
 
LVL 3

Expert Comment

by:yokel
Comment Utility
cpconfig still works on versions previous to NG? If not try fwconfig (can't remember).
Once there as dschwar... says above, you should get an option to not start Checkpoint at startup.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now