Solved

Stop Checkpoint FW1 security policy from loading at boot: Solaris

Posted on 2004-08-07
9
1,486 Views
Last Modified: 2013-12-05
Solaris 8.
I am trying to get the fw1 module not to load at boot time. I have removed the startup and there is no FW process running.

From what I can tell in /etc/init.d there isn't anything loading.

Where is module being loaded from?

0
Comment
Question by:SrArtemis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 4

Expert Comment

by:net_sec_guru
ID: 11745081
check out /etc/fw.boot

and what about the file:
/etc/rc2.d/Sxxcpp??? - can't think of the exact file name right now... and the "xx" is the number it's assigned.

It's the file that starts the firewall service...
0
 

Author Comment

by:SrArtemis
ID: 11752256
I removed all the FW startup files from the rc2 and rc3 directories already.  

Ps -ef | grep fw shows no processes. The security policy is being launched from something else.

0
 

Expert Comment

by:EdUSC
ID: 11753392
do a cpstat -fw  to see what policy is loaded.  If there aren't any fw processes then the policy can't be active.

Why do you think it is loading?
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 

Author Comment

by:SrArtemis
ID: 11755150
I do not have cpstat on the machine unfortunately.

I know it is loading for two reasons:

1) on boot it shows FW-1 loading modules and fwstrmodwput for the interface.

2) When trying to connect via samba from windows it fails until I run /opt/CPfw1-41/bin/fwstop...then it reports to standard out:

Cannot kill fwp pid -fine we know it is not running
Cannot kill snmp pid - same
Cannot kill fwm pid -same
Unistalling security policy from all.all@host
Done

Then samba works fine.....

0
 

Expert Comment

by:EdUSC
ID: 11756864
run dmesg and see if you can pick out the startup line for the module.  It may have a path for you.

I didn't realize you were on 4.1 which does not have the cpstat command.
0
 
LVL 3

Accepted Solution

by:
dschwartzer earned 50 total points
ID: 11763541
Firewall kernel loads the policy - not a user process.
If you're running NG, run cpconfig -> Automatic Start of Check Point products. There you can choose whether fw will load during boot.

Anyway to see the currently installed policy, run "fw stat", to unload the policy from the current computer and revert to "any-any-accept" run "fw unloadlocal".

Just for the information - any-any-accept is not completely equal to the absence of the FW on the machine - some kind of basic sanity inspection is still applied. This is not a problem for you, because if policy uninstall solves your problem.

HTH,
d
0
 

Author Comment

by:SrArtemis
ID: 11764483
I am not running NG. I am really not sure what NG is?

I ran fw stat and the following was reported:

localhost defaultfilter 5aug2000: [>qfe1]

I then ran fw unload localhost.
unistalling security policy from all.all@bork

fw stat again:
localhost -                           : <qfe1

I tried running fw unload qfe1 and got back the following:
unistall security policy from qfe1: No license for remoter unistall.

When I reboot it doesn't change anything. dmesg reports back that fw0 is /pseudo/fw@0
FW-1: fwstrmodwput: loading default filter on qfe1

Thoughts





0
 

Expert Comment

by:EdUSC
ID: 11764625
Uninstall Checkpoint or create a startup script that performs a fw unloadlocal.  S99local would work.
0
 
LVL 3

Expert Comment

by:yokel
ID: 11767816
cpconfig still works on versions previous to NG? If not try fwconfig (can't remember).
Once there as dschwar... says above, you should get an option to not start Checkpoint at startup.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Write an app 10 79
UNIX SCP 5 96
Content Filtering by Search Term with a Smoothwall Firewall 1 226
Need help on Windows Firewall blocking program 7 94
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question