Convert Checkpoint R70 Binary file to readable format

Do you know that Checkpoint stores it logs in binary format. This will be only decoded to to readable format when its being called by the SmartTracker program which comes with Checkpoint R70 software.

Alternatively you can use other commercial product such as “ManageEngine – Firewall Analyzer” & “Sawmill” to read the log file.

What happen if you dont have money to buy those software and would like to conduct investigation on a security event which occurs recently in your organization.

You can still use the checkpoint “fwm logexport” command to convert the binary format log file to readable format, such as “ascii”.

Follow the steps below to convert your file.

Steps

1. Login to your Chekpoint R70 as expert mode via SSH.

2. Go to the directory where your logs file are kept.

3. Issue the command below:

“fwm logexport -i 2009-11-03_235900.log -o 2009-11-03_235900_read.log -p”

4. There should be new file “2009-11-03_235900_read.log” created in your current directory. Use the cat, vi command to read the file.

Where:

“-i ” is your input log file which is in binary format.

“-o” is you output log file which will be in readable format.

“-p” is to exclude the port number from being resolve

Backup and Restore Checkpoint R70 Configuration Files

Backup and restore program is used to backup the current configuration of Checkpoint R70. This is a very important step need to be followed in order to restore all the Checkpoint configuration in an event of failure.

This backup will also copy out current rules (Policy) available in you firewall.

Backup R70 Configuration (Machine A)

Steps to backup checkpoint configuration as follow.

1. Login to the Checkpoint R70 as expert mode.

2. Navigate to the “/var/CPBackup/backup/backups” folder in your unix environment.

3. Run “backup”.

4. The earlier command will run for few minutes and create a file starting with “BACKUP…” in your backup directory.

5. Copy and save this file in safe place. You will need this file during the restore process.

Restore CheckpointR70 Configuration (Machine B)

Steps to backup checkpoint configuration as follow.

1. Login to the Checkpoint R70 as expert mode.

2. Navigate to the “/var/CPBackup/backup/backups” folder in your unix environment.

3. In the backups folder run “restore <backupfilename>”.

Note <backupfilename> is the Checkpoint configuration backup file which we have earlier backup.

4. Wait for few minutes, this process can take a while since it will start restoring every each configuration including routing, licensing and etc.

5. Use the Checkpoint provided Smart Dashboard to verify the rules (policy). Alternatively if you have install the Chekpoint R70 portal. You may login to the portal and check the routing table and licensing information.

Note: In order to login to the Smart Dashboard you will need to add in your machine current IP address in GUI Client menu as well in the Checkpoint R70 rules.

Upgrading Process – Backup Checkpoint R62 Configuration Files to import into Checkpoint R70

Note: This steps should be only followed during upgrading process from Checkpoint R62 to R70.

Step to backup R62 configuration files as follow:

1. Login to Fenix till expert mode.

2. cd $FWDIR

3. cd bin/upgrade_tools

4. Run “./upgrade_export <Filename>

5. Your output should be stored in “/opt/CPsuite-R62/fw1/bin/upgrade_tools”  with *.tgz

Uninstall Norton Symantec Enpoint With Password

Have you use Norton SEP (Symantec Endpoint Protection) before? I’m using it in the office to ensure my computer is free from any spy-ware or viruses.

Each time you try to uninstall the Norton SEP, it will prompt for you to enter the password when its being managed by the server. So how to remove it? See below for the answer.

Steps

1. When you got the prompt password window. Open the task manager and look for the “msiexec.exe” program which not running on SYSTEM account.

Note: I’m not using task manager and prefer the process explorer.

2. Kill this process from the task manager.

3. Leave the uninstallation process and go for a cup of coffee.

Its that to simple for Norton protection. Yaks!!!!!!

Changing MAC Address

Real MAC address

Quite a number of people thinks that MAC address can’t be change and it is well secured compared to the other unique identifier on machine like IP address.

Here we will prove to them, their theory is not right. Let see how to change MAC address in a Linux platform.

I will be using the wonder OS, Ubuntu and macchanger to accomplish this mission.

Steps:

Note: Remember you need to have root privilege to change MAC address.

1. Open a terminal window.

2. Run “apt-get install macchanger” to download the macchanger program.

3. Disable Enable Networking on you taskbar or issue command a below.

“ifconfig wlan0 down“

“wlan0” above is you network card interface.

4. Once downloaded macchanger run the following command to change your MAC address

“macchanger –mac 00:11:22:33:44:55 wlan0“

“00:11:22:33:44:55” can be set to your own new MAC address.

“wlan0” above is your network card interface

5. Enable back your Networking on you taskbar or issue command “ifconfig wlan0 up“

If you need further information or setting on macchanger you may run the “macchanger –help” command in your terminal

Now you should be able to see you your new mac address by issuing “ifconfig“

Fake MAC address

Check Your Linux Flavor

Every Linux OS have its own flavor.

So how do you identify this flavor in your linux.  You don’t need to worry about this when your machine has been installed with Gnome or KDE.

How about for machine which is running the Linux environment in X.

Try running “gcc -v“. This command will help you to show the flavor used.

Example Output:

Reading specs from /usr/lib/gcc-lib/i486-slackware-linux/3.3.4/specs
Configured with: ../gcc-3.3.4/configure –prefix=/usr –enable-shared –enable-threads=posix –enable-__cxa_atexit –disable-checking –with-gnu-ld –verbose –target=i486-slackware-linux –host=i486-slackware-linux
Thread model: posix
gcc version 3.3.4

Manually Installing *.xpi – Firefox Extension

You able to download the extension file (*.xpi)  from the download link.

When you try to execute this file, it might open the archive file and show its content.

This is the same situation I’m facing tonight. So while googling around, it seems to be to easy.

Solution:

Drag this *.xpi file to your Firefox Addons window. Thats all the system will start performing the installation.

That is easy right.

Facebook Chat in Meebo

While going through the Meebo website . I notice there are few changes taken place on its chatting functionality.

Meebo have team up with Facebook.

Now you able to chat with your facebook friends via the meebo.  All you have to do is providing your Facebook login information in Meebo.

TinEye – Image Forensic Tool

TinEye act as a reverse image search engine.

It helps you to re-locate the location of a certain picture. By just upload or sending the URL of a picture. The application is able to determine the rough location of the uploaded picture.

Now, with this tool we can check all those social engineering site like Friendster and Facebook user from uploading a different picture of them self in the net.

Click Here . Have fun.

Adding Static Route in Ubuntu

Adding static route in Ubuntu is not to hard. Its just a matter of changing the configuration file. Perhaps you already know what is the network routing you want to define.

To do this in Ubuntu 8.10 we need to change the network configuration file.

Steps

1. Login in the system with the system administrator privilege.

2. Open the network configuration file with a editor. I will be using “vi editor” in this case.

example : “vi /etc/network/interfaces“

3. Go to last line and add your routing.

example “up route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0“

4. Save your changes and exit the editor.

5. Restart the network service with “/etc/init.d/networking restart“

6. Verify your routing by sending “route” command.

Note: The “route add” command used by me in this article is just for example purpose. The way to define and use this is up to your network settings. My intension in this article is just to show you how to configure static route.