creating a NON-CPSHELL new user on secureplatform (SPLAT) vi CLI

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services

THIS PAGE IS UNDER CONSTRUCTION AND INCOMPLETE

I may not finish this page since Gaia has been out so long. The purpose would be to create a secure user account that could login to a bash shell and perform useful O.S. operations. This would be done without root or expert access, and without cpshell restrictions. The user account should be able to perform backup operations and monitoring. Maybe Check Point configurations if we installed the product and granted user group permissions during the install.

For creating a more "vanilla" SPLAT cpshell user (the easy way), go here creating a new user on secureplatform via CLI

fix /etc/profile permissions

Check Point screws up the permissions on /etc/profile in SPLAT. In Gaia, it appears to be fixed. Regular users should have read access. Check /etc/profile permissions, if users don't have read access, set it with chmod.

[Expert@chkpfw1]# chmod 644 /etc/profile


add user group to ssh AllowGroups

By default, SPLAT only allows members of the root group to ssh in. We will try to be secure and another group to the allowed list. I am being old fashioned, and using the legacy Unix wheel group

[Expert@chkpfw1]# sed -i -e 's/AllowGroups root/AllowGroups root wheel/' /etc/ssh/sshd_config


to be continued(maybe)...