Software

Check Point: SmartDashboard crashes when editing Management server object

I recently had an annoying issue with my Check Point Smart Dashboard.

Each time I connected to the Management with SmartConsole and editing the Security Management server object it causes an application crash. The crash would start with a UAC popup from the Windows registry:

Followed by the Check Point SmartSashboard application crash itself with the following message:

—————————
Check Point SmartDashboard
—————————
Check Point SmartDashboard has experienced a serious problem and must close immediately. Technical information will be saved in ‘C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\data\crash_report\FwPolicy.exe_990180413_1516652973.zip’.
If problem persists contact technical support or consult sk97988 to check whether solution exists.

 

To correct this problem I attempted the following solutions
Please note:  The solution which worked is at the bottom of this blog post (skip away, if you wish).

From sk100507:

I attempted to resolve the problem,  by cleaning the SmartConsole cache on the Security Management server.

To do so, I had deleted the C:\Program Files (x86)\CheckPoint\SmartConsole\R7x.xx\PROGRAM\data\CPMICache\ <machine name>

This did not work.

 

From sk100507:

I followed the procedure for deleting the GUI cache from the management server itself via the following steps:

Connect to the command line on Security Management server (over SSH, or console).

  1. Log in to the Expert mode.
  2. Stop Check Point services:
    [Expert@HostName]# cpstop
  3. Backup and remove the current cache files:
    [Expert@HostName]# mkdir -v /var/log/GUI_cache_bkp
    [Expert@HostName]# mv $FWDIR/conf/applications.C* /var/log/GUI_cache_bkp/
    [Expert@HostName]# mv $FWDIR/conf/CPMILinksMgr.db* /var/log/GUI_cache_bkp/
  4. Start Check Point services:
    [Expert@HostName]# cpstart
  5. Wait for 5-10 minutes for the cache to rebuild.
  6. Connect with SmartDashboard to Security Management Server.

This did not work.

 

And.. Finally a solution that did resolve this issue
From sk110712 – SmartConsole / SmartDashboard crashes when editing Management server object

Symptoms:

Connecting to Management R77.30 or R77.30.X with SmartConsole R77.30 and editing the Security Management server object causes an application crash.

Resolution:  By Using the GuiDBEdit Tool

 

  1. Close all SmartConsole windows.
  2. Connect to Security Management Server with GuiDBedit Tool.
  3. Navigate to Network Objects -> network_objects -> <Security Management object> -> portals
  4. Right-click and reset the portals.
  5. Save the changes: go to ‘File’ menu – click on ‘Save All’.
  6. Close the GuiDBedit Tool.
  7. Connect to Security Management Server / Domain Management Server with SmartDashboard.

 

This worked and problem now resolved

Hyper-V Virtualization: Turning Hyper-V On and Off

I recently started using Hyper-V on my Windows 10 workstation to task advantage of using technologies such as Docker that leverages Hyper-V to run its container images.  I also run VMware Player for running virtual machines.

The following commands make it a simpler task to toggle Hyper-V on and off again.

To Turn Hyper-V off, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype off

To turn Hyper-V back on, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype on (or auto start)

 

Note:  Quick method to check the status of Hyper-V – Get-WindowsOptionalFeature -Online -FeatureName *hyper*

Microsoft: Meltdown and Spectre Check via PowerShell

Like many folks around the world, I was wondering if this Meltdown and Spectre flaw would impact my computers and virtual machines.  Microsoft has started to release emergency fixes for Windows 10 and its been said that Windows 8 and legacy 7 will also receive patches.

Microsoft has released a PowerShell script that lets users check whether they have protection in place.

Steps to take:

  1. Open PowerShell (I like to use PowerShell ISE)
  2. Run PowerShell as as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. When the installation completes, type Import-Module SpeculationControl and press Enter.
  5. Type Get-SpeculationControlSettings and press Enter.

In the list of results that’s displayed, you’re looking to see that a series of protections are enabled — this will be listed as True.  Ref: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Should reassemble 

Speculation control settings for CVE-2017-5715 [branch target injection]

  • Hardware support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

  • Hardware requires kernel VA shadowing: True
  • Windows OS support for kernel VA shadow is present: True
  • Windows OS support for kernel VA shadow is enabled: True
  • Windows OS support for PCID optimization is enabled: True

 

 

 

Network Wide Ad & Malicious Website Blocking | Pi-Hole

For a few months now I have used the software package named Pi-Hole as an internal network DNS server to prevent ad sites in addition to malicious websites from being accessible form compute resources on my home network.

Pi-Hole is a small install that can be installed on any Linux system and it works like a charm.

Install is simple, just run the following command:

curl -sSL https://install.pi-hole.net | bash

Answer a few questions about how you would like the software configured and your up and running.

This is a very useful software this gives you many options to report on the activity of the systems on your network and what connections were requested and those blocked.

For more information and details please visit: https://pi-hole.net/

The following video also shows the installation process via a Putty SSH session.

 

Malicious Listsused to block phishing, and malware sites

 

https://v.firebog.net/hosts/Airelle-hrsk.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/Prigent-Phishing.txt
https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 

*Update*

Almost 50% of my home network traffic is junk, and so is yours. Do something about it, because your privacy is being taken from you and sold.

https://lnkd.in/eASeWW5

Backup of VMware vCenter Server Appliance 6.5

It’s always a good idea to backup your work to provide you a way to recovery if things go wrong with your environment. Running an home lab I have cause my own share of issues many of times which had forced me to reinstall and configure my vCenter environment. Moving forward I will be taking advantage of the backup features included with the vCSA.

Using The vCenter Server Appliance Management Interface (VAMI) an administrator uses the HTML5 web interface to perform administrative tasks to the appliance configuration. These tasks included changing the host name, the network configuration, NTP configuration, applying patches / updates and performing backups.

Once logged into the VAMI, under the Summary tab, Click on “Backup” to start the backup of the vCenter Sever appliance.

There are options allowing you to perform a backup using different protocols and location settings. These include the following: FTP, FTPS, HTTP, HTTPS, SCP.

Next specify the protocol of choice and then the credentials for accessing the remote location where the backup will be stored. As an added option, you can encrypt the backup data before transferring.

Click Next

 

A minimum set of data needed to restore the appliance will be backed up by default. This includes the data such as OS, VC services, vCenter Server database, inventory and configuration. Historical data such as tasks, events, and alarms.

Click Next

You get a final review before you click Finish to start the backup process

Depending on the data size of the vCenter server appliance, backups will take a few minutes to complete.

When completed, Click on OK