checkpoint sk33821 and hotfix 249

[cciesec2006]

How can you tell if a system has been patched with Checkpoint hotfix
249 from sk33821? For example, this is my system before the patch:

BEFORE:
[root@Linux-lab hfa_249]# fwm mds ver
This is Check Point Provider-1 Server NGX (R65) HFA_02, Hotfix 602 - Build 003
[root@Linux-lab hfa_249]#

AFTER:
[root@Linux-lab hfa_249]# fwm mds ver
This is Check Point Provider-1 Server NGX (R65) HFA_02, Hotfix 602 - Build 003
[root@Linux-lab hfa_249]#


If you're a consultant walking into a new environment, how can you tell if
a system has been patched with this sk? Installing it again on the same
system is NOT an option. Bad things could happen.

[RayPesek]

Does it support the -k switch, as in

fw ver -k

on a non-P1 system?

Ray

[cciesec2006]

I found the solution myself. For those who are interested, here it is.
The solution is the same for both Provider-1 and SmartCenter:

[root@Linux-lab root]# mdsenv (Provider-1 system only)
[root@Linux-lab root]# cd $CPDIR
[root@Linux-lab CPshrd-R65]# ls
bin database LICENSE.TXT registry svn_HOTFIX_R65_02_bcp.tgz util
conf lib log svn_HOTFIX_ENF_HF_HA02_249_bcp.tgz tmp
[root@Linux-lab CPshrd-R65]#


As you can see, if you see 249 in this directory, then you know.

[Thorpuse]

Not sure about this - doesn't this just mean the hotfix file is on the system, not necessarily that the installer has been run? Or am I missing something....

[cciesec2006]

if you see "svn_HOTFIX_ENF_HF_HA02_249_bcp.tgz" in the $CPDIR
directory, it means that someone did run the "UnixinstallScript" before

[jacobsen]

Hi,

how about to query the cp registry:


[Expert@fw]# ckp_regedit -p "//SOFTWARE//CheckPoint//FW1//6.0//HotFixes"
//SOFTWARE//CheckPoint//FW1//6.0//HotFixes : { HOTFIX_R65_02=[s]1 HOTFIX_ENF_HF_HA02_249=[s]1 }

[Expert@fw]# ckp_regedit -p "//SOFTWARE//CheckPoint//FW1//6.0//HOTFIX_ENF_HF_HA02_249"
//SOFTWARE//CheckPoint//FW1//6.0//HOTFIX_ENF_HF_HA02_249 : { SilentUninstall=[s]/opt/CPsuite-R65/uninstall_fw1_HOTFIX_ENF_HF_HA02_249 -SU }

getting a positive result must not mean, that the hotfix is actualy installed.
it only means, the unixinstallscript (well the binarie which is called then) made that reg entry.

I had the situation when the unixinstallscript ended with error messages and the hotfix wasnt installed proper.
I tried to install the hotfix again, but got the error message "already installed".
After I deleted both registry entries i was able to install the hotfix again.
that solved it.

cheers
J

[Routerkid1]

If the patch has been installed you will see the uninstall option in opt/CPsuite-R65.