View Full Version : Is it possible to extract database/rules in readable format from backup??

Adso de Melk
2009-08-12, 16:11
Hi folks!

Despite I have been wandering around the forum for some weeks already, it is first time I decided to post myself. Lets go for the 1st question!

I have got a production environment with SmartCenter server running on SecurePlatform. I would need to check the status of rules from a couple of weeks ago, but the problem is that I haven't got any database revision from this date.

The only thing I have got from this date is a backup taken via "backup_start all". I'm wondering if there is any kind of utility that would help me to extrack the database/rules in a readable format from the tgz file. (I can not restore the backup as we have got only the production system and restore would cause several important changes to be lost)

Does anyone know if this would be possible?

Thank you all in advance!

2009-08-12, 17:06
yes there are some tools.
http://www.wormnet.nl/ and WYAE - FWdoc - Firewall Documentation (http://www.wyae.de/software/fwdoc/)

Extract this files from the backup and transfer them to a different machine which has perl installed

- var/opt/CPsuite-R65/fw1/conf/objects_5_0.C
- var/opt/CPsuite-R65/fw1/conf/rulebases_5_0.fws

optional for SecureClient Desktop rules
- var/opt/CPsuite-R65/fw1/conf/slprulebases_5_0.fws

2009-08-12, 17:42
Don't forget your Audit logs - they can be difficult to read, but you might be able to get enough info out of them too.

2009-08-12, 18:20
Another option might be to build an offline VM and do a restore into that?

Once you've done that you could use confwiz to extract out the rules if needed.

Might be easier??

2009-08-12, 22:14
If this is an ongoing concern, the Security Lifecycle Management products like Tufin SecureTrack cover this very well.

Adso de Melk
2009-08-13, 14:53
Hello, it's me again.

I have tried CPRules (http://www.wormnet.nl/), as suggested by dsb.nepo and the result does match my expectations. That's all I need!

Thank you all for your suggestions.