Wget in Gaia R77.30

[venkata]

Hello All,

Can someone tell me where the wget is in Gaia R77.30 or did Checkpoint replace it with something else?

#find / -name wget did not come back with any results.

Thanks in Advance!

[cciesec2006]

Hello All,

Can someone tell me where the wget is in Gaia R77.30 or did Checkpoint replace it with something else?

#find / -name wget did not come back with any results.

Thanks in Advance!

This is the idiotic about Checkpoint. they took away wget utilities. In R65/R71 and even R75, there is an add-on package that you can install to get wget but no more with R77.30 and above. Why can't add lynx since this is a built-in with IPSO. Isn't Gaia combining the best between SPLAT and IPSO? Guess not.

[Expert@lab-fw]# fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_70, Hotfix 670 - Build 033
[Expert@lab-fw]# which wget
/usr/bin/wget
[Expert@lab-fw]#

[jflemingeds]

Hello All,

Can someone tell me where the wget is in Gaia R77.30 or did Checkpoint replace it with something else?

#find / -name wget did not come back with any results.

Thanks in Advance!

yes, they replaced wget with curl. I can't say for sure, but my guess is they did this just to spite PIX admins.

[Bob_Zimmerman]

Huh. I've never thought about installing wget on a Check Point box. I've always just used SCP or curl. They could have stripped that out and left us with 'fetch'.

What are you trying to accomplish with wget? There may be another way to do it.

[danjun]

I'm using the curl_cli command to fetch the ccc script onto Check Point machines.

Example:

curl_cli http://dannyjung.de/ccc | zcat > /usr/bin/ccc && chmod +x /usr/bin/ccc

[Bob_Zimmerman]

WARNING! THIS DOWNLOADS A REMOTE FILE OVER HTTP AND MAKES IT EXECUTABLE. THIS IS DANGEROUS!

Code:

curl -O http://dannyjung.de/ccc && chmod u+x ccc && mv ccc /usr/bin/

The -O switch to curl causes it to save the data to a file in the PWD with the same name as the remote file.

Be really careful doing this. HTTP has no authentication, obviously, so somebody who could impersonate dannyjung.de could hand you completely different data. TLS certificates are free, so the provider of the script should really get one and stop offering HTTP at all.

Edited to add: Oh. Derp. Just saw the person I sort-of replied to is the provider of the script. Check out ACME and Let's Encrypt. Seriously, TLS certificates provided via an automated system for free, and they're trusted by all the current browsers. I would never download code straight from some site out on the Internet to my firewall via HTTP.

Back to the OP, depending on what you're trying to do with wget, it should be pretty straightforward to do with curl instead.

[jflemingeds]

or just put it in github and have the link be to the raw version. cert issue resolved.

Really cool script BTW. major props.