CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: fsck on the next reboot in R77.30

  1. #1
    Join Date
    2006-09-26
    Posts
    3,193
    Rep Power
    16

    Default fsck on the next reboot in R77.30

    My R77.30 GAIA has been up for 710 days. I think if I reboot this firewall, it will take about 20 minutes for fsck to complete.

    How do I determine if fsck will be performed on the next reboot on this firewall? What to look for and how to bypass it?

    [Expert@nasa-lunar:0]# uptime
    20:05:34 up 710 days, 16:03, 1 user, load average: 0.24, 0.22, 0.18
    [Expert@nasa-lunar:0]#

    TIA

  2. #2
    Join Date
    2012-07-19
    Posts
    106
    Rep Power
    8

    Default Re: fsck on the next reboot in R77.30

    Quote Originally Posted by cciesec2006 View Post
    How do I determine if fsck will be performed on the next reboot on this firewall? What to look for and how to bypass it?
    I'd guess tune2fs should help out here. There are two values that can trigger a fsck on boot, number of mounts and time passed without a check. To look those up:

    Code:
    [Expert@cpmodule:0]# tune2fs -l /dev/mapper/vg_splat-lv_current | egrep -i 'check|mount'
    Last mounted on:          <not available>
    Default mount options:    (none)
    Last mount time:          Wed Feb 20 11:26:08 2019
    Mount count:              5
    Maximum mount count:      27
    Last checked:             Mon Nov 12 14:22:31 2018
    Check interval:           15552000 (6 months)
    Next check after:         Sat May 11 15:22:31 2019
    Check mount count vs maximum mount count and next check after. It is possible to change the count and last check values using
    Code:
    tune2fs -C n
    or
    Code:
    tune2fs -T now
    respectively.

    Note: I never did that in production, you should test this first on a virtual lab device or something.
    Last edited by Jejerod; 2019-05-16 at 10:22.

  3. #3
    Join Date
    2006-09-26
    Posts
    3,193
    Rep Power
    16

    Default Re: fsck on the next reboot in R77.30

    Quote Originally Posted by Jejerod View Post
    I'd guess tune2fs should help out here. There are two values that can trigger a fsck on boot, number of mounts and time passed without a check. To look those up:

    Code:
    [Expert@cpmodule:0]# tune2fs -l /dev/mapper/vg_splat-lv_current | egrep -i 'check|mount'
    Last mounted on:          <not available>
    Default mount options:    (none)
    Last mount time:          Wed Feb 20 11:26:08 2019
    Mount count:              5
    Maximum mount count:      27
    Last checked:             Mon Nov 12 14:22:31 2018
    Check interval:           15552000 (6 months)
    Next check after:         Sat May 11 15:22:31 2019
    Check mount count vs maximum mount count and next check after. It is possible to change the count and last check values using
    Code:
    tune2fs -C n
    or
    Code:
    tune2fs -T now
    respectively.

    Note: I never did that in production, you should test this first on a virtual lab device or something.

    This is what I am seeing on my R77.30 GAIA Provider-1:

    [Expert@lab-p1-mc:0]# tune2fs -l /dev/mapper/vg_splat-lv_current | egrep -i 'check|mount'
    Last mounted on: <not available>
    Default mount options: user_xattr acl
    Last mount time: Tue Jul 17 13:25:36 2018
    Mount count: 14
    Maximum mount count: -1
    Last checked: Tue Jan 31 13:30:07 2017
    Check interval: 0 (<none>)
    [Expert@lab-p1-mc:0]#

    lab-p1-mc> fwm mds ver
    This is Check Point Multi-Domain Security Management R77.30 - Build 004
    lab-p1-mc> exit
    [Expert@lab-p1-mc:0]# installed_jumbo_take
    R77.30 Jumbo Hotfix Accumulator take_216 is installed, see sk106162.
    [Expert@lab-p1-mc:0]#

  4. #4
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    308
    Rep Power
    13

    Default Re: fsck on the next reboot in R77.30

    Based on that output, it shouldn't fsck on boot unless the box was not shut down cleanly.

    Side-note: ensuring filesystem consistency on unclean shutdown is a problem which has been solved for over twenty years. I don't get how it's taking so long for companies to use the solutions which already exist. ext3 even supports full journaling, but Check Point appears to be running it in ordered data mode.
    Zimmie

  5. #5
    Join Date
    2012-07-19
    Posts
    106
    Rep Power
    8

    Default Re: fsck on the next reboot in R77.30

    Yes, the output looks like there's no fsck based on time or mount count (R80 management has also count -1 and interval 0 as far as I've checked; at least R80.20/30 with Kernel 3.10).

    /Edit: to be really really sure also check /dev/mapper/vg_splat-lv_log
    Last edited by Jejerod; 2019-05-17 at 10:52.

Similar Threads

  1. differences between "reboot" and "mdsstop;sync;sync;reboot"?
    By cciesec2006 in forum Miscellaneous
    Replies: 0
    Last Post: 2015-02-18, 07:45
  2. IP560 Box Reboot
    By vijay_vya in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 8
    Last Post: 2009-12-09, 02:19
  3. Edge auto reboot ?
    By pebbles5 in forum Check Point UTM-1 Edge Appliances
    Replies: 9
    Last Post: 2009-10-09, 05:29
  4. IP530 reboot
    By ccie_security18xxx in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 1
    Last Post: 2007-10-12, 20:50
  5. an unexpected reboot
    By Trealex in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 5
    Last Post: 2007-02-20, 09:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •