-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT amadeus.us.checkpoint DOT com]On Behalf Of
Previtera, Sal
Sent: Thursday, December 30, 2004 8:43 AM
To: FW-1-MAILINGLIST AT amadeus.us.checkpoint DOT com
Subject: Re: [FW-1] HFA's for R55
Do we really want to apply an HFA as soon as it comes out?
The last few HFA that were released were fixing one thing while breaking
another. I hope that Checkpoint does not repeat it again.
I could get the same thing from our be-loved Microsoft.
Ron,
Checkpoint can use this mailing list to update us on new HFA release, also
A Web page on their download section just on HFA release would help...but
with the myriad of Checkpoint and OPSEC products now available it could get
really confusing. Sorry, I do not think there is an easy way.
Sal, and all,
For us, it's not so much a matter of applying HFAs immediately. It's about
not being blind-sided when checkpoint support asks, "Are you on the latest
HFA?" Things like that.
There *is* an HFA link from the Downloads section. From here:
http://www.checkpoint.com/downloads/index.jsp
there's a "Current Hotfix Accumulators (HFAs)" link:
http://www.checkpoint.com/techsupport/hfa.html
>From there, it's trivial to scoop up the appropriate URL and feed it to curl
(as opposed to wget, which seemed to get hung up on a login screen) and then
play with the result.
curl (support for about 2 dozen platforms) is here:
http://curl.haxx.se
Please forgive the ugliness, this is about 10 minutes worth of effort:
In input.txt (note the specific product):
http://www.checkpoint.com/techsupport/downloadApp/displayDownloads.jsp?the_p
roduct=VPN-1/FireWall-1&version_selected=NG%20with%20Application%20Intellige
nce&os_selected=Solaris%202.9&patchlevel_selected=R55%20-%20Hotfixes
In hfa.sh:
#!/bin/sh
#
# Detect change to available HFA on the Checkpoint web site.
#
# 12/31/04 - rjack AT nando DOT com - Happy New Year!
#
#
# Change as needed
#
path="/root"
extension="tgz"
infile="input.txt"
outfile="output.txt"
user="rjack"
#
# curl is available at http://curl.haxx.se
# Like wget, but with more features.
#
curl -o "$path"/"$outfile" `cat "$path"/"$infile"`
#
# Looking for the link to the archive file, the HFA itself.
#
grep "$extension" "$path"/"$outfile" | head -1 | cut -d/ -f12 |
cut -d'"' -f1 > "$path"/hfa2.txt
#
# Easily broken call to grep. Hope Checkpoint doesn't change
# their HFA pages... Looking for "Last updated" date.
#
grep LinkNoUnderlineFootnote "$path"/"$outfile" | grep '<nobr>' | head -1 |
cut -d">" -f5 | cut -d"<" -f1 >> "$path"/hfa2.txt
x=`head -1 "$path"/hfa1.txt`
y=`head -1 "$path"/hfa2.txt`
#
# Compare known version to version found at site,
# send mail if they don't match.
#
if [ "$y" != "$x" ]
then
cat "$path"/hfa2.txt | mailx -s "New Firewall HFA Available!" "$user"
fi
#
# reset known version
#
mv "$path"/hfa2.txt "$path"/hfa1.txt
============================end=====================
And here's all that's sent in the email:
SHF_HFA_R55_12.solaris.tgz
7-Dec-04
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
