CPUsers.pl - Perl program to convert the export file created with 'fw dbexport' to a CheckPoint compatible database file (users.C).
When creating the program for CPRules, the lack of user data became apparent. The only way to get the users from a CheckPoint Firewall-1 installation is to run a 'fwm dbexport' to export the users stored in the fwauth.NDB databasefile. This results in a comma delimited file which is impractical to use with the CPRules program.
In version R55 of the GUI we suddenly discovered a file called users.C which did (also) hold all user data, but in a 'normal' database format. This might well be the way CheckPoint is going, but unfortunately for now we don't have that luxury. As CPRules is written to read the CheckPoint databases we decided to write a script to convert the output of the dbexport to a normal CheckPoint database format.
There are two options one can use when exporting the users on a CheckPoint management server:
To export the users:
fwm dbexport -f <output file name> To export the usergroups:
fwm dbexport -g -f <output file name>
Both resulting files should be supplied to this program at the same time and will be converted to one output file. The program will put the users in the right groups for you.
The commandline options are only used to define all the files used. The official way is to use 'switches' before the filenames to identify the use:
perl CPUsers.pl -u <export file of users> [-g <export file of groups>] [-o <output file name>]
These switches can be used in random order.
The short version of the commandline is to use no switches, but supply just the filenames. In this case the order is important:
perl CPUsers.pl <export file of users> [<export file of groups>] [<output file name>]
As you might notice in the above examples, the <export file of users> is mandatory, but the <export file of groups> not. Nor is the <output file name>. In case the groupsfile is missing, the software will create the groups from the userfile. In this situation some information will be missing, as there are no comments nor group membership of groups.
If the outputfile is missing, the default filename 'users.C' will be used.
This script is the first version of CPUsers and hopefully the last.
However bug reports and requests for modifications can be send to Peter-Paul.Worm@wormnet.nl
Peter-Paul Worm (Peter-Paul.Worm@wormnet.nl)