Sometimes with Check Point (or any other Linux based appliance) you run across the need for access to a tool that isn’t there. Maybe you’re missing a file system checker or a shipped binary doesn’t support a feature you want. Whatever the use case, this post will show how to add any Debian based OS to your Check Point SMB gateway or R80.x appliance. The R80 appliance must be running Linux kernel 3.10. In this example we will be using Kali Linux.
Note: This is not a Check Point supported action.
For the SMB device (7xx, 14xx, 15xx) we’ll be installing to a USB drive since the SMB devices have little storage. The USB device is assumed to be sda.
For the R80 appliance we’ll be installing into a directory in the home of admin and executing from there.
/home/admin/kali-root/
To start off, you will need a system that has a Debian Based OS installed and you need to be able to connect a flash drive to it.
For my setup, I will be using an Ubuntu VM with a USB device passed through to it.
On the Debian OS, Perform The Following:
1. Install 'debootstrap'
apt install debootstrap
2. Make a new directory to put Kali into. We make it in the home directory for this example.
mkdir ~/kali-root
3. Install Kali-rolling into this directory. The command below will install Kali beside the base OS, as well as openssl and ca-certificates. Use the correct command according to the appliance type:
For an SMB Appliance:
debootstrap --arch armhf --foreign --include=openssl,ca-certificates kali-rolling ~/kali-root http://http.kali.org/kali/
For an R80/AMD64 System:
debootstrap --arch amd64 --include=openssl,ca-certificates kali-rolling ~/kali-root http://http.kali.org/kali/
The “--include” field will allow you to choose packages to include as part of the base image. The SMB command will download and install the ARM architecture and the R80 command will download and install the AMD64 architecture.
4. Now create a tar of this directory.
tar -czvf kali-root.tgz kali-root
5. Plug in your USB drive into your Debian system and format the USB drive with ext4. You can find the USB drive path on your Debian system by running:
lsblk
Then format the drive and mount it:
mkfs -t ext4 /path/of/drive
mount /path/of/drive /mnt
6. For the SMB Appliance, copy the tar file into the /mnt directory and extract the files.
cp kali-root.tgz /mnt
cd /mnt
tar -zxvf kali-root.tgz
For R80, do not extract the files yet, we will do that once it is in the proper directory on the appliance.
cp kali-root.tgz /mnt
7. Now un-mount the drive and disconnect.
cd ~; umount /mnt
On the Check Point System, Perform The Following:
NOTE: You must be in Expert Mode to perform these tasks
R80 Appliance
1. For the R80.x appliance, copy the tar file into the home directory of "admin". Extract the tar file into the home folder. This will extract the Kali file system into a folder named “kali-root”.
mount /path/of/drive /mnt
cd /mnt
cp kali-root.tgz ~/
cd ~/
tar -zxvf kali-root.tgz
umount /mnt
2. Enter the following commands to mount the directories required for Kali Linux to run properly.
mount -t proc proc ~/kali-root/proc
mount -t sysfs sysfs ~/kali-root/sys
mount -t devpts devpts ~/kali-root/dev/pts
3. chroot into the Kali system:
chroot ~/kali-root bash -l
Now you should be inside Kali Linux. Try installing an application using apt-get. You should be able to install any Linux application you want.
4. Create the startup script that will mount all of the directories needed for Kali to function properly. This is only needed if you want chroot to be available at boot. The proc, sysfs, and devpts directories can be unmounted and remounted if you dont want kali running all the time.
R80 Startup Commands
touch /etc/rc.d/rc.local.user
chmod 755 /etc/rc.d/rc.local.user
echo 'mount -t proc proc /home/admin/kali-root/proc' >> /etc/rc.d/rc.local.user
echo 'mount -t sysfs sysfs /home/admin/kali-root/sys' >> /etc/rc.d/rc.local.user
echo 'mount -t devpts devpts /home/admin/kali-root/dev/pts' >> /etc/rc.d/rc.local.user
Unmount Commands
umount /home/admin/kali-root/proc
umount /home/admin/kali-root/sys
umount /home/admin/kali-root/dev/pts
SMB Appliance
1. For the SMB Appliance, Connect the USB device to your gateway, and enter the following commands to mount the directories required for Kali Linux to run properly.
mount -t proc proc /mnt/usb1/kali-root/proc
mount -t sysfs sysfs /mnt/usb1/kali-root/sys
mount -t devpts devpts /mnt/usb1/kali-root/dev/pts
2. Enter the following command to enter into your Kali Linux system:
chroot /mnt/usb1/kali-root bash -l
3. Enter the following command to finish setting up the Kali system:
cd debootstrap
debootstrap --second-stage
Now you should be inside Kali Linux. Try installing an application using apt-get. You should be able to install any Linux application you want.
4. Create the startup script that will mount all of the directories needed for Kali to function properly.
SMB Startup Commands
touch /pfrm2.0/etc/userScript
chmod 755 /pfrm2.0/etc/userScript
echo 'mkdir -p /mnt/usb1' >> /pfrm2.0/etc/userScript
echo 'mount /dev/sda1 /mnt/usb1' >> /pfrm2.0/etc/userScript
echo 'mount -t proc proc /mnt/usb1/kali-root/proc' >> /pfrm2.0/etc/userScript
echo 'mount -t sysfs sysfs /mnt/usb1/kali-root/sys' >> /pfrm2.0/etc/userScript
echo 'mount -t devpts devpts /mnt/usb1/kali-root/dev/pts' >> /pfrm2.0/etc/userScript
Now when you reboot your gateway, it will automatically mount the usb devices and necessary directories. We mount the usb drive in userScript because it will normally be mounted after the script, and any services you want to run on start should be specified in that script as well.
Example on starting a service within Kali:
chroot /mnt/usb1/kali-root /etc/init.d/rsyslog start
Nmap running on an R80 appliance just as it does on an SMB firewall:
mtr running on an SMB firewall:
This is a very barebones setup, it does not include a lot of the tools that normally ship with Kali and any tools you install may require additional configuration. Also if you have any problems resolving DNS, update /etc/resolv.conf to point to a DNS server of your choosing.
Comments