SDDELTA

NAME

SYNOPSIS

•

sddelta -o output_filename firstexport.tgz secondexport.tgz

•

sddelta -o output_filename /path/to/first/extracted/export /path/to/second/extracted/export

•

sddelta [-a asm_object_name] [-f] [-s] [-c /path/to/cp2xml] -o output_filename <input1> <input2>

•

sddelta <--list-sd-profiles | --list-asm-objects> <export_tarball_or_path>

•

sddelta --get-asm-object sd_profile_name <export_tarball_or_path>

DESCRIPTION

To produce a delta, sddelta requires at least the -o option with its argument, plus two filenames representing either export tarballs or two directories where exports have been extracted.

Be warned: Producing a delta takes a very long time even on good hardware. sddelta represents Check Point files internally as DOM trees, which require massive amounts of memory. Do not be surprised if the program uses upwards of 200 megabytes of memory and needs several minutes to complete.

For clarity's sake, it should be understood that export refers to the file with suffix '.tgz' produced by Check Point's 'upgrade_export' command on their SmartCenter(TM). Extracted means having had all files extracted from the export by the 'tar' utility or by some equivalent means. Note that you do not have to extract exports yourself. You can usually just provide the exports' own filenames to sddelta and it will take care of the rest.  

OPTIONS

-o filename or --output filename

Use this option to direct where sddelta will write its delta. The special value of - may be given in place of a filename to indicate that sddelta should write to standard output.

-c /path/to/cp2xml or --cp2xmlpath /path/to/cp2xml

Use this option to specify the location of the executable cp2xml command. cp2xml should be available from the same place that you acquired sddelta. The default assumption is whatever the command 'which cp2xml' returns.

-s or --single-files

Use this option if you are going to provide the individual files from a Check Point export that are relevant to the operation you're requesting (rather than a tarball or a directory path). That means objects_5_0.C for --list-sd-profiles, profiles.C for --list-asm-objects and --get-asm-object, and asm.C for producing a delta.

-a asm_object_name or --asm-object asm_object_name

Use this option to specify the name of the ASM object that sddelta should use for comparison. The default ASM object name is 'AdvancedSecurityObject'. If you don't know what ASM object means or if you want to know more about how to use this option, see also the --list-sd-profiles and the --list-asm-objects options.

-f or --force-clobber

Use this option to prevent sddelta from asking you whether you want to overwrite the specified output file when that file already exists.

--list-sd-profiles

Use this option to list the different SmartDefense profiles found named in the object repository of the export, along with their corresponding gateway objects. You can use this information to select which Smart Defense profile you may be interested in, and you can use that information with the next option.

NOTE: This option may not work with older versions of NGX(TM). More testing should lead to improvements in this option in future versions of sddelta.

--list-asm-objects

Use this option to list the ASM objects paired with each SmartDefense profile. This information can then be used to make a comparison between two exports using a selected ASM object (see the --asm-object option).

NOTE: This option may not work with older versions of NGX. More testing should lead to improvements in this option in future versions of sddelta.

--get-asm-object [sd_profile_name]

Use this option to show the name of the ASM object associated with a given SmartDefense profile. The result can then be fed to the -a option. Note: The reason this functionality isn't implemented in a one-shot operation instead of requiring multiple invocations is simply that doing so would require us to parse more large data files and potentially double the already gigantic memory requirement of sddelta. It's just not worth it.

NOTE: This option may not work with older versions of NGX. More testing should lead to improvements in this option in future versions of sddelta.

-h or --help

Displays the help message.

-v or --version

Displays the program's version.

DEPENDENCIES

•

cp2xml >= 0.1.2 (also by Lebbeous Weekley)

•

XML::DOM (try the 'libxml-dom-perl' package in Debian/*buntu)

•

GNU tar and GNU gzip.

BUGS

COPYRIGHT, LICENSE, AND CREDIT

sddelta is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

sddelta is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

Check Point, SmartDefense, SmartCenter, and NGX are trademarks or registered trademarks of Check Point Software Technologies Ltd.

sddelta includes version 4.12 of Walter Zorn's wz_tooltip JavaScript Cross Browser Library, which is licensed under the LGPL.  

AUTHOR

Index

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

DEPENDENCIES

BUGS

COPYRIGHT, LICENSE, AND CREDIT

AUTHOR