Shell Script – Check Point Backup

This script will determine which operating system is running then backup the OS accordingly, once complete it will securely send it to the manager.

The script is based on R65 and all backups will be sent to “/var/tmp/backups” on the manager.

Each time the backup is run it will write a system log confirming if it was successful or unsuccessful.
If successful it will include the MD5 within the log message that you can use prior to any restores.

You can download the script here.



  1. Create a new username `useradd cpbackup`
  2. Add password to user `passwd cpbackup`
  3. Login as cpbackup
  4. ssh to yourself `ssh` and then disconnect (this will create the required ssh folder for you).
  5. Create a folder `mkdir /var/tmp/backups`
  6. Change permissions `chown root:cpbackup /var/tmp/backups`
  7. Change permissions `chmod 760 /var/tmp/backups`


  1. Create ssh key `ssh-keygen -t rsa` (Do not enter a passphrase and use the folder path selected as default.)
  2. scp the file to your server.
  3. Set the variables in the script for the port number and server ip.
  4. Add an entry to your crontab to run the backup each night.


  1. Copy the (just copied) to a file called authorized_keys in the folder /home/cpbackup/.ssh/ and enure the permissions are set to 600.
  2. Add the user cpbackup to the line `AllowUsers` within  /etc/ssh/sshd_config.
  3. Restart ssh `/etc/init.d/sshd restart`
  4. Add an entry to your crontab to rotate the backups (find /var/tmp/backups -name *backup\* -mtime +2 -exec rm {} \;)

How it Works / How to restore

When running this script on SPLAT you will be running the `backup` command.
To restore your backup use the `restore` command. You will need to restore the backupfile named “splat-backup_[hostname]_[date].tgz” using the restore command. The `restore` command will not restore the init.d scripts (such as the arp or route scripts). Because of this these are backed up separately within the file “[hostname]_runconfig_[date].txt” which is included within the tgz file “splat-backup_[hostname]_OS_[date ].tgz”.

To allow all the arps and routes to be saved with the use of the backup command the following should be used,

  • route –save (adds all of the static routes to the SPLAT OS)
  • add the proxy ARP`s to $FWDIR/conf/local.arp (ensures all Proxy ARP`s are backed up)

Note : At the point of the SPLAT backup being run on the manager you will need to run a cpstart afterwards to restore dashboard access. This at some future point will be written into the script.

When running this script on IPSO you will be running the `manual backup` command within clish.
This will backup up the whole operating system including all proxy arps and routes.
To restore you backup use the command `clish -c “set restore manual /[path]/[filename].tgz”`

when running this script on Solaris you will be backing up the main operating system files.
To restore you will need to extract the necessary files from the tgz within Solaris.

Additional Notes

If you have any issues with the script you can run it in debug mode by using the command `sh -x`

If you have any issues with the file being sent using the ssh keys you can debug this by using either,

* `ssh -vvv user@[manager ip]` on the client or
* `/usr/sbin/sshd -d -p [port]` on the manager

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial