In This Section: |
This chapter gives an introduction to the Gaia command line interface (CLI). The default shell of the CLI is called
. clish
To use the CLI:
Immediately after installation, the default user name and password are
and admin
.admin
When you change the OS configuration with the CLI, changes are applied immediately to the running system only. To have the changes survive a reboot, you must run: save config
Gaia commands are organized into groups of related features, with a basic syntax:
operation feature parameter
The most common operations are
, add, set, show
delete
Main operations |
Description |
---|---|
|
Adds a new value to the system. |
|
Sets a value in the system. |
|
Shows a value or values from the system. |
|
Deletes a value from the system. |
Other operations |
Description |
---|---|
|
Saves the configuration changes made since the last save operation. |
|
Restart the system. |
|
Turns the computer off. |
|
Exits from the CLI. |
|
Exits from the shell. |
|
Starts a transaction. Puts the CLI into transaction mode. All changes made using commands in transaction mode are applied at once or none of the changes are applied based on the way transaction mode is terminated. |
|
Ends transaction by committing changes. |
|
Ends transaction by discarding changes. |
|
Enter the expert shell. Allows low-level access to the system, including the file system. |
|
Shows the version of the active Gaia image. |
|
Revert the database. |
|
Get help on navigating the CLI and some useful commands. |
To see the commands you have permissions to run: show commands
To see a list of all features:
<TAB>show commands feature
To see all commands for a specific feature:
<featureName>show commands feature
To see all commands for an operation of a feature:
[show commands
<name>] op
<name>][feature
To see all operations:
<SPACE> <TAB>show commands op
At the More prompt:
To see the next page, press <SPACE>.
To see the next line, press <ENTER>.
To exit the CLI prompt, press Q.
You can automatically complete a command. This saves time, and can also help if you are not sure what to type next.
Press ... |
To do this... |
|
---|---|---|
<TAB> |
Complete or fetch the keyword. For example
|
|
<SPACE> <TAB> |
Show the arguments that the command for that feature accepts. For example:
|
|
<ESC><ESC> |
See possible command completions. For example
|
|
? |
Get help on a feature or keyword. For example
|
|
UP/DOWN arrow |
Browse the command history. |
|
LEFT/RIGHT arrow |
Edit command. |
|
Enter |
Run a command string. The cursor does not have to be at the end of the line. You can usually abbreviate the command to the smallest number of unambiguous characters. |
You can recall commands you have used before, even in previous sessions.
Command |
Description |
---|---|
↓ |
Recall previous command. |
↑ |
Recall next command. |
history |
Show the last 100 commands. |
!! |
Run the last command. |
!nn |
Run a specific previous command: The nn command. |
!‑nn |
Run the nnth previous command. For example, entering !‑3 runs the third from last command. |
!str |
Run the most recent command that starts with str. |
!\?str\? |
Run the most recent command containing str. The trailing ? may be omitted if str is followed immediately by a new line. |
!!:s/str1/str2 |
Repeat the last command, replacing str1 with str2. |
You can combine word designators with history commands to refer to specific words used in previous commands. Words are numbered from the beginning of the line with the first word being denoted by
. Use a colon to separate a history command from a word designator. For example, you could enter 0
to refer to the first argument in the previous command. In the command !!:1
, show interfaces
is word 1.interfaces
Word Designator |
Meaning |
---|---|
|
The operation word. |
|
The |
|
The first argument; that is, word 1. |
|
The last argument. |
|
The word matched by the most recent |
Immediately after word designators, you can add a sequence of one or more of the following modifiers, each preceded by a colon:
Modifier |
Meaning |
---|---|
|
Print the new command but do not execute |
|
Substitute |
|
Apply changes over the entire command. Use this modified in conjunction with |
You can back up in a command you are typing to correct a mistake. To edit a command, use the left and right arrow keys to move around and the Backspace key to delete characters. You can enter commands that span more than one line.
These are the keystroke combinations you can use:
Keystroke combination |
Meaning |
---|---|
Alt-D |
Delete next word. |
Alt-F |
Go to the next word. |
Ctrl-Alt-H |
Delete the previous word. |
Ctrl-shift_ |
Repeat the previous word. |
Ctrl-A |
Move to the beginning of the line. |
Ctrl-B |
Move to the previous character. |
Ctrl-E |
Move to the end of the line. |
Ctrl-F |
Move to the next character. |
Ctrl-H |
Delete the previous character. |
Ctrl-L |
Clear the screen and show the current line at the top of the screen. |
Ctrl-N |
Next history item. |
Ctrl-P |
Previous history item. |
Ctrl-R |
Redisplay the current line. |
Ctrl-U |
Delete the current line. |
Only one user can have Read/Write access to Gaia configuration settings at a time. All other users can log in with Read-Only access to see configuration settings, as specified by their assigned roles.
When you log in and no other user has Read/Write access, you get an exclusive configuration lock with Read/Write access. If a different user already has the configuration lock, you have the option to override their lock. If you:
Use the database feature to obtain the configuration lock.
The commands do the same thing: obtain the configuration lock from another administrator.
Description |
Use the |
Syntax |
|
Comments |
Use these commands with caution. The admin whose write access is revoked does not receive notification. |
Configuring Configuration Lock Behavior
The behavior of the configuration lock command is configured using:
.config-lock
Description |
Configures and shows the state of the configuration lock |
|||||||
Syntax |
|
|||||||
Parameters |
|
|
||||||
Comments |
|
64-bit support for a Gaia device depends on the appliance type (for a Check Point appliance) and hardware capabilities (for open servers).
For more on supported platforms and kernels, see the R77 Release notes.
Open servers always install a 32-bit kernel, but you can switch to the 64-bit kernel using the Edition feature.
Note - The open server hardware must support 64-bit for the Edition feature to work. |
Description |
Use the Edition feature to change the default between 32- and 64-bit versions of Gaia. |
Syntax |
|
Comments |
|
To see which edition is running:
show version os edition
Description |
Use these commands to set the CLI environment for a user for a particular session, or permanently. |
Syntax |
To show the client environment
To set the client environment
To save the client environment permanently
|
Parameter |
Description |
---|---|
|
Default value of the clish |
|
Debug level. Predefined levels are:
|
|
If set to |
|
Action performed on failure:
|
|
Command line output format. The default is |
|
Command prompt string. A valid prompt string can consist of any printable characters and a combination of these variables:
To set the prompt back to the default, use the keyword |
|
Number of rows to show in your terminal window. If the window size is changed, the number of rows will also change, unless the value is set to 0 (zero). |
|
Put the shell into syntax‑check mode. Commands you enter are checked syntactically and are not executed, but values are validated. The default is |
These are the output formats that CLI supports:
Output is formatted to be clear. For example, output of the command
in pretty mode would look like this:show user admin
Uid Gid Home Dir. Shell Real Name
0 0 /home/admin /etc/cli.sh n/a
Output is delimited by semi-colons. For example, output of the command
in structured mode would look like this:show user admin
Uid;Gid;Home Dir.;Shell;Real Name;
0;0;/home/admin;/etc/cli.sh;;
Adds XML tags to the output. For example, output of the command
in XML mode would look like this:show user admin
Gaia> set clienv output xml
Gaia> show user admin
<?xml version="1.0"?>
<CMDRESPONSE>
<CMDTEXT>show user admin</CMDTEXT>
<RESPONSE><System_User>
<Row>
<Uid>0</Uid>
<Gid>0</Gid>
<Home_Dir.>/home/admin</Home_Dir.>
<Shell>/etc/cli.sh</Shell>
<Real_Name></Real_Name>
</Row>
</System_User>
</RESPONSE>
</CMDRESPONSE>
The default shell of the CLI is called
. Clish is a restrictive shell (role-based administration controls the number of commands available in the shell). While use of clish is encouraged for security reasons, clish does not give access to low level system functions. For low level configuration, use the more permissive clish
shell.expert
expert
clish
, run: exit
Expert- Password
A password protects that expert shell against authorized access. The expert password can be changed using the
feature.expert-password
Description: |
Use this command to set the expert password by plain text or MD5 salted hash. Use the MD5 salted hash option when upgrading or restoring using backup scripts. |
||||||
Syntax: |
|
||||||
|
|
|
|||||
Example: |
|
||||||
Important - You must run |
Description |
Manage user defined (extended) commands in clish. Extended commands include:
You can do role based administration (RBA) with extended commands by assigning extended commands to roles and then assigning the roles to users or user groups. |
|||||||||
Syntax |
To show all extended commands show extended commands To show the path and description of a specified extended command show command VALUE To add an extended command add command VALUE path VALUE description VALUE To delete an extended command delete command VALUE |
|||||||||
Parameters |
|
|
||||||||
Example |
To add the
|