Configuring System Passwords in Gaia Clish
|
Important - On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish of the applicable Security Group. |
|
Best Practice - For security reasons, configure different passwords for the Expert mode and for GRUB. |
Configuring the Expert mode password
Description
The Expert mode password protects the Expert shell against unapproved access.
The default Gaia shell is called clish
.
Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). is a restrictive shell (role-based administration controls the number of commands available in the shell).
While the use of Gaia Clish is encouraged for security reasons, Gaia Clish does not give access to low level system functions.
For low-level configuration, use the more permissive Expert mode shell. In addition, see sk144112.
-
To enter the Expert shell, run in Gaia Clish:
expert
-
To exit from the Expert shell and go back to Gaia Clish, run:
exit
|
Note - If a command is supported in Gaia Clish, it is not supported to run the corresponding command in Expert mode. For example, to work with interfaces, Gaia Clish provides the commands " Therefore, it is not supported to run the |
|
Note - There is no default password for the Expert mode. You must configure a password for the Expert mode before you can use it. |
Syntax to configure an Expert mode password in plain text
|
The password must contain at least 6 characters.
Syntax to configure an Expert mode password as a salted hash
|
|
Important - You must run the " |
Parameters
Parameter |
Description |
|||||
---|---|---|---|---|---|---|
|
The password as an MD5, SHA256, or SHA512 salted hash instead of plain text (the password string must contain at least 6 characters). Use this option when you upgrade or restore using backup scripts. You can generate the hash of the password with the " To configure the default hash algorithm, see:
|
|
Configuring the GRUB password
Description
The GRUB password protects the GRUB menu and GRUB terminal.
Gaia asks for this password when you boot into the Maintenance Mode and revert Gaia snapshots.
|
Important:
|
Syntax to configure a GRUB password in plain text
|
The password must contain at least 6 characters.
Syntax to configure a GRUB password as a SHA512 salted hash
|
Use the slated hash configuration when you upgrade or restore with user-defined shell scripts.
|
Important - Gaia saves the new GRUB password automatically. |
Parameters
Parameter |
Description |
||||
---|---|---|---|---|---|
|
The password as a SHA512 salted hash instead of plain text.
|
|
|