Monday, 7 May 2012

Extracting Config Files from McAfee Enterprise Firewalls & Secure Computing Firewalls (SecureOS 7+)


The configuration file provided by these versions of the operating system are now encrypted and therefore no longer usable by Nipper Studio. However, there is an alternative method of extracting the configuration which is still fairly simple but involves command line access to the device.
To obtain this configuration you will need the "McAfee Firewall Backup Script" provided on the Titania Labs section of the Titania web site (www.titania-security.com). Download this script to your local computer and then follow the instructions below.
  1. Log into the device using the graphical administration tool.
  2. Using the file editor tool provided in the administration interface, open the "McAfee Firewall Backup Script" that you downloaded to your local computer.
  3. Save the file to the firewall itself.
  4. Open a SSH session to the firewall. You can use Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) to do this on Windows or the SSH command line tool under GNU/Linux or Mac OS-X. For Windows run Putty, then enter the IP address of the server and connect to the device. Under the other platforms use "ssh -l <firewall-user-name> <ip-address>".
  5. Enter the privileged mode by entering the command "srole".
  6. Execute the script using the command "sh <path-to-script>/mcafee-backup-v1.1.script", which will then generate the file "firewall.backup".
  7. Transfer the "firewall.backup" file back to your PC for use with Nipper Studio. You can do this using the text editor and is probably located in the "/home/<your-user-name>" directory.

No comments:

Post a Comment

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.