我的小黑還要再戰三年！！IBM X31 + Ubuntu 10.04 LTS

我的小黑還可以再戰三年！！IBM X31 + Ubuntu 10.04 LTS Lucid Lynx

說起來，這台IBM X31是目前為止我自己購買的最後一部筆記電腦。2004年底公司同事的老公尾牙抽中，轉賣給我。機器的出廠日期是2004/8，算起來已經快滿6年了。之後工作上我陸陸續續用了至少十部以上不同廠牌、型號的筆電，不過都是公司配給，不算是我個人的。
這些年來也曾動念想要再購買Thinkpad，不過因為從2005年IBM個人電腦事業部門被Lenovo購併之後，掛著Lenovo商標讓我對Thinkpad不再有愛，所以這部小黑就成了我的最後一部IBM Thinkpad。

這台X31從原本的Windows XP作業系統入手開始，印象中好像用了一年多，2006年我就改Linux/Ubuntu了。前前後後這台機器上面，我裝過Fedora/SUSE/Centos，最後情定Ubuntu，也有五年左右的使用歷史。上個月在小黑上面安裝Ubuntu 10.04 Netbook remix，雖然可以啟用，但是在ACPI FAN /Video chip (Radeon) 支援上面一直不大順，小狀況不斷。昨天改裝Ubuntu 10.04 Desktop，小毛病看來解決了，操作速度上面也可以接收，算是讓小黑在壽終正寢之前，找到合適的最後伴侶。Ubuntu 10.04 LTS 是所謂的 Long Term Support 版本，會有三年的作業系統更新支援保證，沒有意外的話，這應該就是這台小黑的最終型態吧，Lucid Lynx 清醒的黑色小山貓。

我對這部X31的使用經驗十分滿意，這麼多年了，在Ubuntu下上網瀏覽、下載檔案，這台機器的電池狀態仍然可以使用1.5小時以上，電池容量還有原本的70%。

現在雖然小黑播放Mpeg4 或是720P影片已經力有未逮，但是Thinkpad好用的鍵盤配置、小紅點，以及扎實的機構設計，在我用過各家筆記電腦後，X31仍然讓我再三留戀。用來上上網、寫寫文字、搭配 jdownloader抓免費空間的迷物，還是行有餘力一尾活龍。尤其X31的螢幕是4:3，對於老傢伙我來說，12吋的4:3螢幕比起現在新的13吋16:9螢幕，感覺上螢幕還比較大些，也比較適合我用遠端桌面連線回機房的伺服器端進行監控。

作業系統部份，更新到Ubuntu 10.04跟之前最大的差別是在介面上變得比較美麗，然後3D桌面部份無法啟用，外接螢幕可以顯示相同桌面（same image in all monitor），但是要用延伸桌面模式，顯示卡會錯亂，六年前的Radeon Mobility M6 LY顯示晶片還是略顯老態龍鍾。其他的？沒啥感覺，功能上反應速度跟之前差不多。不過看在LTS三年系統更新的份上，升級到Lucid Lynx我覺的還是有必要，可以保證接下來三年Canoncial會提供必要得系統更新支援。

清醒的小黑貓就再戰三年吧。

Checkpoint 常用指令

Checkpoint 常用指令

•    cp     -  general
•    fw     -  firewall
•    fwm  -  management

CP, FW & FWM Commands 

cphaprob stat	List cluster status
cphaprob -a if	List status of interfaces
cphaprob syncstat	shows the sync status
cphaprob list	Shows a status in list form
cphastart/stop	Stops clustering on the specfic node
cp_conf sic	SIC stuff
cpconfig	config util
cplic print	prints the license
cprestart	Restarts all Checkpoint Services
cpstart	Starts all Checkpoint Services
cpstop	Stops all Checkpoint Services
cpstop -fwflag -proc	Stops all checkpoint Services but keeps policy active in kernel
cpwd_admin list	List checkpoint processes
cplic print	Print all the licensing information.
cpstat -f all polsrv	Show VPN Policy Server Stats
cpstat	Shows the status of the firewall
fw tab  -t sam_blocked_ips	Block IPS via SmartTracker
fw tab -t connections -s	Show connection stats
fw tab -t connections -f	Show connections with IP instead of HEX
fw tab -t fwx_alloc -f	Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s	Shows VPN stats
fw tab -t userc_users -s	Shows VPN stats
fw checklic	Check license details
fw ctl get int [global kernel parameter]	Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter]  [value]	Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
fw ctl arp	Shows arp table
fw ctl install	Install hosts internal interfaces
fw ctl ip_forwarding	Control IP forwarding
fw ctl pstat	System Resource stats
fw ctl uninstall	Uninstall hosts internal interfaces
fw exportlog .o	Export current log file to ascii file
fw fetch	Fetch security policy and install
fw fetch localhost	Installs (on gateway) the last installed policy.
fw hastat	Shows Cluster statistics
fw lichosts	Display protected hosts
fw log -f	Tail the current log file
fw log -s -e	Retrieve logs between times
fw logswitch	Rotate current log file
fw lslogs	Display remote machine log-file list
fw monitor	Packet sniffer
fw printlic -p	Print current Firewall modules
fw printlic	Print current license details
fw putkey	Install authenication key onto host
fw stat -l	Long stat list, shows which policies are installed
fw stat -s	Short stat list, shows which policies are installed
fw unloadlocal	Unload policy
fw ver -k	Returns version, patch info and Kernal info
fwstart	Starts the firewall
fwstop	Stop the firewall
fwm lock_admin -v	View locked admin accounts
fwm dbexport -f user.txt	used to export users , can also use dbimport
fwm_start	starts the management processes
fwm -p	Print a list of Admin users
fwm -a	Adds an Admin
fwm -r	Delete an administrator

Provider 1

mdsenv [cma name]	Sets the mds environment
mcd	Changes your directory to that of the environment.
mds_setup	To setup MDS Servers
mdsconfig	Alternative to cpconfig for MDS servers
mdsstat	To see the processes status
mdsstart_customer [cma name]	To start cma
mdsstop_customer [cma name]	To stop cma
cma_migrate	To migrate an Smart center server to CMA
cmamigrate_assist	If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server

VPN 

vpn tu	VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏	Verifies the ipassignment.conf file
dtps lic	show desktop policy license status
cpstat -f all polsrv	show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]	delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip]	delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]	show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip]	show Phase 2 SA
vpn shell show interface detailed [VTI name]	show VTI detail

Debugging

fw ctl zdebug drop

shows dropped packets in realtime / gives reason for drop

SPLAT Only

router	Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd	Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backup	Allows you to preform a system operating system backup
restore	Allows you to restore your backup
snapshot	Performs a system backup which includes all Checkpoint binaries. Note : This issues a cpstop.

VSX

vsx get [vsys name/id]	get the current context
vsx set [vsys name/id]	set your context
fw -vs [vsys id] getifs	show the interfaces for a virtual device
fw vsx stat -l	shows a list of the virtual devices and installed policies
fw vsx stat -v	shows a list of the virtual devices and installed policies (verbose)
reset_gw	resets the gateway, clearing all previous virtual devices and settings.