English translations
This post was translated with the help of a translation tool. Therefore, occasional errors are possible. An error-free version is available in German
This page is also available in: Deutsch (German)
A (complete) list of Sophos Firewall database tables from SFOS v20.0.0.
In my past projects, I have repeatedly encountered issues where it is necessary to access the database - be it for information purposes, for scripting, or to correct errors that can no longer be corrected in the GUI. There are several examples. During my research I never really found any list of all tables.
I had already collected a few tables via the official community or by analyzing files in the firewall's file system. However, I never had a complete list. Given the number of tables, I would have been very surprised in retrospect. The number of tables is almost 540! WOW! 😮
In this article, I would like to present you with the complete list of tables for SFOS v20.0.0. What you do with it in the end and whether you can do anything with it is entirely up to you. But I think that the list might be quite interesting for some people.
Please note that improper use of SQL commands can lead to errors or total failure of the firewall! Therefore, please use the information with the utmost care and always use a demo environment for testing! Use at your own risk.
I also give no guarantee for completeness. But it should be 99.x%.
First of all, let's find out how to get the list. To do this, I have taken a backup and decrypted it as described in my article "Decrypting and unpacking a backup". This backup contains the SQL structure in a file. With a little effort, I imported the structure into a demo environment and… TADA…. the list of tables is available.
If you also want to do this, please note that the PostgreSQL version runs on a Sophos Firewall with version 9.2.24 to avoid any incompatibilities. I have used the oldest version of EDB (9.3.25).
In the following download I offer you the list of SFOS v20.0.0. It is a simple text file in which all tables are listed.
This page is also available in: Deutsch (German)
Feel free to leave a comment and share your opinion! This helps us to improve the tools and drive further exciting developments
This page is also available in: Deutsch (German)
You're leaving the website
You are about to leave the website and are going to:
{fbExpr this.triggerElement.href}
Please make sure that you trust this website as we cannot be held responsible for external content.
Genial! So eine Übersicht habe ich schon länger sucht. Danke für die Auflistung.
Hallo Max,
sehr gerne!
Gruß,
Sebastian
Hallo Sebastian,
weisst du zufällig in welcher Datenbank bzw. Tabelle die STAS LiveUser gespeichert werden?
Leider kann man über die API immer nur 50 abrufen.
Ich habe dank deiner Tabellenübersicht leider nur die tbllivesslvpnusers gefunden.
Danke dir für die tolle Arbeit!
Markus
Hallo Markus,
nein, eine Tabelle ist mir dazu nicht bekannt. Sorry. Adhoc fällt mir auch kein anderer Weg ein.
Mit welchem Aufruf holst du die Infos über die API?
Gruß,
Sebastian
userpassword
Die 50 sind hartcodiert, dass hat Sophos leider inzwischen bestätigt und man kann auch keine Filter anwenden, dass ist ein known issue 🙁
Hallo Markus,
OK, das ist natürlich ärgerlich. Aber eie weitere Idee hab ich dann auch nicht mehr. Sorry.
Gruß,
Sebastian
sqlite_client 127.0.0.1 6061 1 "select * from tblliveuser"
Danke für die Info! Scheinbar gibt es noch eine zweite Datenbank mit SQLite. War mir garnicht bewusst bisher. Es gibt hier auch nicht viele Tabellen wie es aussieht. Diese hier habe ich gefunden:
tblliveuser
tblliveuser_otherattr
tblliveuseraccounting
tbladminaccess
tblwifiliveconnections
Mit diesem Befehl lässt sich herausfinden was die Spaltennamen sind:
sqlite_client 127.0.0.1 6061 1 "PRAGMA table_info(tblliveuser);"