diff options
Diffstat (limited to 'lib')
31 files changed, 533 insertions, 69 deletions
diff --git a/lib/oxidized/config.rb b/lib/oxidized/config.rb index 23af9c2..47544fb 100644 --- a/lib/oxidized/config.rb +++ b/lib/oxidized/config.rb @@ -37,6 +37,7 @@ module Oxidized asetus.default.input.default = 'ssh, telnet' asetus.default.input.debug = false # or String for session log file asetus.default.input.ssh.secure = false # complain about changed certs + asetus.default.input.ftp.passive= true # ftp passive mode asetus.default.output.default = 'file' # file, git asetus.default.source.default = 'csv' # csv, sql diff --git a/lib/oxidized/hook/exec.rb b/lib/oxidized/hook/exec.rb index a9a5950..3f984c2 100644 --- a/lib/oxidized/hook/exec.rb +++ b/lib/oxidized/hook/exec.rb @@ -71,6 +71,7 @@ class Exec < Oxidized::Hook "OX_NODE_FROM" => ctx.node.from.to_s, "OX_NODE_MSG" => ctx.node.msg.to_s, "OX_NODE_GROUP" => ctx.node.group.to_s, + "OX_NODE_MODEL" => ctx.node.model.class.name, "OX_REPO_COMMITREF" => ctx.commitref.to_s, "OX_REPO_NAME" => ctx.node.repo.to_s, ) diff --git a/lib/oxidized/hook/githubrepo.rb b/lib/oxidized/hook/githubrepo.rb index d33e54e..f74b22a 100644 --- a/lib/oxidized/hook/githubrepo.rb +++ b/lib/oxidized/hook/githubrepo.rb @@ -51,7 +51,7 @@ class GithubRepo < Oxidized::Hook else if cfg.has_key?('publickey') && cfg.has_key?('privatekey') log "Using ssh auth with key", :debug - Rugged::Credentials::SshKey.new(username: 'git', publickey: File.expand_path(cfg.publickey), privatekey: File.expand_path(cfg.privatekey)) + Rugged::Credentials::SshKey.new(username: 'git', publickey: File.expand_path(cfg.publickey), privatekey: File.expand_path(cfg.privatekey), passphrase: ENV["OXIDIZED_SSH_PASSPHRASE"]) else log "Using ssh auth with agentforwarding", :debug Rugged::Credentials::SshKeyFromAgent.new(username: 'git') diff --git a/lib/oxidized/hook/slackdiff.rb b/lib/oxidized/hook/slackdiff.rb index 61f1743..7cd4465 100644 --- a/lib/oxidized/hook/slackdiff.rb +++ b/lib/oxidized/hook/slackdiff.rb @@ -1,5 +1,8 @@ require 'slack' +# defaults to posting a diff, if messageformat is supplied them a message will be posted too +# diffenable defaults to true + class SlackDiff < Oxidized::Hook def validate_cfg! raise KeyError, 'hook.token is required' unless cfg.has_key?('token') @@ -17,16 +20,35 @@ class SlackDiff < Oxidized::Hook client = Slack::Client.new client.auth_test log "Connected" - gitoutput = ctx.node.output.new - diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil - title = "#{ctx.node.name.to_s} #{ctx.node.group.to_s} #{ctx.node.model.class.name.to_s.downcase}" - log "Posting diff as snippet to #{cfg.channel}" - client.files_upload(channels: cfg.channel, as_user: true, - content: diff[:patch].lines.to_a[4..-1].join, - filetype: "diff", - title: title, - filename: "change" - ) + # diff snippet - default + diffenable = true + if cfg.has_key?('diff') == true + if cfg.diff == false + diffenable = false + end + end + if diffenable == true + gitoutput = ctx.node.output.new + diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil + unless diff == "no diffs" + title = "#{ctx.node.name.to_s} #{ctx.node.group.to_s} #{ctx.node.model.class.name.to_s.downcase}" + log "Posting diff as snippet to #{cfg.channel}" + client.files_upload(channels: cfg.channel, as_user: true, + content: diff[:patch].lines.to_a[4..-1].join, + filetype: "diff", + title: title, + filename: "change" + ) + end + end + # message custom formatted - optional + if cfg.has_key?('message') == true + log cfg.message + msg = cfg.message % {:node => ctx.node.name.to_s, :group => ctx.node.group.to_s, :commitref => ctx.commitref, :model => ctx.node.model.class.name.to_s.downcase} + log msg + log "Posting message to #{cfg.channel}" + client.chat_postMessage(channel: cfg.channel, text: msg, as_user: true) + end log "Finished" end end diff --git a/lib/oxidized/hook/xmppdiff.rb b/lib/oxidized/hook/xmppdiff.rb new file mode 100644 index 0000000..396d1b3 --- /dev/null +++ b/lib/oxidized/hook/xmppdiff.rb @@ -0,0 +1,60 @@ +require 'xmpp4r' +require 'xmpp4r/muc/helper/simplemucclient' + +class XMPPDiff < Oxidized::Hook + def validate_cfg! + raise KeyError, 'hook.jid is required' unless cfg.has_key?('jid') + raise KeyError, 'hook.password is required' unless cfg.has_key?('password') + raise KeyError, 'hook.channel is required' unless cfg.has_key?('channel') + raise KeyError, 'hook.nick is required' unless cfg.has_key?('nick') + end + + def run_hook(ctx) + if ctx.node + if ctx.event.to_s == "post_store" + begin + Timeout::timeout(15) do + gitoutput = ctx.node.output.new + diff = gitoutput.get_diff ctx.node, ctx.node.group, ctx.commitref, nil + + interesting = diff[:patch].lines.to_a[4..-1].any? { |line| + ["+", "-"].include?(line[0]) and not ["#", "!"].include?(line[1]) + } + interesting &&= diff[:patch].lines.to_a[5..-1].any? { |line| line[0] == '-' } + interesting &&= diff[:patch].lines.to_a[5..-1].any? { |line| line[0] == '+' } + + if interesting + log "Connecting to XMPP" + client = Jabber::Client.new(Jabber::JID.new(cfg.jid)) + client.connect + sleep 1 + client.auth(cfg.password) + sleep 1 + + log "Connected" + + m = Jabber::MUC::SimpleMUCClient.new(client) + m.join(cfg.channel + "/" + cfg.nick) + + log "Joined" + + title = "#{ctx.node.name.to_s} #{ctx.node.group.to_s} #{ctx.node.model.class.name.to_s.downcase}" + log "Posting diff as snippet to #{cfg.channel}" + + m.say(title + "\n\n" + diff[:patch].lines.to_a[4..-1].join) + + sleep 1 + + client.close + + log "Finished" + + end + end + rescue Timeout::Error + log "timed out" + end + end + end + end +end diff --git a/lib/oxidized/input/ftp.rb b/lib/oxidized/input/ftp.rb index 80de257..cdf3688 100644 --- a/lib/oxidized/input/ftp.rb +++ b/lib/oxidized/input/ftp.rb @@ -19,7 +19,9 @@ module Oxidized @node = node @node.model.cfg['ftp'].each { |cb| instance_exec(&cb) } @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ftp", 'w') if Oxidized.config.input.debug? - @ftp = Net::FTP.new @node.ip, @node.auth[:username], @node.auth[:password] + @ftp = Net::FTP.new(@node.ip) + @ftp.passive = Oxidized.config.input.ftp.passive + @ftp.login @node.auth[:username], @node.auth[:password] connected? end diff --git a/lib/oxidized/model/aosw.rb b/lib/oxidized/model/aosw.rb index a85ead7..71fde2e 100644 --- a/lib/oxidized/model/aosw.rb +++ b/lib/oxidized/model/aosw.rb @@ -11,7 +11,7 @@ class AOSW < Oxidized::Model # All IAPs connected to a Instant Controller will have the same config output. Only the controller needs to be monitored. comment '# ' - prompt /^\(?.+\)?\s?[#>]/ + prompt /^\(?.+\)?\s[#>]/ cmd :all do |cfg| cfg.each_line.to_a[1..-2].join diff --git a/lib/oxidized/model/arbos.rb b/lib/oxidized/model/arbos.rb new file mode 100644 index 0000000..389f3f6 --- /dev/null +++ b/lib/oxidized/model/arbos.rb @@ -0,0 +1,27 @@ +class ARBOS < Oxidized::Model + + # Arbor OS model # + + prompt /^[\S\s]+\n([\w.@-]+[:\/#>]+)\s?$/ + comment '# ' + + cmd 'system hardware' do |cfg| + cfg.gsub! /^Boot\ time\:\s.+/, '' # Remove boot timer + cfg.gsub! /^Load\ averages\:\s.+/, '' # Remove CPU load info + cfg = cfg.each_line.to_a[2..-1].join + comment cfg + end + + cmd 'system version' do |cfg| + comment cfg + end + + cmd 'config show' do |cfg| + cfg + end + + cfg :ssh do + exec true + pre_logout 'exit' + end +end diff --git a/lib/oxidized/model/aricentiss.rb b/lib/oxidized/model/aricentiss.rb new file mode 100644 index 0000000..80735c7 --- /dev/null +++ b/lib/oxidized/model/aricentiss.rb @@ -0,0 +1,50 @@ +# Developed against: +# #show version +# Switch ID Hardware Version Firmware Version +# 0 SSE-G48-TG4 (P2-01) 1.0.16-9 + +class AricentISS < Oxidized::Model + + prompt (/^(\e\[27m)?[ \r]*\w+# ?$/) + + cfg :ssh do + post_login 'no cli pagination' + pre_logout 'exit' + end + + cmd :all do |cfg| + # * Drop first line that contains the command, and the last line that + # contains a prompt + # * Strip carriage returns + cfg.delete("\r").each_line.to_a[1..-2].join + end + + cmd :secret do |cfg| + cfg.gsub(/^(snmp community) .*/, '\1 <hidden>') + end + + cmd 'show system information' do |cfg| + cfg.sub! /^Device Up Time.*\n/, '' + cfg.delete! "\r" + comment(cfg).gsub(/ +$/, '') + end + + cmd 'show running-config' do |cfg| + comment_next = 0 + cfg.each_line.map { |l| + next '' if l.match /^Building configuration/ + + if l.match /^Switch ID.*Hardware Version.*Firmware Version/ then + comment_next = 2 + end + + if comment_next > 0 then + comment_next -= 1 + next comment(l) + end + + l + }.join.gsub(/ +$/, '') + end + +end diff --git a/lib/oxidized/model/awplus.rb b/lib/oxidized/model/awplus.rb new file mode 100644 index 0000000..1d8fbcd --- /dev/null +++ b/lib/oxidized/model/awplus.rb @@ -0,0 +1,85 @@ +class AWPlus < Oxidized::Model + + #Allied Telesis Alliedware Plus Model# + #https://www.alliedtelesis.com/products/software/AlliedWare-Plus + + prompt /^(\r?[\w.@:\/-]+[#>]\s?)$/ + comment '! ' + + #Avoids needing "term length 0" to display full config file. + expect /--More--/ do |data, re| + send ' ' + data.sub re, '' + end + + #Removes gibberish pager output e.g. VT100 escape codes + cmd :all do |cfg| + cfg.gsub! /\e\[K/, '' # example how to handle pager - cleareol EL0 + cfg.gsub! /\e\[7m\e\[m/, '' # example how to handle pager - Reverse SGR7 + cfg.gsub! /\r/, '' # Filters rogue ^M - see issue #415 + cfg.each_line.to_a[1..-2].join + end + + #Remove passwords from config file. + #Add vars "remove_secret: true" to global oxidized config file to enable. + + cmd :secret do |cfg| + cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' + cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>' + cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>' + cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>' + cfg.gsub! /^(enable (password|secret) \d) (\S+)/, '\\1 <secret hidden>' + cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>' + cfg.gsub! /^(tacacs-server key \d) (\S+)/, '\\1 <secret hidden>' + cfg + end + + #Adds "Show system" output to start of config. + + cmd 'Show System' do |cfg| + comment cfg.insert(0,"--------------------------------------------------------------------------------! \n") + #Unhash below to write a comment in the config file. + cfg.insert(0,"Starting: Show system cmd \n") + cfg << "\n \nEnding: show system cmd" + comment cfg << "\n--------------------------------------------------------------------------------! \n \n" + #Removes the following lines from "show system" in output file. This ensures oxidized diffs are meaningful. + comment cfg.each_line.reject { |line| + line.match /^$\n/ or #Remove blank lines in "sh sys" + line.match /System Status\s*.*/ or + line.match /RAM\s*:.*/ or + line.match /Uptime\s*:.*/ or + line.match /Flash\s*:.*/ or + line.match /Current software\s*:.*/ or + line.match /Software version\s*:.*/ or + line.match /Build date\s*:.*/ }.join + end + + #Actually get the devices running config# + cmd 'show running-config' do |cfg| + cfg + end + + #Config required for telnet to detect username prompt + cfg :telnet do + username /login:\s/ + end + + #Main login config + cfg :telnet, :ssh do + post_login do + if vars :enable + send "enable\n" + expect /^Password:\s/ + cmd vars(:enable) + "\r\n" + else + cmd 'enable' # Required for Priv-Exec users without enable PW to be put into "enable mode". + end +# cmd 'terminal length 0' #set so the entire config is output without intervention. + end + pre_logout do +# cmd 'terminal no length' #Sets term length back to default on exit. + send "exit\r\n" + end + end + +end diff --git a/lib/oxidized/model/br6910.rb b/lib/oxidized/model/br6910.rb index b5c9bcf..df93793 100644 --- a/lib/oxidized/model/br6910.rb +++ b/lib/oxidized/model/br6910.rb @@ -1,7 +1,7 @@ class BR6910 < Oxidized::Model
- prompt /^Vty-[0-9]\#$/
+ prompt /^([\w.@()-]+[#>]\s?)$/
comment '! '
# not possible to disable paging prior to show running-config
diff --git a/lib/oxidized/model/ciscosmb.rb b/lib/oxidized/model/ciscosmb.rb index 9453059..deb4768 100644 --- a/lib/oxidized/model/ciscosmb.rb +++ b/lib/oxidized/model/ciscosmb.rb @@ -17,6 +17,7 @@ class CiscoSMB < Oxidized::Model cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' cfg.gsub! /username (\S+) privilege (\d+) (\S+).*/, '<secret hidden>' cfg.gsub! /^(encrypted radius-server key).*/, '\\1 <configuration removed>' + cfg.gsub! /System Up Time.*/, '' cfg end @@ -24,6 +25,10 @@ class CiscoSMB < Oxidized::Model comment cfg end + cmd 'show system' do |cfg| + comment cfg + end + cmd 'show bootvar' do |cfg| comment cfg end diff --git a/lib/oxidized/model/comware.rb b/lib/oxidized/model/comware.rb index d926854..a5b7190 100644 --- a/lib/oxidized/model/comware.rb +++ b/lib/oxidized/model/comware.rb @@ -1,8 +1,8 @@ class Comware < Oxidized::Model # HP (A-series)/H3C/3Com Comware - # sometimes the prompt might have a leading nul - prompt /^\0*(<[\w.-]+>)$/ + # sometimes the prompt might have a leading nul or trailing ASCII Bell (^G) + prompt /^\0*(<[\w.-]+>).?$/ comment '# ' # example how to handle pager diff --git a/lib/oxidized/model/dnos.rb b/lib/oxidized/model/dnos.rb index a44630e..5c3cd53 100644 --- a/lib/oxidized/model/dnos.rb +++ b/lib/oxidized/model/dnos.rb @@ -5,6 +5,7 @@ class DNOS < Oxidized::Model comment '! ' cmd :all do |cfg| + cfg.gsub! /^% Invalid input detected at '\^' marker\.$|^\s+\^$/, '' cfg.each_line.to_a[2..-2].join end @@ -22,6 +23,14 @@ class DNOS < Oxidized::Model comment cfg end + cmd 'show version' do |cfg| + comment cfg + end + + cmd 'show system' do |cfg| + comment cfg + end + cmd 'show running-config' do |cfg| cfg = cfg.each_line.to_a[3..-1].join cfg diff --git a/lib/oxidized/model/edgecos.rb b/lib/oxidized/model/edgecos.rb new file mode 100644 index 0000000..bc205f5 --- /dev/null +++ b/lib/oxidized/model/edgecos.rb @@ -0,0 +1,47 @@ +class EdgeCOS < Oxidized::Model + + comment '! ' + + cmd :secret do |cfg| + cfg.gsub!(/password \d+ (\S+).*/, '<secret removed>') + cfg.gsub!(/community (\S+)/, 'community <hidden>') + cfg + end + + cmd :all do |cfg| + cfg.each_line.to_a[2..-2].join + end + + cmd 'show running-config' + + cmd 'show access-list tcam-utilization' do |cfg| + comment cfg + end + + cmd 'show memory' do |cfg| + comment cfg + end + + cmd 'show system' do |cfg| + comment cfg + end + + cmd 'show version' do |cfg| + comment cfg + end + + cmd 'show watchdog' do |cfg| + comment cfg + end + + cfg :telnet do + username /^Username:/ + password /^Password:/ + end + + cfg :telnet, :ssh do + post_login 'terminal length 0' + pre_logout 'exit' + end + +end diff --git a/lib/oxidized/model/edgeos.rb b/lib/oxidized/model/edgeos.rb index 2a8d663..aa7a197 100644 --- a/lib/oxidized/model/edgeos.rb +++ b/lib/oxidized/model/edgeos.rb @@ -9,11 +9,15 @@ class Edgeos < Oxidized::Model end cmd :secret do |cfg| + cfg.gsub! /encrypted-password (\S+).*/, 'encrypted-password <secret removed>' + cfg.gsub! /plaintext-password (\S+).*/, 'plaintext-password <secret removed>' + cfg.gsub! /password (\S+).*/, 'password <secret removed>' + cfg.gsub! /pre-shared-secret (\S+).*/, 'pre-shared-secret <secret removed>' cfg.gsub! /community (\S+) {/, 'community <hidden> {' cfg end - cmd 'show configuration | no-more' + cmd 'show configuration commands | no-more' cfg :telnet do username /login:\s/ diff --git a/lib/oxidized/model/fiberdriver.rb b/lib/oxidized/model/fiberdriver.rb index abe8f68..7cfa847 100644 --- a/lib/oxidized/model/fiberdriver.rb +++ b/lib/oxidized/model/fiberdriver.rb @@ -13,7 +13,7 @@ class FiberDriver < Oxidized::Model cfg.each_line.to_a[3..-1].join cfg.gsub! /^Building configuration.*$/, '' cfg.gsub! /^Current configuration:.*$$/, '' - cfg.gsub! /^! Configuration saved on .*$/, '' + cfg.gsub! /^! Configuration (saved|generated) on .*$/, '' cfg end diff --git a/lib/oxidized/model/fortios.rb b/lib/oxidized/model/fortios.rb index 605a596..23370c4 100644 --- a/lib/oxidized/model/fortios.rb +++ b/lib/oxidized/model/fortios.rb @@ -15,9 +15,12 @@ class FortiOS < Oxidized::Model end cmd :secret do |cfg| - cfg.gsub! /(set (?:passwd|password|secondary-secret|rsso-secret|psksecret|secret|key ENC)).*/, '\\1 <configuration removed>' + cfg.gsub! /(set (?:passwd|password|psksecret|secret|key|group-password|secondary-secret|tertiary-secret|auth-password-l1|auth-password-l2|rsso|history0|history1|inter-controller-key ENC|passphrase ENC|login-passwd ENC)).*/, '\\1 <configuration removed>' cfg.gsub! /(set private-key).*-+END ENCRYPTED PRIVATE KEY-*"$/m , '\\1 <configuration removed>' - cfg.gsub! /(IPS Malicious URL Database).*/, '\\1 <configuration removed>' + cfg.gsub! /(set ca ).*-+END CERTIFICATE-*"$/m , '\\1 <configuration removed>' + cfg.gsub! /(set csr ).*-+END CERTIFICATE REQUEST-*"$/m , '\\1 <configuration removed>' + cfg.gsub! /(Virus-DB|Extended DB|IPS-DB|IPS-ETDB|APP-DB|INDUSTRIAL-DB|Botnet DB|IPS Malicious URL Database).*/, '\\1 <configuration removed>' + cfg.gsub! /(Cluster uptime:).*/, '\\1 <configuration removed>' cfg end @@ -46,7 +49,7 @@ class FortiOS < Oxidized::Model cfg << cmd('end') if @vdom_enabled - cfg << cmd('show') + cfg << cmd('show full-configuration') cfg.join "\n" end @@ -60,4 +63,3 @@ cfg << cmd('end') if @vdom_enabled end end - diff --git a/lib/oxidized/model/gcombnps.rb b/lib/oxidized/model/gcombnps.rb new file mode 100644 index 0000000..4a97162 --- /dev/null +++ b/lib/oxidized/model/gcombnps.rb @@ -0,0 +1,85 @@ +class GcomBNPS < Oxidized::Model + # For switches from GCOM Technologies Co.,Ltd. running the "Broadband Network Platform Software" + # Author: Frederik Kriewitz <frederik@kriewitz.eu> + # + # tested with: + # - S5330 (aka Fiberstore S3800) + + prompt /^\r?([\w.@()-]+?(\(1-16 chars\))?[#>:]\s?)$/ # also match SSH password promt (post_login commands are sent after the first prompt) + comment '! ' + +# alternative to handle the SSH login, but this breaks telnet +# expect /^Password\(1-16 chars\):/ do |data| +# send @node.auth[:password] + "\n" +# '' +# end + + # handle pager (can't be disabled?) + expect /^\.\.\.\.press ENTER to next line, CTRL_C to quit, other key to next page\.\.\.\.$/ do |data, re| + send ' ' + data.sub re, '' + end + + cmd :all do |cfg| + cfg = cfg.gsub " \e[73D\e[K", '' # remove garbage remaining from the pager + cfg.each_line.to_a[1..-2].join + end + + cmd :secret do |cfg| + cfg.gsub! /^(snmp-server community)\s+[^\s]+\s+(.*)/, '\\1 <community hidden> \\2' + cfg + end + + cmd 'show running-config' do |cfg| + cfg + end + + cmd 'show interface sfp' do |cfg| + out = [] + cfg.each_line do |line| + next if line.match /^ Temperature/ + next if line.match /^ Voltage\(V\)/ + next if line.match /^ Bias Current\(mA\)/ + next if line.match /^ RX Power\(dBM\)/ + next if line.match /^ TX Power\(dBM\)/ + out << line + end + + comment out.join + end + + + cmd 'show version' do |cfg| + comment cfg + end + + cmd 'show system' do |cfg| + out = [] + cfg.each_line do |line| + next if line.match /^system run time :/ + next if line.match /^switch temperature :/ + out << line + end + + comment out.join + end + + cfg :telnet do + username /^Username\(1-32 chars\):/ + password /^Password\(1-16 chars\):/ + end + + cfg :ssh do + # the switch blindy accepts the SSH connection without password validation and then spawns a telnet login prompt + # first thing we've to send is the password + post_login do + send @node.auth[:password] + "\n" + end + end + + cfg :telnet, :ssh do + pre_logout 'exit' + end + +end + diff --git a/lib/oxidized/model/ios.rb b/lib/oxidized/model/ios.rb index 0cb2f3a..4e7d223 100644 --- a/lib/oxidized/model/ios.rb +++ b/lib/oxidized/model/ios.rb @@ -26,6 +26,7 @@ class IOS < Oxidized::Model cmd :secret do |cfg| cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>' + cfg.gsub! /^(snmp-server host \S+( vrf \S+)?( version (1|2c|3))?)\s+\S+((\s+\S*)*)\s*/, '\\1 <secret hidden> \\5' cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>' cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>' cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>' diff --git a/lib/oxidized/model/junos.rb b/lib/oxidized/model/junos.rb index 2f59414..2ea0179 100644 --- a/lib/oxidized/model/junos.rb +++ b/lib/oxidized/model/junos.rb @@ -13,7 +13,10 @@ class JunOS < Oxidized::Model end cmd :secret do |cfg| - cfg.gsub!(/encrypted-password (\S+).*/, '<secret removed>') + cfg.gsub!(/encrypted-password (\S+).*/, 'encrypted-password <secret removed>') + cfg.gsub!(/pre-shared-key ascii-text (\S+).*/, 'pre-shared-key ascii-text <secret removed>') + cfg.gsub!(/pre-shared-key hexadecimal (\S+).*/, 'pre-shared-key hexadecimal <secret removed>') + cfg.gsub!(/authentication-key (\S+).*/, 'authentication-key <secret removed>') cfg.gsub!(/community (\S+) {/, 'community <hidden> {') cfg end diff --git a/lib/oxidized/model/netgear.rb b/lib/oxidized/model/netgear.rb index 38aaca7..0ab1349 100644 --- a/lib/oxidized/model/netgear.rb +++ b/lib/oxidized/model/netgear.rb @@ -1,7 +1,7 @@ class Netgear < Oxidized::Model comment '!' - prompt /^(\([\w-]+\)\s[#>])$/ + prompt /^(\([\w\-.]+\)\s[#>])$/ cmd :secret do |cfg| cfg.gsub!(/password (\S+)/, 'password <hidden>') diff --git a/lib/oxidized/model/opnsense.rb b/lib/oxidized/model/opnsense.rb new file mode 100644 index 0000000..b874fca --- /dev/null +++ b/lib/oxidized/model/opnsense.rb @@ -0,0 +1,21 @@ +class OpnSense < Oxidized::Model + + # minimum required permissions: "System: Shell account access" + # must enable SSH and password-based SSH access + + cmd :all do |cfg| + cfg.each_line.to_a[1..-1].join + end + + cmd 'cat /conf/config.xml' do |cfg| + cfg.gsub! /\s<revision>\s*<time>\d*<\/time>\s*.*\s*.*\s*<\/revision>/, '' + cfg.gsub! /\s<last_rule_upd_time>\d*<\/last_rule_upd_time>/, '' + cfg + end + + cfg :ssh do + exec true + pre_logout 'exit' + end + +end diff --git a/lib/oxidized/model/powerconnect.rb b/lib/oxidized/model/powerconnect.rb index 61e1cf2..f602a36 100644 --- a/lib/oxidized/model/powerconnect.rb +++ b/lib/oxidized/model/powerconnect.rb @@ -14,7 +14,7 @@ class PowerConnect < Oxidized::Model end cmd :secret do |cfg| - cfg.gsub! /^username (\S+) password \S+ (.*)/, 'username \1 password <hidden> \2' + cfg.gsub! /^(username \S+ password (?:encrypted )?)\S+(.*)/, '\1<hidden>\2' cfg end diff --git a/lib/oxidized/model/procurve.rb b/lib/oxidized/model/procurve.rb index 180b703..444fb5b 100644 --- a/lib/oxidized/model/procurve.rb +++ b/lib/oxidized/model/procurve.rb @@ -21,6 +21,11 @@ class Procurve < Oxidized::Model "" end + expect /Enter switch number/ do + send "\n" + "" + end + cmd :all do |cfg| cfg = cfg.each_line.to_a[1..-2].join cfg = cfg.gsub /^\r/, '' @@ -42,6 +47,10 @@ class Procurve < Oxidized::Model comment cfg end + cmd 'show system power-supply' do |cfg| + comment cfg + end + cmd 'show interfaces transceiver' do |cfg| comment cfg end diff --git a/lib/oxidized/model/routeros.rb b/lib/oxidized/model/routeros.rb index f391fb9..6717446 100644 --- a/lib/oxidized/model/routeros.rb +++ b/lib/oxidized/model/routeros.rb @@ -19,6 +19,7 @@ class RouterOS < Oxidized::Model cmd run_cmd do |cfg| cfg.gsub! /\x1B\[([0-9]{1,3}((;[0-9]{1,3})*)?)?[m|K]/, '' # strip ANSI colours cfg.gsub! /\\\r\n\s+/, '' # strip new line + cfg.gsub! /# inactive time\r\n/, '' # Remove time based system comment cfg = cfg.split("\n").select { |line| not line[/^\#\s\w{3}\/\d{2}\/\d{4}.*$/] } cfg.join("\n") + "\n" end diff --git a/lib/oxidized/model/slxos.rb b/lib/oxidized/model/slxos.rb new file mode 100644 index 0000000..934da5b --- /dev/null +++ b/lib/oxidized/model/slxos.rb @@ -0,0 +1,61 @@ +class SLXOS < Oxidized::Model + + prompt /^.*[>#]\s?$/i + comment '! ' + + cmd 'show version' do |cfg| + cfg.gsub! /(^((.*)[Ss]ystem [Uu]ptime(.*))$)/, '' #remove unwanted line system uptime + cfg.gsub! /[Uu]p\s?[Tt]ime is .*/,'' + + comment cfg + end + + cmd 'show chassis' do |cfg| + cfg.encode!("UTF-8", :invalid => :replace, :undef => :replace) #sometimes ironware returns broken encoding + cfg.gsub! /.*Power Usage.*/, '' #remove unwanted lines power usage + cfg.gsub! /Time A(live|wake).*/, '' #remove unwanted lines time alive/awake + cfg.gsub! /([\[]*)1([\]]*)<->([\[]*)2([\]]*)(<->([\[]*)3([\]]*))*/, '' + + comment cfg + end + + cmd 'show system' do |cfg| + cfg.gsub! /Up Time.*/, '' #removes uptime line + cfg.gsub! /Current Time.*/, '' #remove current time line + cfg.gsub! /.*speed is.*/, '' #removes fan speed lines + + comment cfg + end + + cmd 'show slots' do |cfg| + cfg.gsub! /^-*^$/, '' # some slx devices are fixed config + cfg.gsub! /syntax error: element does not exist/, '' # same as above + + comment cfg + end + + cmd 'show running-config' do |cfg| + arr = cfg.each_line.to_a + arr[2..-1].join unless arr.length < 2 + end + + cfg :telnet do + # match expected prompts + username /^(Please Enter Login Name|Username):/ + password /^(Please Enter Password ?|Password):/ + end + + #handle pager with enable + cfg :telnet, :ssh do + if vars :enable + post_login do + send "enable\n" + cmd vars(:enable) + end + end + post_login '' + post_login 'terminal length 0' + pre_logout 'exit' + end + +end diff --git a/lib/oxidized/model/supermicro.rb b/lib/oxidized/model/supermicro.rb index 361244c..518ae41 100644 --- a/lib/oxidized/model/supermicro.rb +++ b/lib/oxidized/model/supermicro.rb @@ -1,45 +1,9 @@ -class Supermicro < Oxidized::Model - comment '! ' +# Backward compatibility shim for deprecated model `supermicro`. +# Migrate your source from `supermicro` to `edgecos`. - cmd :secret do |cfg| - cfg.gsub!(/password \d+ (\S+).*/, '<secret removed>') - cfg.gsub!(/community (\S+)/, 'community <hidden>') - cfg - end +require_relative 'edgecos.rb' - cmd :all do |cfg| - cfg.each_line.to_a[2..-2].join - end +Supermicro = EdgeCOS - cmd 'show running-config' +Oxidized.logger.warn "Using deprecated model supermicro, use edgecos instead." - cmd 'show access-list tcam-utilization' do |cfg| - comment cfg - end - - cmd 'show memory' do |cfg| - comment cfg - end - - cmd 'show system' do |cfg| - comment cfg - end - - cmd 'show version' do |cfg| - comment cfg - end - - cmd 'show watchdog' do |cfg| - comment cfg - end - - cfg :telnet do - username /^Username:/ - password /^Password:/ - end - - cfg :telnet, :ssh do - post_login 'terminal length 0' - pre_logout 'exit' - end -end
\ No newline at end of file diff --git a/lib/oxidized/model/vyatta.rb b/lib/oxidized/model/vyatta.rb index 8d977aa..57ec9d3 100644 --- a/lib/oxidized/model/vyatta.rb +++ b/lib/oxidized/model/vyatta.rb @@ -9,11 +9,15 @@ class Vyatta < Oxidized::Model end cmd :secret do |cfg| + cfg.gsub! /encrypted-password (\S+).*/, 'encrypted-password <secret removed>' + cfg.gsub! /plaintext-password (\S+).*/, 'plaintext-password <secret removed>' + cfg.gsub! /password (\S+).*/, 'password <secret removed>' + cfg.gsub! /pre-shared-secret (\S+).*/, 'pre-shared-secret <secret removed>' cfg.gsub! /community (\S+) {/, 'community <hidden> {' cfg end - cmd 'show configuration | no-more' + cmd 'show configuration commands | no-more' cfg :telnet do username /login:\s/ diff --git a/lib/oxidized/source/csv.rb b/lib/oxidized/source/csv.rb index c1e310a..4814bd7 100644 --- a/lib/oxidized/source/csv.rb +++ b/lib/oxidized/source/csv.rb @@ -23,7 +23,7 @@ class CSV < Source file = File.expand_path(@cfg.file) file = if @cfg.gpg? crypto = GPGME::Crypto.new password: @cfg.gpg_password - crypto.decrypt(file).to_s + file = crypto.decrypt(File.open(file)).to_s else open(file) end diff --git a/lib/oxidized/version.rb b/lib/oxidized/version.rb index 221cffa..9a92133 100644 --- a/lib/oxidized/version.rb +++ b/lib/oxidized/version.rb @@ -1,3 +1,3 @@ module Oxidized - VERSION = '0.20.0' + VERSION = '0.21.0' end |