oxidized 0.20.0 → 0.21.0

data/extra/oxidized-ubuntu.haproxy

@@ -0,0 +1,45 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# Default ciphers to use on SSL-enabled listening sockets.
+	# For more information, see ciphers(1SSL). This list is from:
+	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
+	ssl-default-bind-options no-sslv3
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+	timeout connect 5000
+	timeout client  50000
+	timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+frontend oxidized
+	bind *:80
+	mode http
+	default_backend oxidized
+	compression algo gzip
+	compression type text/html text/plain text/css
+
+backend oxidized
+	server o1 127.0.0.1:8080

data/extra/oxidized.service

@@ -1,12 +1,16 @@
 #For debian 8 put it in /lib/systemd/system/
+#For RHEL / CentOS 7 put it in /etc/systemd/system/
 #and call it with systemctl start oxidized.service
 
 [Unit]
 Description=Oxidized - Network Device Configuration Backup Tool
+After=network-online.target multi-user.target
+Wants=network-online.target
 
 [Service]
 ExecStart=/usr/local/bin/oxidized
 User=oxidized
+KillSignal=SIGINT
 
 [Install]
 WantedBy=multi-user.target

data/lib/oxidized/hook.rb

@@ -23,6 +23,7 @@ class HookManager
     :node_success,
     :node_fail,
     :post_store,
+    :nodes_done
   ]
   attr_reader :registered_hooks
 

data/lib/oxidized/hook/exec.rb

@@ -71,7 +71,6 @@ class Exec < Oxidized::Hook
         "OX_NODE_FROM" => ctx.node.from.to_s,
         "OX_NODE_MSG" => ctx.node.msg.to_s,
         "OX_NODE_GROUP" => ctx.node.group.to_s,
-        "OX_EVENT" => ctx.event.to_s,
         "OX_REPO_COMMITREF" => ctx.commitref.to_s,
         "OX_REPO_NAME" => ctx.node.repo.to_s,
       )

data/lib/oxidized/input/ssh.rb

@@ -24,20 +24,23 @@ module Oxidized
       secure = Oxidized.config.input.ssh.secure
       @log = File.open(Oxidized::Config::Log + "/#{@node.ip}-ssh", 'w') if Oxidized.config.input.debug?
       port = vars(:ssh_port) || 22
+      
+      ssh_opts = {
+                :port => port.to_i,
+                :password => @node.auth[:password], :timeout => Oxidized.config.timeout,
+                :paranoid => secure,
+                :auth_methods => %w(none publickey password keyboard-interactive),
+                :number_of_password_prompts => 0,
+        }
+
       if proxy_host = vars(:ssh_proxy)
         proxy_command =  "ssh "
         proxy_command += "-o StrictHostKeyChecking=no " unless secure
         proxy_command += "#{proxy_host} -W %h:%p"
         proxy =  Net::SSH::Proxy::Command.new(proxy_command)
+        ssh_opts[:proxy] = proxy
       end
-      ssh_opts = {
-        :port => port.to_i,
-        :password => @node.auth[:password], :timeout => Oxidized.config.timeout,
-        :paranoid => secure,
-        :auth_methods => %w(none publickey password keyboard-interactive),
-        :number_of_password_prompts => 0,
-        :proxy => proxy,
-      }
+
       ssh_opts[:keys] = vars(:ssh_keys).is_a?(Array) ? vars(:ssh_keys) : [vars(:ssh_keys)] if vars(:ssh_keys)
       ssh_opts[:kex]  = vars(:ssh_kex).split(/,\s*/) if vars(:ssh_kex)
       ssh_opts[:encryption] = vars(:ssh_encryption).split(/,\s*/) if vars(:ssh_encryption)

data/lib/oxidized/model/acsw.rb

@@ -0,0 +1,67 @@
+class ACSW < Oxidized::Model
+
+  prompt /([\w.@()\/\\-]+[#>]\s?)/
+  comment  '! '
+
+  cmd :all do |cfg|
+    cfg.gsub! /^% Invalid input detected at '\^' marker\.$|^\s+\^$/, ''
+    cfg.each_line.to_a[1..-2].join
+  end
+
+  cmd :secret do |cfg|
+    cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
+    cfg.gsub! /^(username \S+ privilege \d+) (\S+).*/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ password \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(username \S+ secret \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(enable (password|secret) \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(\s+(?:password|secret)) (?:\d )?\S+/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*wpa-psk ascii \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*key 7) (.*)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(tacacs-server key \d) (\S+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(crypto isakmp key) (\S+) (.*)/, '\\1 <secret hidden> \\3'
+    cfg.gsub! /^(.*key 1 md5) (\d.+)/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*standby \d.+authentication).*/, '\\1 <secret hidden>'
+    cfg.gsub! /^(.*version 2c).*/, '\\1 <secret hidden>'
+    cfg
+  end
+
+
+  cmd 'show version' do |cfg|
+    comment cfg
+  end
+
+
+ cmd 'show inventory' do |cfg|
+   comment cfg
+ end
+
+
+  cmd 'show running-config' do |cfg|
+    cfg = cfg.each_line.to_a[3..-1]
+    cfg = cfg.reject { |line| line.match /^ntp clock-period / }.join
+    cfg.gsub! /^Current configuration : [^\n]*\n/, ''
+    cfg.gsub! /^\ tunnel\ mpls\ traffic-eng\ bandwidth[^\n]*\n*(
+                  (?:\ [^\n]*\n*)*
+                  tunnel\ mpls\ traffic-eng\ auto-bw)/mx, '\1'
+    cfg.gsub! /^([\s\t\!]*Last configuration change ).*/, ''
+    cfg.gsub! /^([\s\t\!]*NVRAM config last ).*/, ''
+    cfg
+  end
+
+  cfg :telnet do
+    username /.*login:/
+    password /^Password:/
+  end
+
+  cfg :telnet, :ssh do
+    if vars :enable
+      post_login do
+        send "enable\n"
+        cmd vars(:enable)
+      end
+    end
+    post_login 'terminal length 0'
+    pre_logout 'exit'
+  end
+
+end

data/lib/oxidized/model/aen.rb

@@ -0,0 +1,20 @@
+class AEN < Oxidized::Model
+  # Accedian
+
+  comment '# '
+
+  prompt /^([-\w.\/:?\[\]\(\)]+:\s?)$/
+
+  cmd 'configuration generate-script module all' do |cfg|
+    cfg
+  end
+
+  cmd :all do |cfg|
+    cfg.each_line.to_a[1..-2].join
+  end
+
+  cfg :ssh do
+    pre_logout 'exit'
+  end
+
+end

data/lib/oxidized/model/alteonos.rb

@@ -0,0 +1,60 @@
+class ALTEONOS < Oxidized::Model
+
+  prompt  /^\(?.+\)?\s?[#>]/
+
+  comment '! '
+
+  cmd :secret do |cfg|
+    cfg.gsub!(/^([\s\t]*admpw ).*/, '\1 <password removed>')
+    cfg.gsub!(/^([\s\t]*pswd ).*/, '\1 <password removed>')
+    cfg.gsub!(/^([\s\t]*esecret ).*/, '\1 <password removed>')
+    cfg
+  end
+
+  ############################################################################################## 
+  ##                                 Added to remove                                           #
+  ##                                                                                           #
+  ##/* Configuration dump taken 14:10:20 Fri Jul 28, 2017 (DST)                                #
+  ##/* Configuration last applied at 16:17:05 Fri Jul 14, 2017                                 #
+  ##/* Configuration last save at 16:17:43 Fri Jul 14, 2017                                    #
+  ##/* Version 29.0.3.12, vXXXXXXXX,  Base MAC address XXXXXXXXXXX                             #
+  ##/* To restore SSL Offloading configuration and management HTTPS access,                    #
+  ##/* it is recommended to include the private keys in the dump.                              #
+  ##                                       OR                                                  #        
+  ##/* To restore SSL Offloading configuration and management HTTPS access,it is recommended   #
+  ##/* to include the private keys in the dump.                                                #
+  ##                                                                                           #
+  ##############################################################################################
+
+  cmd 'cfg/dump' do |cfg|
+    cfg.gsub! /^([\s\t\/*]*Configuration).*/, ''
+    cfg.gsub! /^([\s\t\/*]*Version).*/, ''
+    cfg.gsub! /^([\s\t\/*]*To restore ).*/, ''
+    cfg.gsub! /^([\s\t\/*]*it is recommended to include).*/, ''
+    cfg.gsub! /^([\s\t\/*]*to include ).*/, ''
+    cfg
+  end
+
+  #Answer for Dispay private keys
+  expect /^Display private keys\?\s?\[y\/n\]\: $/ do |data, re|
+    send "n\r"
+    data.sub re, ''
+  end
+
+  #Answer for sync to peer on exit
+  expect /^Confirm Sync to Peer\s?\[y\/n\]\: $/ do |data, re|
+    send "n\r"
+    data.sub re, ''
+  end
+
+  #Answer for  Unsaved configuration 
+  expect /^(WARNING: There are unsaved configuration changes).*/ do |data, re|
+    send "n\r"
+    data.sub re, ''
+  end
+
+  cfg :ssh do
+    pre_logout 'exit'
+  end
+
+end

data/lib/oxidized/model/asa.rb

@@ -20,6 +20,11 @@ class ASA < Oxidized::Model
     cfg
   end
 
+  # check for multiple contexts
+  cmd 'show mode' do |cfg|
+    @is_multiple_context = cfg.include? 'multiple'
+  end
+
   cmd 'show version' do |cfg|
     # avoid commits due to uptime / ixo-router01 up 2 mins 28 secs / ixo-router01 up 1 days 2 hours
     cfg = cfg.each_line.select { |line| not line.match /(\s+up\s+\d+\s+)|(.*days.*)/ }
@@ -31,25 +36,12 @@ class ASA < Oxidized::Model
     comment cfg
   end
 
-  cmd 'more system:running-config' do |cfg|
-    cfg = cfg.each_line.to_a[3..-1].join
-    cfg.gsub! /^: [^\n]*\n/, ''
-    # backup any xml referenced in the configuration.
-    anyconnect_profiles = cfg.scan(Regexp.new('(\sdisk0:/.+\.xml)')).flatten
-    anyconnect_profiles.each do |profile|
-  	  cfg << (comment profile + "\n" )
-   	  cmd ("more" + profile) do |xml|
-	      cfg << (comment xml)
-	    end
+  post do
+    if @is_multiple_context
+      multiple_context
+    else
+      single_context
     end
-    # if DAP is enabled, also backup dap.xml
-    if cfg.rindex(/dynamic-access-policy-record\s(?!DfltAccessPolicy)/)
-   	  cfg << (comment "disk0:/dap.xml\n")
-      cmd "more disk0:/dap.xml" do |xml|
-        cfg << (comment xml)
-      end
-    end
-    cfg
   end
 
   cfg :ssh do
@@ -62,5 +54,48 @@ class ASA < Oxidized::Model
     post_login 'terminal pager 0'
     pre_logout 'exit'
   end
+  
+  def single_context
+      # Single context mode
+      cmd 'more system:running-config' do |cfg|
+        cfg = cfg.each_line.to_a[3..-1].join
+        cfg.gsub! /^: [^\n]*\n/, ''
+        # backup any xml referenced in the configuration.
+        anyconnect_profiles = cfg.scan(Regexp.new('(\sdisk0:/.+\.xml)')).flatten
+        anyconnect_profiles.each do |profile|
+            cfg << (comment profile + "\n" )
+            cmd ("more" + profile) do |xml|
+              cfg << (comment xml)
+            end
+        end
+        # if DAP is enabled, also backup dap.xml
+        if cfg.rindex(/dynamic-access-policy-record\s(?!DfltAccessPolicy)/)
+            cfg << (comment "disk0:/dap.xml\n")
+            cmd "more disk0:/dap.xml" do |xml|
+              cfg << (comment xml)
+            end
+        end
+        cfg
+      end
+  end
+
+  def multiple_context
+      # Multiple context mode
+      cmd 'changeto system' do |cfg|
+        cmd 'show running-config' do |systemcfg|
+          allcfg = "\n\n" + systemcfg + "\n\n"
+          contexts = systemcfg.scan(/^context (\S+)$/)
+          files = systemcfg.scan(/config-url (\S+)$/)
+          contexts.each_with_index do |cont, i|
+            allcfg = allcfg + "\n\n----------========== [ CONTEXT " + cont.join(" ") + " FILE " + files[i].join(" ") + " ] ==========----------\n\n"
+            cmd "more " + files[i].join(" ") do |cfgcontext|
+              allcfg = allcfg + "\n\n" + cfgcontext
+            end
+          end
+          cfg = allcfg
+        end
+        cfg
+      end
+  end
 
 end

data/lib/oxidized/model/asyncos.rb

@@ -0,0 +1,49 @@
+class AsyncOS < Oxidized::Model
+
+	# ESA prompt "(mail.example.com)> "
+	prompt /^\r*([(][\w. ]+[)][#>]\s+)$/
+	comment  '! '
+	
+	# Select passphrase display option 
+	expect /\[\S+\]>\s/ do |data, re|  
+		send "3\n"	
+		data.sub re, ''
+	end
+	
+	# handle paging
+	expect /-Press Any Key For More-+.*$/ do |data, re| 
+		send " "
+		data.sub re, ''
+	end
+	
+	cmd 'version' do |cfg|
+		comment cfg
+	end
+
+	cmd 'showconfig' do |cfg|
+		#Delete hour and date which change each run
+		#cfg.gsub! /\sCurrent Time: \S+\s\S+\s+\S+\s\S+\s\S+/, ' Current Time:'
+		# Delete select passphrase display option
+		cfg.gsub! /Choose the passphrase option:/, ''
+		cfg.gsub! /1. Mask passphrases \(Files with masked passphrases cannot be loaded using/, ''
+		cfg.gsub! /loadconfig command\)/, ''
+		cfg.gsub! /2. Encrypt passphrases/, ''
+		cfg.gsub! /3. Plain passphrases/, ''
+		cfg.gsub! /^3$/, ''
+		#Delete space 
+		cfg.gsub! /\n\s{25,26}/, '' 
+		#Delete after line
+		cfg.gsub! /([-\\\/,.\w><@]+)(\s{25,27})/,"\\1" 
+		# Add a carriage return 
+		cfg.gsub! /([-\\\/,.\w><@]+)(\s{6})([-\\\/,.\w><@]+)/,"\\1\n\\2\\3" 
+		# Delete prompt
+		cfg.gsub! /^\r*([(][\w. ]+[)][#>]\s+)$/, '' 
+		cfg
+
+	end
+	
+	cfg :ssh do
+		pre_logout "exit"
+	end
+	                            
+end

data/lib/oxidized/model/audiocodes.rb

@@ -0,0 +1,32 @@
+class AudioCodes < Oxidized::Model
+
+# Pull config from AudioCodes Mediant devices from version > 7.0
+
+  prompt /^\r?([\w.@() -]+[#>]\s?)$/
+  comment  '## '
+
+  expect /\s*--MORE--$/ do |data, re|
+
+    send ' '
+
+    data.sub re, ''
+
+  end
+
+  cmd 'show running-config' do |cfg|
+   cfg
+  end
+
+  cfg :ssh do
+    username /^login as:\s$/
+    password /^.+password:\s$/
+    pre_logout 'exit'
+  end
+  
+  cfg :telnet do
+    username /^Username:\s$/
+    password /^Password:\s$/
+    pre_logout 'exit'
+  end
+
+end

data/lib/oxidized/model/boss.rb

@@ -0,0 +1,76 @@
+class Boss < Oxidized::Model
+  # Avaya Baystack Operating System Software(BOSS)
+  # Created by danielcoxman@gmail.com
+  # May 15, 2017
+  # This was tested on ers3510, ers5530, ers4850, ers5952
+  # ssh and telnet were tested with banner and without
+
+  comment  '! '
+
+  prompt /^[^\s#>]+[#>]$/
+
+  # Handle the banner
+  # to disable the banner on BOSS the configuration parameter is "banner disabled"
+  expect /Enter Ctrl-Y to begin\./ do |data, re|
+    send "\cY"
+    data.sub re, ''
+  end
+
+  # Handle the Failed retries since last login 
+  # no known way to disable other than to implement radius authentication
+  expect /Press ENTER to continue/ do |data, re|
+    send "\n"
+    data.sub re, ''
+  end
+
+  # Handle the menu on the older BOSS example ers55xx, ers56xx
+  # to disable them menu on BOSS the configuration parameter is "cmd-interface cli"
+  expect /ommand Line Interface\.\.\./ do |data, re|
+    send "c"
+    data.sub re, ''
+  end
+ 
+  # needed for proper formatting
+  cmd('') { |cfg| comment "#{cfg}\n" }
+
+  # Do a sys-info and check and see if it supports stack
+  cmd 'show sys-info' do |cfg|
+    @stack = true if cfg.match /Stack/
+    cfg.gsub! /(^((.*)sysUpTime(.*))$)/, 'removed sysUpTime'
+    cfg.gsub! /(^((.*)sysNtpTime(.*))$)/, 'removed sysNtpTime'
+    cfg.gsub! /(^((.*)sysRtcTime(.*))$)/, 'removed sysNtpTime'
+    # remove timestamp
+    cfg.gsub! /\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} .*/, ''
+    comment "#{cfg}\n"
+  end
+  
+  # if a stack then collect the stacking information
+  cmd 'show stack-info' do |cfg|
+    if @stack
+      # remove timestamp
+      cfg.gsub! /\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} .*/, ''
+      comment "#{cfg}\n"
+    end
+  end
+
+  cmd 'show running-config' do |cfg|
+    cfg.gsub! /^show running-config/, '! show running-config'
+    # remove timestamp
+    cfg.gsub! /\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} .*/, ''
+    cfg.gsub! /^[^\s#>]+[#>]$/, ''
+    cfg.gsub! /^! clock set.*/, '! removed clock set'
+    cfg
+  end
+
+  cfg :telnet do
+    username /Username: /
+    password /Password: /
+  end
+
+  cfg :telnet, :ssh do
+    pre_logout 'logout'
+    post_login 'terminal length 0'
+    post_login 'terminal width 132'
+  end
+
+end