def convert_vrf(ios_conf_file, new_conf_file, vrf_name): xr_conf = CiscoConfParse(new_conf_file) vrf_attrib = IosVrfConfigParser.ios_get_vrf_attrib( ios_conf_file, vrf_name) if vrf_attrib['VRF_NAME']: print "create vrf config" xr_conf.append_line("vrf " + vrf_attrib['VRF_NAME']) xr_conf.append_line(" address-family ipv4 unicast") if vrf_attrib['EX_MAP']: print "create EXPORT Route-policy" for ex_map in vrf_attrib['EX_MAP']: xr_conf.append_line(" export route-policy " + ex_map) if vrf_attrib['IM_MAP']: print "create IMPORT Route-policy" for im_map in vrf_attrib['IM_MAP']: xr_conf.append_line(" export route-policy " + im_map) if vrf_attrib['RT_EXPORT']: print "create Export Route-Target " for rt_export in vrf_attrib['RT_EXPORT']: xr_conf.append_line(" export route-target " + rt_export) if vrf_attrib['RT_IMPORT']: print "create Import Route-Target " for rt_import in vrf_attrib['RT_IMPORT']: xr_conf.append_line(" export route-target " + rt_import) xr_conf.commit() xr_conf.save_as(new_conf_file)
def Audit(): ## Parse the config parse = CiscoConfParse('conf.txt') for i in range(25): ## Add a new switchport at the bottom of the config... parse.append_line('interface FastEthernet0/' + str(i)) parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit() # commit() **must** be called before searching again ## Search and standardize the interfaces... standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## I'm illustrating regular expression usage in has_line_with() if not parse.has_line_with(r'^service\stimestamp'): ## prepend_line() adds a line at the top of the configuration parse.prepend_line( 'service timestamps debug datetime msec localtime show-timezone') parse.prepend_line( 'service timestamps log datetime msec localtime show-timezone') ## Write the new configuration parse.save_as('conf3.txt')
def parse_config(host, addr): # search mgmt interface in .txt files # interface GigabitEthernet3 is MGMT interface txt_cfg = lab_folder + host + ".txt" mgmt_interface = "GigabitEthernet3" ip_param = "ip address " + addr + " 255.255.255.0" parse = CiscoConfParse(txt_cfg, factory=True) interface = parse.find_interface_objects(mgmt_interface) # add interface gig3 if interface == []: print("creating mgmt interface") parse.insert_before('line con 0', 'interface GigabitEthernet3') parse.commit() for obj in parse.find_interface_objects(mgmt_interface): obj.append_to_family('!') obj.append_to_family(' no shutdown') obj.append_to_family(' ' + ip_param) obj.append_to_family(' description MGMT') parse.commit() parse.save_as(txt_cfg) else: print("Interface already configured") pass
def Modify_Conf(): parse = CiscoConfParse('cat.txt') #特定のI/FのVLAN番号を変更する #例:10、12番ポートのVLAN番号を変更する for i in range(25): if (i == 10): for intf in parse.find_objects(r'^interface GigabitEthernet0/' + str(i)): if (intf.has_child_with(r' switchport access vlan')): intf.delete_children_matching(r' switchport access vlan') parse.insert_after(r'^interface GigabitEthernet0/' + str(i), insertstr=' switchport access vlan 999', exactmatch=False, ignore_ws=False, atomic=False) parse.commit() elif (i == 12): for intf in parse.find_objects(r'^interface GigabitEthernet0/' + str(i)): if (intf.has_child_with(r' switchport access vlan')): intf.delete_children_matching(r' switchport access vlan') parse.insert_after(r'^interface GigabitEthernet0/' + str(i), insertstr=' switchport access vlan 999', exactmatch=False, ignore_ws=False, atomic=False) parse.commit() #新規ファイルに書き込み parse.save_as('cat2.txt')
def testValues_banner_delete_01(): # Ensure multiline banners are correctly deleted CONFIG = [ '!', 'banner motd ^', ' trivial banner1 here ^', 'interface GigabitEthernet0/0', ' ip address 192.0.2.1 255.255.255.0', 'banner exec ^', ' trivial banner2 here ^', 'end' ] parse = CiscoConfParse(CONFIG) for obj in parse.find_objects('^banner'): obj.delete() parse.commit() assert parse.find_objects('^banner') == []
def testValues_banner_delete_01(): # Ensure multiline banners are correctly deleted CONFIG = ['!', 'banner motd ^', ' trivial banner1 here ^', 'interface GigabitEthernet0/0', ' ip address 192.0.2.1 255.255.255.0', 'banner exec ^', ' trivial banner2 here ^', 'end'] parse = CiscoConfParse(CONFIG) for obj in parse.find_objects('^banner'): obj.delete() parse.commit() assert parse.find_objects('^banner')==[]
def testValues_aaa_authfailmsg_delete_01(): # Ensure aa authentication fail-message banners are correctly deleted CONFIG = ['!', 'aaa authentication fail-message ^', ' trivial banner1 here ^', 'interface GigabitEthernet0/0', ' ip address 192.0.2.1 255.255.255.0', 'banner exec ^', ' trivial banner2 here ^', 'end'] parse = CiscoConfParse(CONFIG) for obj in parse.find_objects('^aaa\sauthentication\sfail-message'): obj.delete() parse.commit() assert parse.find_objects('^aaa\sauthentication\sfail-message')==[]
def remove_config_blocks(run_config): parse = CiscoConfParse(run_config) # delete exiting configuration that needs to be replaced for obj in parse.find_objects(r"^interface"): obj.delete() for obj in parse.find_objects(r"boot system"): obj.delete() # commit modifications to the current parse object parse.commit() #return IOS formated config to be used in script return '\n'.join(parse.ioscfg) # use below parse command if file needs to be saved locally # parse.save_as('modified_startup')
def testValues_banner_delete_02(): # Ensure multiline banners are correctly deleted # # Check for Github issue #37 CONFIG = [ '!', 'interface GigabitEthernet0/0', ' ip address 192.0.2.1 255.255.255.0', 'banner motd ^', ' trivial banner1 here ^', 'interface GigabitEthernet0/1', ' ip address 192.0.2.1 255.255.255.0', 'banner exec ^', ' trivial banner2 here ^', 'end' ] parse = CiscoConfParse(CONFIG) for obj in parse.find_objects('^banner'): obj.delete() parse.commit() assert parse.find_objects('^banner') == [] # Github issue #37 assigned Gi0/1's child to Gi0/0 after deleting # the banner motd line... for obj in parse.find_objects('^interface'): assert len(obj.children) == 1
def testValues_banner_delete_02(): # Ensure multiline banners are correctly deleted # # Check for Github issue #37 CONFIG = ['!', 'interface GigabitEthernet0/0', ' ip address 192.0.2.1 255.255.255.0', 'banner motd ^', ' trivial banner1 here ^', 'interface GigabitEthernet0/1', ' ip address 192.0.2.1 255.255.255.0', 'banner exec ^', ' trivial banner2 here ^', 'end'] parse = CiscoConfParse(CONFIG) for obj in parse.find_objects('^banner'): obj.delete() parse.commit() assert parse.find_objects('^banner')==[] # Github issue #37 assigned Gi0/1's child to Gi0/0 after deleting # the banner motd line... for obj in parse.find_objects('^interface'): assert len(obj.children)==1
# Script to find what interfaces have an "ip helper-address" # Uses ciscoconfparse library, make sure its installed #Importing the necessary modules. import os from ciscoconfparse import CiscoConfParse os.chdir("c:\\configs") for filename in os.listdir(os.getcwd()): parse = CiscoConfParse(filename, factory=True, syntax='ios') obj_list = parse.find_objects_dna(r'Hostname') inf_w_help = parse.find_parents_w_child(parentspec=r"^interface", childspec=r"ip helper-address") hostn = obj_list[0].hostname print hostn for interface in inf_w_help: print interface print("Write results to file...") newconfig = CiscoConfParse([]) newconfig.append_line(hostn) for interface in inf_w_help: newconfig.append_line(interface) newconfig.append_line('ip helper-address my.new.ip.add1') newconfig.commit() newconfig.save_as(hostn + '_newconfig.txt')
has_stormcontrol = intf.has_child_with(r' storm-control broadcast') is_switchport_access = intf.has_child_with(r'switchport mode access') is_switchport_trunk = intf.has_child_with(r'switchport mode trunk') ## Add missing features if is_switchport_access and (not has_stormcontrol): intf.append_to_family(' storm-control action trap') intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## Remove dot1q trunk misconfiguration... elif is_switchport_trunk: intf.delete_children_matching('port-security') intf.delete_children_matching('nonegotiate') #cust request 1 ## Parse the configs parse = CiscoConfParse('ios_audit.conf') # this is our input file ## Search and standardize the interfaces... standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## regular expression usage in has_line_with() to find if the config has a matching line if not parse.has_line_with(r'^service\stimestamp'): ## prepend_line() adds a line at the top of the configuration parse.prepend_line('service timestamps debug datetime msec localtime show-timezone') parse.prepend_line('service timestamps log datetime msec localtime show-timezone') parse.prepend_line('this config was hacked by Robert') ## Write the new configuration #customization request: make it output to .conf.new2 parse.save_as('ios_audit.conf.new2')
intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## remove dot1q trunk misconfiguration elif is_switchport_trunk: intf.delete_children_matching('port-security') ## Parse the config parse = CiscoConfParse('switch.conf') ## Add a new switchport at the bottom of the config... parse.append_line('interface GigabitEthernet1/0') parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit() ## Search and standardize the interfaces standardize_interfaces(parse) parse.commit() ## Add a line to the top of the config if not already there. if not parse.has_line_with(r'^service\stimestamp'): parse.prepend_line( 'service timestamps debug datetime msec localtime show-timezone') parse.prepend_line( 'service timestamps log datetime msec localtime show-timezone') ## Wrtite the config file now... parse.save_as('switch.conf.new')
def transform(filename): #1st Part with open(os.path.join(app.config['UPLOAD_FOLDER'],filename), "rU") as infile: p = CiscoConfParse(infile) objs = list() objs.extend(p.find_objects(r'^policy-map')) objs.extend(p.find_objects(r'ip\saccess-list')) objs.extend(p.find_objects(r'^class-map')) objs.extend(p.find_objects(r'^crypto pki')) objs.extend(p.find_objects(r'^track')) objs.extend(p.find_objects(r'^ip sla')) objs.extend(p.find_objects(r'^zone-pair')) objs.extend(p.find_objects(r'^archive')) objs.extend(p.find_objects(r'^banner ')) objs.extend(p.find_objects(r'^line ')) objs.extend(p.find_objects(r'^username')) objs.extend(p.find_objects(r'^logging ')) objs.extend(p.find_objects(r'^end')) objs.extend(p.find_objects(r'^access-list')) for obj in objs: obj.delete() for interface in p.find_objects_w_child('^interface', 'spanning-tree portfast'): interface.delete(interface) for interface in p.find_objects_w_child('^interface', 'switchport port-security'): interface.delete(interface) p.commit() p.save_as (os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt')) #2nd Part with open (os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt'), "rU") as file_parsed_2nd: with open(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'), "w") as outfile: security_lines = ['last','Last','version','service timestamps','service password','tcp-keepalives','marker','flow-','enable secret', 'csdb', 'ip accouting','timezone','aaa','ssh','snmp','service-policy','tacacs','privilege', 'alias','ntp','scheduler allocate','exec-timeout', 'service pad','syslog', 'small-servers','enable password','zone-member','zone security','ip http','mls','igmp', 'radius-server', 'forward-protocol','cdp','nagle','resource policy','gratuitous-arps','resource policy''control-plane', '-time','errdisable','#','Building configuration','Current configuration','memory-size iomem','no ip source-route', 'no ip bootp server','no ip domain lookup','no ipv6 cef','no logging console','multilink bundle-name authenticated', 'ip accounting','standby'] emptyline = ['\n', '\r\n'] for line in file_parsed_2nd: if not line in emptyline and not any(security_line in line for security_line in security_lines): outfile.write(line) # 3rd Part outfile.write('enable secret cisco\n') outfile.write('line vty 0 4\n') outfile.write(' password cisco\n') outfile.write(' no access-class 23 in\n') outfile.write('end\n') outfile.write('!\n') return send_file(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'))
## Add missing commands if is_switchport_access and (not has_stormcontrol): intf.append_to_family(' storm-control action trap') intf.append_to_family(' storm-control broadcast level 0.4 0.3') ## remove dot1q trunk misconfiguration elif is_switchport_trunk: intf.delete_children_matching('port-security') ## Parse the config parse = CiscoConfParse('switch.conf') ## Add a new switchport at the bottom of the config... parse.append_line('interface GigabitEthernet1/0') parse.append_line(' switchport') parse.append_line(' switchport mode access') parse.append_line('!') parse.commit () ## Search and standardize the interfaces standardize_interfaces(parse) parse.commit() ## Add a line to the top of the config if not already there. if not parse.has_line_with(r'^service\stimestamp'): parse.prepend_line('service timestamps debug datetime msec localtime show-timezone') parse.prepend_line('service timestamps log datetime msec localtime show-timezone') ## Wrtite the config file now... parse.save_as('switch.conf.new')
parse.delete_lines(r'loop-detection') parse.delete_lines(r'errdisable recovery cause loop-detect') parse.delete_lines(r'errdisable recovery cause all') ## Cleans up vlan configuraiton. vlans = [ ('11', wifi_vlans), ('22', voice_vlan), ('24', facilitys_vlan), ('42', data_vlan), ('56', wifi_vlans) ] tagged_ports = lambda vlan: parse.replace_children( r'vlan\s+{0}'.format(vlan[0]), r'!', 'tagged ' + ' '.join([port_name(port) for port in sorted(vlan[1])]) ) port_name = lambda port: ' '.join([port.text[10:11], port.text[19:]]) parse.replace_all_children(r'vlan.*', r'[un]?tagged.*', '!') for x in vlans: tagged_ports(x) # parse.replace_all_children(r'vlan.*', r'REPLACE', '') ## Parse the config parse = CiscoConfParse('brocade_conf.cfg') ## Search and standardize the configuration standardize_intfs(parse) parse.commit() # commit() **must** be called before searching again ## Write the new configuration parse.save_as('brocade_conf.cfg.new')
def transform(filename): #1st Part with open(os.path.join(app.config['UPLOAD_FOLDER'], filename), "rU") as infile: p = CiscoConfParse(infile) objs = list() objs.extend(p.find_objects(r'^policy-map')) objs.extend(p.find_objects(r'ip\saccess-list')) objs.extend(p.find_objects(r'^class-map')) objs.extend(p.find_objects(r'^crypto pki')) objs.extend(p.find_objects(r'^track')) objs.extend(p.find_objects(r'^ip sla')) objs.extend(p.find_objects(r'^zone-pair')) objs.extend(p.find_objects(r'^archive')) objs.extend(p.find_objects(r'^banner ')) objs.extend(p.find_objects(r'^line ')) objs.extend(p.find_objects(r'^username')) objs.extend(p.find_objects(r'^logging ')) objs.extend(p.find_objects(r'^end')) objs.extend(p.find_objects(r'^access-list')) for obj in objs: obj.delete() for interface in p.find_objects_w_child('^interface', 'spanning-tree portfast'): interface.delete(interface) for interface in p.find_objects_w_child('^interface', 'switchport port-security'): interface.delete(interface) p.commit() p.save_as( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt')) #2nd Part with open(os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_1st.txt'), "rU") as file_parsed_2nd: with open( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'), "w") as outfile: security_lines = [ 'last', 'Last', 'version', 'service timestamps', 'service password', 'tcp-keepalives', 'marker', 'flow-', 'enable secret', 'csdb', 'ip accouting', 'timezone', 'aaa', 'ssh', 'snmp', 'service-policy', 'tacacs', 'privilege', 'alias', 'ntp', 'scheduler allocate', 'exec-timeout', 'service pad', 'syslog', 'small-servers', 'enable password', 'zone-member', 'zone security', 'ip http', 'mls', 'igmp', 'radius-server', 'forward-protocol', 'cdp', 'nagle', 'resource policy', 'gratuitous-arps', 'resource policy' 'control-plane', '-time', 'errdisable', '#', 'Building configuration', 'Current configuration', 'memory-size iomem', 'no ip source-route', 'no ip bootp server', 'no ip domain lookup', 'no ipv6 cef', 'no logging console', 'multilink bundle-name authenticated', 'ip accounting', 'standby' ] emptyline = ['\n', '\r\n'] for line in file_parsed_2nd: if not line in emptyline and not any( security_line in line for security_line in security_lines): outfile.write(line) # 3rd Part outfile.write('enable secret cisco\n') outfile.write('line vty 0 4\n') outfile.write(' password cisco\n') outfile.write(' no access-class 23 in\n') outfile.write('end\n') outfile.write('!\n') return send_file( os.path.join(app.config['UPLOAD_FOLDER'], 'file_parsed_2nd.txt'))