Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Network Change & Configuration Management

Reply

MOTD banner using Perl

Authority
Posts: 42
5628     0

Can anyone advise on this. I have been trying unsuccessfully to get the Cisco banner motd to be scripted using Perl in NetMRI. 

The banner I need to put in is a multi-line legal banner but the different combinations I have been trying do not appear to work (using combinations of \r and \n).

I am not sure if this is the same issue here, but we had a competitive product before moving to NetMRI (not going to mention names) that allowed us to script the banner by just sending the text in Perl without having to wait for anything (like the prompt).

Is this something that is achievable in NetMRI?

Or is there a better way of doing the MOTD banner.

I am aware that there is a CCS script available, but the complexities of the script requires Perl.

Re: MOTD banner using Perl

Adviser
Posts: 407
5629     0

Here is a CCS script

Script-Filter:
$Vendor eq "Cisco"


##############
Action:
Fix Banners

Action-Description:
Remove the old banner statement and add a new one.    

Action-Commands:
SET:$banner = "#########################################################################\r#     This system is for the use of authorized users only.              #\r#     Individuals using this computer system without authority, or in   #\r#     excess of their authority, are subject to having all of their     #\r#     activities on this system monitored and recorded by system        #\r#     personnel.                                                        #\r#                                                                       #\r#     In the course of monitoring individuals improperly using this     #\r#     system, or in the course of system maintenance, the activities    #\r#     of authorized users may also be monitored.                        #\r#                                                                       #\r#     Anyone using this system expressly consents to such monitoring    #\r#     and is advised that if such monitoring reveals possible           #\r#     evidence of criminal activity, system personnel may provide the   #\r#     evidence of such monitoring to law enforcement officials.         #\r#########################################################################\r"

config t
no banner motd
banner motd ^\r$banner\r^\r
end
write mem
Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: MOTD banner using Perl

Authority
Posts: 42
5629     0

Hi Sif, Thanks for the reply. I knew about that one as you helped someone else earlier. However, I need a similar one that works with Perl.

We have a rather large script that performs baseline configuration based on certain criteria and for that I use Perl. 

 

I cant seem to get the Banner to work using Perl. 

 

Alternatively, is there a way I can call the Banner CCS script from the Perl script?

 

Thanks

 

Re: MOTD banner using Perl

Adviser
Posts: 407
5629     0

Can you post you PERL script part with MOTD 

 

Sif 

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: MOTD banner using Perl

Expert
Posts: 229
5629     0

Can you keep the banner in a separate text file -- either on a TFTP server or maybe in the NetMRI sandbox?  If so, then your Perl script only has to issue the "copy tftp://<server>/banner.txt running\r\r" command to the (Cisco) device.  Or use Perl I/O to send it from the sandbox.  That also makes it easier to edit the banner or replace it without editing the script.

 

Re: MOTD banner using Perl

Authority
Posts: 42
5629     0

Hi Sif,

Actually, I finally got it to work using this simple script (below). There was a certain amount of "not being able to see the woods for the trees" with this one - combined with testing against a switch with an old IOS which caused confusion in the results.

Not quite the formatting I wanted, but it will have to do for now.

 

Thanks for your help.

 

 

# BEGIN-SCRIPT-BLOCK
#
# Script-Filter:
#    $Vendor eq "Cisco"
#    and $Type eq "Switch"
#    and $sysDescr like /IOS/
# Script-Variables:
#
# END-SCRIPT-BLOCK

#Remove the Script-Filter line that refers to the single switch - this is only required for safety during testing/

use strict;
use warnings;
#use diagnostics;

use NetMRI_Easy;
use strict;
use warnings;
use NetMRI::API;
use Data:Smiley Very Happyumper::Concise;
use DateTime;
use List::Util qw(min max);

require "Infoblox_Job.pm";
require "TAE_Util.pm";
my $easy = new NetMRI_Easy({ api_version => 3.2 });


my $device = $easy->device;# Get the NetMRI Device object
my $ip_address = $device->DeviceIPDotted;# Get the IP address of the device

my $hostname = $device->DeviceName;# # Get the hostname of the device
my $Model = $easy->model;

SendBanner();


sub SendBanner {

 
$easy->send_command("conf t");
$easy->send_command("no banner motd");


$easy->send_command("banner motd Z\rAccess to this computer system is restricted\rto company authorised users only.\r\rBy accessing and using this computer system\ryou are confirming you will comply with\rthe company company Information Security Policy.\r\rUnauthorised use of, or access to, this\rcomputer system may subject you to disciplinary\raction or civil/criminal prosecution.\r\rcompany Ltd retains the right to\rmonitor all activities for business and\rsecurity purposes.\r\rZ\r");#

$easy->send_command("end");
   
}


Re: MOTD banner using Perl

Authority
Posts: 42
5629     0

Hi,

I was trying to see if I could do this from the Sandbox but it didnt seem to work.

Not sure if anyone can shed light on this.

 

The script is as follows;

 

#!/usr/bin/perl -w
# BEGIN-SCRIPT-BLOCK
#
# Script-Filter: $name ne "unknown"
#
# Script-Login:
# true
#
#
# END-SCRIPT-BLOCK
use strict;
use warnings;
use NetMRI_Easy;

my $easy = new NetMRI_Easy ({ api_version => 2.10 });

my $SetTerm = "";
my $RunCfg = "";
my $VRF_List = "";
my $All_Routes = "";

$SetTerm = $easy->send_command("term len 0");

# Write the Config
#my $bannerfile = "/mnt/host/data/userdata/banner.txt";
my $bannerfile = "/mnt/host/data/userdata/banner2.txt";
my $FH;
open $FH, "<$bannerfile";

my @fileinfo =<$FH>;

my $banner = join("", @fileinfo);
chomp $banner;
$easy->send_command("conf t");
$easy->send_command("no banner motd");

$easy->send_command("banner motd Z\r" . $banner . "\rZ\r");

print "Banner:" . $banner ;

$easy->send_command("exit");

The file banner2.txt contains;

Access to this computer system is restricted
to company authorised users only.

By accessing and using this computer system
you are confirming you will comply with
the company Information Security Policy.

Unauthorised use of, or access to, this
computer system may subject you to disciplinary
action or civil/criminal prosecution.

company Ltd retains the right to
monitor all activities for business and
security purposes.

LHR3728T3-A2#

LHR3728T3-A2#enable

LHR3728T3-A2#

LHR3728T3-A2#terminal no monitor

LHR3728T3-A2#terminal no editing

LHR3728T3-A2#terminal length 0

LHR3728T3-A2#term len 0

LHR3728T3-A2#conf t Enter configuration commands, one per line. End with CNTL/Z.

LHR3728T3-A2(config)#no banner motd

LHR3728T3-A2(config)#exit

LHR3728T3-A2#exit

Connection to 10.12.1.142 closed.    

 

For some reason, although the file is being read, nothing appears to happen on the switch with the command (as seen above). It goes from "no banner motd" to "exit".

$easy->send_command("banner motd Z\r" . $banner . "\rZ\r");

 

 

Re: MOTD banner using Perl

Adviser
Posts: 407
5629     0

Change this

$easy->send_command("banner motd Z\r" . $banner . "\rZ\r");

to this

$easy->send_command("banner motd Z\r $banner \rZ\r");
Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: MOTD banner using Perl

Authority
Posts: 42
5629     0

Hi Sif,

This is what I tried first before using the concatenation. Tried it again and same result. I.e. no new banner.

 

 

Regards

 

Russ

Re: MOTD banner using Perl

Adviser
Posts: 407
5629     0

That MOTD is strange, I was able to pass a variable of other things into the Send Command expect the MOTD

 

 

 

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: MOTD banner using Perl

[ Edited ]
Authority
Posts: 18
5629     0

Something like this. Doesn't use external file for banner, but setting variable in this way makes it easyish to read/edit.

 

 

($motd_banner = <<"    END_BLOCK") =~ s/^ {8}//gm;
        ATTENTION \- GRABBING \- TITLE
        Example Embedded Variable: $variable
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        Lorem ipsum dolor sit amet\, consectetur adipiscing elit\, sed do eiusmod tempor
        incididunt ut labore et dolore magna aliqua\. Ut enim ad minim veniam\, quis 
        nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat\. 
        Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu 
        fugiat nulla pariatur\. Excepteur sint occaecat cupidatat non proident\, sunt in
        culpa qui officia deserunt mollit anim id est laborum\.
    END_BLOCK
$motd_banner =~ s/\R\z//g; #remove newline character at end of string
$motd_banner =~ s/\R/\r/g; #replace all types of newline-like charactors with /r which seems to work
# sometimes other regex here to make platform-specific content tweaks before applying
$easy->send_command("banner motd ^\r$motd_banner\r^\r"); #presence/quantity of \r characters can vary by platform

 

 

Showing results for 
Search instead for 
Do you mean 

Recommended for You