Sunday, April 01, 2007

Configuration Management with Rancid

Hey folks!

Dont you guys think it is a very tedious process to keep track of your networking devices configuration. Yah you know.. > copy run-config/start-config tftp ip.address .

So, instead of wasting my time doing that manually, i use Rancid + CVSWeb to monitor and keep track of my cisco devices configuration changes. As usual, my favorite platform is FreeBSD. The installation process can be referred to this tutorial.

After installation, several configurations need to be made especially, ~/.cloginrc which stored all your authentication method and password and also router.db that stored information about the router. In .cloginrc you can define what type of login method that you want to use, either telnet or SSH. For example:

add type ssh ip.of.the.router
add password ip.of.the.router passwordbongok passwordbongek

To test wether it's working or not, you can use a tool which is part of rancid, clogin.

$ clogin ip.of.the.router

if you can login and manage to get into global and configuration mode. Then you're good. After that all you need to start your rancid by typing rancid-run. Here is the screenshot of my cvsweb.



So the last step is to make sure every hour rancid will check for configuration changes on the routers. So all you need is crontab.

@hourly /usr/local/bin/rancid/rancid-run . Thats it.
Posted by at No comments:

Auditing users Account in Windows 2003

It have been a very very long time...

I've been assigned to list user ID, their group, Lock status and Active status. So I used this tools from Somarsoft called Dumpsec with a little bit help from unixtools.

Here is the tricks:

1. Dumpsec.exe /computer=\\computer.ip /rpt=users /saveas=csv outfile=c:\fileku.txt . It will produce something like below

3/16/2007 3:47 PM - Somarsoft DumpSec (formerly DumpAcl) - \\computer.ip
****Name,FullName,AccountType,Comment,HomeDrive,HomeDir,Profile,LogonScript,
Workstations,PswdCanBeChanged,PswdLastSetTime,PswdRequired,PswdExpires,
PswdExpiresTime,AcctDisabled,AcctLockedOut,AcctExpiresTime,
LastLogonTime,LastLogonServer,LogonHours,RasDialin,RasCallback,RasCallbackNumber

*********,,****,Built-in account for administering the computer/domain,,,,,,Yes,3/23/2006 3:52 PM,Yes,No
,Never,No ,No ,Never,4/12/2006 10:37 AM,10.20.201.13,All,No ,None,
***,***,***,,,,,,,Yes,8/21/2006 10:19 AM,Yes,No ,Never,No ,No ,Never,Never,10.20.201.13,All,No ,None,
Guest,,****,Built-in account for guest access to the computer/domain,,,,,,No ,3/7/2007 9:12 AM,No ,No ,Never,Yes,No ,Never,Never,10.20.201.13,All,No ,None,
SQLDebugger,SQLDebugger,****,This **** account is used by the Visual Studio .NET Debugger,,,,,,No ,2/15/2006 5:02 PM,Yes,No ,Never,No ,No ,Never,Never,10.20.201.13,All,No ,None,
SUPPORT_388945a0,CN=Microsoft Corporation,L=Redmond,S=Washington,C=US,****,This is a vendor's account for the Help and Support Service,,,,,,No ,2/10/2006 11:06 AM,Yes,No ,Never,Yes,No ,Never,Never,10.20.201.13,All,No ,None,
****,,****,Built-in account for administering the computer/domain,,,,,,Yes,10/4/2006 4:31 PM,Yes,No ,Never,No ,No ,Never,3/1/2007 3:22 PM,10.20.201.13,All,No ,None,

All i need is field no 1,2,15 and 16 so i did this. (Actually there are several way to do this, one of it to use awk)

2. cat c:\fileku.txt | cut -d "," -f1,2,15,16 >> listuser.csv . So here is the result.

3/13/2007 4:01 PM - Somarsoft DumpSec (formerly DumpAcl) - \\computer.ip
****Name,FullName,AccountType,AcctDisabled,AcctLockedOut

ASPNET,ASP.NET Machine Account,****,No ,No
******,******,****,No ,No
Guest,,****,Yes,No
*******,Internet Guest Account,****,No ,No
SQLDebugger,SQLDebugger,****,No ,No
SUPPORT_388945a0,CN=Microsoft Corporation,L=Redmond,Yes,No
****,,****,No ,No


So who said MS Windows is boring? Operating System is just a tool, be it Solaris, BSD, Windows, Linux or whatever it is, all you need is knowledge to make it fun!
Posted by at No comments:
Subscribe to: Posts (Atom)