Merge branch 'master' of github.com:s-fu/oxidized

CHANGELOG.md

@@ -2,6 +2,14 @@
 
 ## Master
 
+* FEATURE: add Waystream iBOS model
+* BUGFIX: better login modalities for telnet in aos7 (@optimuscream)
+* BUGFIX: better virtual domain detection in fortios (@agabellini)
+* MISC: more secret scrubbing in sonicos (@s-fu)
+* MISC: openssh key scrubbing as secret in fortios (@agabellini)
+
+## 0.27.0
+
 * FEATURE: add automatic restart on failure for systemd (@deajan)
 * FEATURE: add ZynOS GS1900 specific model support (@deajan)
 * FEATURE: add PurityOS model support (@elliot64)
@@ -17,8 +25,8 @@
 * FEATURE: add Linuxgeneric model (@davama)
 * FEATURE: include HA status info in fortios model (@raunz)
 * FEATURE: add SpeedTouch model (@raunz)
-* BUGFIX: prevent versionning on procurve switches by removing power usage output (@deajan)
 * FEATURE: comware added device manuinfo to include serial number (@raunz)
+* BUGFIX: prevent versionning on procurve switches by removing power usage output (@deajan)
 * BUGFIX: improve procurve telnet support for older switches (@deajan)
 * BUGFIX: voss model
 * BUGFIX: cambium model should not consider timestamp for backup as unneeded, and causes diffs (@cchance27)
@@ -36,6 +44,7 @@
 * BUGFIX: update screenos model to reduce the amount of lines being stripped from beginning of cfg output
 * BUGFIX: include colon in aosw prompt regexp in case it is a mac address (@raunz)
 * BUGFIX: comware improvement for requesting HP 19x0 switches hidden CLI. Issues #1754 and #1447
+* BUGFIX: fix variable inheritance when subclassing a model
 * MISC: add pgsql support, mechanized and net-tftp to Dockerfile
 * MISC: upgrade slop, net-telnet and rugged
 * MISC: extra secret scrubbing in comware model (@bengels00)

docs/Supported-OS-Types.md

@@ -105,6 +105,7 @@
   * [TMOS](/lib/oxidized/model/tmos.rb)
 * Fiberstore
   * [S3800](/lib/oxidized/model/gcombnps.rb)
+  * [S3900](/lib/oxidized/model/edgecos.rb)
 * Firebrick
   * [FBxxxx](/lib/oxidized/model/firebrick.rb)
 * Force10

extra/syslog.rb

@@ -36,6 +36,10 @@ class Config
   CFGS.default.syslogd.port        = 514
   CFGS.default.syslogd.file        = 'messages'
   CFGS.default.syslogd.resolve     = true
+  CFGS.default.syslogd.dns_map     = {
+    '(.*)\.strip\.this\.domain\.com' => '\\1',
+    '(.*)\.also\.this\.net'          => '\\1'
+  }
 
   begin
     CFGS.load
@@ -46,15 +50,12 @@ class Config
   end
 
   class SyslogMonitor
-    NAME_MAP = {
-      /(.*)\.ip\.tdc\.net/ => '\1',
-      /(.*)\.ip\.fi/       => '\1'
-    }.freeze
     MSG = {
       ios:   /%SYS-(SW[0-9]+-)?5-CONFIG_I:/,
       junos: 'UI_COMMIT:',
       eos:   /%SYS-5-CONFIG_I:/,
-      nxos:  /%VSHD-5-VSHD_SYSLOG_CONFIG_I:/
+      nxos:  /%VSHD-5-VSHD_SYSLOG_CONFIG_I:/,
+      aruba: 'Notice-Type=\'Running'
     }.freeze
 
     class << self
@@ -82,30 +83,34 @@ def rest(opt)
       Oxidized::RestClient.next opt
     end
 
-    def ios(ipaddr, log, index)
+    def ios(log, index, **opts)
       # TODO: we need to fetch 'ip/name' in mode == :file here
-      user = log[index + 5]
-      from = log[-1][1..-2]
-      rest(user: user, from: from, model: 'ios', ip: ipaddr,
-           name: getname(ipaddr))
+      opts[:user] = log[index + 5]
+      opts[:from] = log[-1][1..-2]
+      opts
     end
+    alias nxos ios
+    alias eos ios
 
-    def jnpr(ipaddr, log, index)
+    def junos(log, index, **opts)
       # TODO: we need to fetch 'ip/name' in mode == :file here
-      user = log[index + 2][1..-2]
-      msg  = log[(index + 6)..-1].join(' ')[10..-2]
-      msg  = nil if msg == 'none'
-      rest(user: user, msg: msg, model: 'jnpr', ip: ipaddr,
-           name: getname(ipaddr))
+      opts[:user] = log[index + 2][1..-2]
+      opts[:msg] = log[(index + 6)..-1].join(' ')[10..-2]
+      opts.delete(:msg) if opts[:msg] == 'none'
+      opts
+    end
+
+    def aruba(log, index, **opts)
+      opts.merge user: log[index + 2].split('=')[4].split(',')[0][1..-2]
     end
 
     def handle_log(log, ipaddr)
       log = log.to_s.split ' '
-      if (i = log.find_index { |e| e.match(MSG[:ios]) })
-        ios ipaddr, log,  i
-      elsif (i = log.index(MSG[:junos]))
-        jnpr ipaddr, log, i
+      index, vendor = MSG.find do |key, value|
+        index = log.find_index { |e| e.match value }
+        break index, key if index
       end
+      rest send(vendor, log, index, ip: ipaddr, name: getname(ipaddr), model: vendor.to_s) if index
     end
 
     def run(io)
@@ -132,7 +137,7 @@ def getname(ipaddr)
         ipaddr
       else
         name = (Resolv.getname ipaddr.to_s rescue ipaddr)
-        NAME_MAP.each { |re, sub| name.sub! re, sub }
+        Oxidized::CFG.syslogd.dns_map.each { |re, sub| name.sub! Regexp.new(re.to_s), sub }
         name
       end
     end

lib/oxidized/model/aos7.rb

@@ -47,8 +47,8 @@ class AOS7 < Oxidized::Model
   end
 
   cfg :telnet do
-    username /^login : /
-    password /^Password : /
+    username /^([\w -])*login: /
+    password /^Password\s?: /
   end
 
   cfg :telnet, :ssh do

lib/oxidized/model/aosw.rb

@@ -58,6 +58,11 @@ class AOSW < Oxidized::Model
     rstrip_cfg comment cfg
   end
 
+  cmd 'show license passphrase' do |cfg|
+    cfg = "" if cfg.match /(Invalid input detected at '\^' marker|Parse error)/ # Don't show for unsupported devices (IAP and MAS)
+    rstrip_cfg comment cfg
+  end
+
   cmd 'show running-config' do |cfg|
     out = []
     cfg.each_line do |line|

lib/oxidized/model/fortios.rb

@@ -20,15 +20,15 @@ class FortiOS < Oxidized::Model
     # A number of other statements also contains sensitive strings
     cfg.gsub! /(set (?:passwd|password|key|group-password|auth-password-l1|auth-password-l2|rsso|history0|history1)) .+/, '\\1 <configuration removed>'
     cfg.gsub! /(set md5-key [0-9]+) .+/, '\\1 <configuration removed>'
-    cfg.gsub! /(set private-key ).*?-+END (ENCRYPTED|RSA) PRIVATE KEY-*"$/m, '\\1<configuration removed>'
-    cfg.gsub! /(set ca ).*?-+END CERTIFICATE-*"$/m, '\\1<configuration removed>'
-    cfg.gsub! /(set csr ).*?-+END CERTIFICATE REQUEST-*"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set private-key ).*?-+END (ENCRYPTED|RSA|OPENSSH) PRIVATE KEY-+\n?"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set ca ).*?-+END CERTIFICATE-+"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set csr ).*?-+END CERTIFICATE REQUEST-+"$/m, '\\1<configuration removed>'
     cfg.gsub! /(Cluster uptime:).*/, '\\1 <stripped>'
     cfg
   end
 
   cmd 'get system status' do |cfg|
-    @vdom_enabled = cfg.include? 'Virtual domain configuration: enable'
+    @vdom_enabled = cfg.match /Virtual domain configuration: (enable|multiple)/
     cfg.gsub!(/(System time: )(.*)/, '\1<stripped>\3')
     cfg.gsub! /(Virus-DB|Extended DB|IPS-DB|IPS-ETDB|APP-DB|INDUSTRIAL-DB|Botnet DB|IPS Malicious URL Database).*/, '\\1 <db version stripped>'
     comment cfg

lib/oxidized/model/ibos.rb

@@ -0,0 +1,55 @@
+class IBOS < Oxidized::Model
+  # IBOS model, Intelligent Broadband Operating System (iBOS)
+  # Used in Waystream (previously PacketFront) Routers and Switches
+
+  prompt /^([\w.@()-]+[#>]\s?)$/
+  comment  '! '
+
+  cmd :all do |cfg|
+    cfg.each_line.to_a[1..-2].join
+  end
+
+  cmd :secret do |cfg|
+    # snmp-group version 2c
+    #  notify 10.1.1.1 community public trap
+    cfg.gsub! /^ notify (\S+) community (\S+) (.*)/, ' notify \\1 community <hidden> \\3'
+
+    # snmp-group version 2c
+    #  community public read-only view all
+    cfg.gsub! /^ community (\S+) (.*)/, ' community <hidden> \\2'
+
+    # radius server 10.1.1.1 secret public
+    cfg.gsub! /^radius server (\S+) secret (\S+)(.*)/, 'radius server \\1 secret <hidden> \\3'
+  end
+
+  cmd 'show version' do |cfg|
+    cfg.gsub! /.*uptime is.*/, ''
+    comment cfg
+  end
+
+  cmd 'show running-config' do |cfg|
+    cfg = cfg.each_line.to_a[0..-1].join
+    cfg.gsub! /.*!volatile.*/, ''
+    cfg
+  end
+
+  cfg :telnet do
+    username /^username:\s/
+    password /^\r?password:\s/
+  end
+
+  cfg :telnet, :ssh do
+    # preferred way to handle additional passwords
+    post_login do
+      if vars(:enable) == true
+        cmd "enable"
+      elsif vars(:enable)
+        cmd "enable", /^[pP]assword:/
+        cmd vars(:enable)
+      end
+    end
+    post_login 'terminal no pager'
+    post_login 'terminal width 65535'
+    pre_logout 'exit'
+  end
+end

lib/oxidized/model/ironware.rb

@@ -76,7 +76,7 @@ class IronWare < Oxidized::Model
   cfg :telnet, :ssh do
     if vars :enable
       post_login do
-        send "enable\n"
+        send "enable\r\n"
         cmd vars(:enable)
       end
     end

lib/oxidized/model/model.rb

@@ -7,22 +7,32 @@ class Model
 
     class << self
       def inherited(klass)
-        klass.instance_variable_set '@cmd',     (Hash.new { |h, k| h[k] = [] })
-        klass.instance_variable_set '@cfg',     (Hash.new { |h, k| h[k] = [] })
-        klass.instance_variable_set '@procs',   (Hash.new { |h, k| h[k] = [] })
-        klass.instance_variable_set '@expect',  []
-        klass.instance_variable_set '@comment', nil
-        klass.instance_variable_set '@prompt',  nil
+        if klass.superclass == Oxidized::Model
+          klass.instance_variable_set '@cmd',     (Hash.new { |h, k| h[k] = [] })
+          klass.instance_variable_set '@cfg',     (Hash.new { |h, k| h[k] = [] })
+          klass.instance_variable_set '@procs',   (Hash.new { |h, k| h[k] = [] })
+          klass.instance_variable_set '@expect',  []
+          klass.instance_variable_set '@comment', nil
+          klass.instance_variable_set '@prompt',  nil
+        else # we're subclassing some existing model, take its variables
+          instance_variables.each do |var|
+            klass.instance_variable_set var, instance_variable_get(var)
+          end
+        end
       end
 
-      def comment(str = '# ')
-        return @comment if @comment
-
-        @comment = block_given? ? yield : str
+      def comment(str = "# ")
+        @comment = if block_given?
+                     yield
+                   elsif not @comment
+                     str
+                   else
+                     @comment
+                   end
       end
 
       def prompt(regex = nil)
-        @prompt || (@prompt = regex)
+        @prompt = regex || @prompt
       end
 
       def cfg(*methods, **args, &block)

lib/oxidized/version.rb

@@ -1,6 +1,6 @@
 module Oxidized
-  VERSION = '0.26.3'.freeze
-  VERSION_FULL = '0.26.3'.freeze
+  VERSION = '0.27.0'.freeze
+  VERSION_FULL = '0.27.0'.freeze
   def self.version_set
     version_full = %x(git describe --tags).chop rescue ""
     version      = %x(git describe --tags --abbrev=0).chop rescue ""