Netios

Synopsis

Netios is a little tool aimed to help network administrators to administrate a large number of Cisco network devices.
Providing it with a list of equipments, it connects within SSH to remotly apply IOS commands.

It can automatically :

  • retrieve and export in a CSV file the list of local users
  • update the local user, the enable password
  • change NTP settings
  • execute a file of customed IOS commands
  • retrieve configuration files

It can read the targets from the command line or from a text file.

It makes use of multiprocessing so it can make the job quite quickly.

% netios 10.10.10.100
[12715:29137]    Current credentials to use:
 Username: phocean
 SSH password:
 Enable password:
[12715:29137]    Updated SSH password
 Type in:
 Confirm:
[12715:29137]    Updated Enable password
 Type in:
 Confirm:
[12715:29137]    10.10.10.100    Starting process
[29137:29141]    10.10.10.100    Changing passwords
[12715:29137]    ### All hosts parsed. Good Bye !

Pre-requisites

  • A *nix box with OpenSSH client
  • A Python compiler <= 2.6 with basic modules
  • Other Python modules : pexpect, datetime, getpass, multiprocessing

It has been tested so far on Linux (openSUSE 11.1 & 11.2, Debian 4.0) .

Feedbacks on other platforms (Unix, *BSD, MacOS and maybe Windows/Cygwin) are welcomed.

Licensing

It is free and released as GNU GPL version 2.

Feel free to use or modify it as long as you respect the term of this license : refer to the COPYING file or to the GNU website for more information.

Beyond licensing considerations, feedbacks or open talks are warmly welcomed !

Caution

Still ALPHA release quality software !

It is still in its early stage of development, so use it accordingly.

There is no warranty that it will work in your environment, so test it carefuly before using it in production.
I decline any responsability in the use of this tool.

Especially, some functionalities may be marked as [EXPERIMENTAL] : it means that they are not finished or haven’t been tested enough. Avoid using them but for testing.

Set up

$ tar xvfz netios-{release}.tar.gz
$ cd netios-{release}
$ sudo python setup.py install

How to use

General use

Netios needs a list of SSH hosts to work on. It can be provided within the command line or from a simple text file (1 line = 1 host).
A host can be either an IP address or a FQDN.

netios [options] host1 host2 ... hostn

Or :

netios [options] -f FILE

Without any further option, Netios will default to changing password mode and start an interactive session.
For security reasons and to prevent any formating troubles, Netios works only interactively.

Options and parameters:

--version
show program's version number and exit
-h, --help
show this help message and exit
-v, --verbose
Print verbose output.
-d, --debug
Debug mode : verbose and extra logs.

Logs are saved into a log folder, created in the working directory. They contain a complete dump of the SSH dialog, showing IOS commands, so debugging an issue is pretty easy.

CAUTION: Log files may show in CLEAR the SSH and IOS PASSWORDS, so use it carefully only when necessary and don’t forget to clear up the files after use.

-f FILE, --file=FILE
Remote hosts file.
The file must be a simple text file with every line matching a host (IP or FQDN).
-x PROC, --proc=PROC
Number of simultaneous processes. By default, it is determine according to the hardware (1 core = 1 process).
-t TIMEOUT, --timeout=PROC
Connection timeout as an integer in seconds. Default value is 3 (= 3 seconds). Increase this value if your network is slow. Lower values are not recommanded and will certainly fail in a WAN environment.

Modes

Changing password (default)

The default behavior of Netios is to parse each host given as a parameter and spawn a new process aimed to change the local passwords.
Note that the tool is aimed to keep only one working local account, so all other accounts will be deleted during th process.
We consider that during normal operations, one should have a working AAA server (Tacacs+ or Radius) and that a local account must be used only in case of emergency.

1)    It asks for an account to connect to all the provided hosts. This account must have the administrative rights to update the IOS accounts.
It is strongly recommended to use a TACACS or RADIUS account to update local accounts, so that you keep control whatever happens. Though, it can work flawlessly with a local account.

2)    It connects to the host and update the account.

3)    It looks for other local accounts and erease all of them, except the one we just update.

Options:

--no-check No proof check will be processed with this option. It will speed up the process, when you have enough trust with the Netios process.

Examples:

$ netios 192.168.1.1 10.1.1.1 172.16.1.1
$ netios ./hostfile.txt
$ netios -a --tac 192.168.1.1

Command file

The script will read a file containing your custom IOS commands. It will execute the sequence in ‘configure terminal’ mode.

CAUTION: Beware of the syntax and the order of the commands, they won’t be checked by the tool !

Parameters:

-i FILE, --in=FILE
Read a command file. In this file, you can write any IOS command. The script will send them in configure terminal mode.

Examples:

$ netios 192.168.1.1 -i ./commands.txt

Retrieving an user list

Netios output the list of local account registered in the router.
The list is also recorded in an folder of the working directory, named “out”. The file is in CSV format.

It is recommended to use this mode as a test previously to changing password. It will give you a good idea of the connectivity, unavalaible hosts, etc.

Parameters:

-u, --showuser
Show user mode

Examples:

$ netios -u 192.168.1.1 10.1.1.1 172.16.1.1
$ netios -u ./hostfile.txt

Showing running configuration

Netios will retrieve the running configuration of the router and save it into the “out” folder of the working directory.

Parameters:

-s, --shrun
Show running config mode

Examples:

$ netios -s 192.168.1.1 10.1.1.1 172.16.1.1
$ netios -s ./hostfile.txt

Changing NTP server

Netios updates the ntp servers set in the router. Each NTP server must be given within the command line with -n. It can be an IP address or a FQDN.

Parameters:

-n NTP, --ntp=NTP
Change ntp servers

Examples:

$ netios -n 192.168.254.254 -n  ntp.myserver.com 192.168.1.1 10.1.1.1 172.16.1.1
$ netios -n 192.168.254.254 -n  ntp.myserver.com ./hostfile.txt

That’s all folks ! Hopefully more features are coming !

Report a bug

If you find a bug (I bet you will), please don’t forget to report it to me.
For that, just send me a piece of e-mail describing what you were doing with a copy of your terminal output.

Credits

Most of the credits go to the Pexpect developper and the Python language, thanks to them it so easy  and fun to make such a tool.

Download

netios-0.76.tar.gz (2010/07/13)

Older releases

netios-0.75.tar.gz (2010/04/24)
netios-0.74.tar.gz (2010/04/08)
netios-0.73.tar.gz (2010/02/10)
netios-0.72.tar.gz (2010/01/15)
netios-0.71.tar.gz (2009/12/20)
netios-0.60.tar.gz (2009/11/07 – no multiprocessing, does not require python 2.6)