API tools faq
paste
Advertisement
Guest User

admin_, Huawei.S23.config.validation.py

a guest
Apr 3rd, 2014
102
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.48 KB | None | 0 0
raw download clone embed print report
  1. import re
  2. import sys
  3.  
  4. reload(sys)
  5. sys.setdefaultencoding('utf-8')
  6.  
  7. rx_iface=re.compile(r"^(interface GigabitEthernet0\S+\n(?:[ ]+\S+[^\n]*\n)*#\n)", re.DOTALL|re.MULTILINE|re.IGNORECASE)
  8. rx_ifname=re.compile(r"^interface (\S+)",re.MULTILINE)
  9. rx_ftpserver=re.compile(r"^\sFTP server \S+\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # FTP server enable
  10. rx_stp=re.compile(r"^\sstp \S+\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # stp enable
  11. rx_bpdu=re.compile(r"^\sbpdu \S+\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # bpdu enable
  12. rx_acl=re.compile(r"^acl number 1\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # acl number 1
  13. rx_aaa=re.compile(r"^aaa\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # aaa
  14. rx_ntp=re.compile(r"^\sntp-service \S+ \S+\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # ntp-service unicast-server 192.168.1.1
  15. rx_vty=re.compile(r"^user-interface \S+ \S+\n(?:[ ]*\S+[^\n]*\n)*#\n",re.MULTILINE) # user-interface con 0
  16. rx_snmp=re.compile(r"^\ssnmp-agent \S+ \S+\n(?:[ ]+\S+[^\n]*\n)*#\n",re.MULTILINE) # snmp agent
  17.  
  18. @pyrule
  19. def rule(managed_object, config):
  20. from noc.main.models import SystemNotification
  21. """
  22. S23 Validation PyRule
  23. """
  24. s='Пример написания строк по-русски :) '.decode('utf-8')
  25. s='While parsing config %s swicth we have found some errors:' % managed_object.name
  26.  
  27. r=[s]
  28. for i in rx_iface.findall(config):
  29. if (not "shutdown" in i) and not ("description" in i):
  30. name=rx_ifname.search(i).group(1)
  31. s="Description on interface %s is empty" % name
  32. r+=[s]
  33.  
  34. # FTP section
  35. try:
  36. ftpserver_al=rx_ftpserver.search(config).group(0)
  37. if not 'FTP server enable' in ftpserver_al:
  38. r+=["ftp server command should looks like 'FTP server enable'"]
  39. if not 'FTP acl 1' in ftpserver_al:
  40. r+=["ftp acl command should looks like 'FTP acl 1'"]
  41. except:
  42. r+=["please add FTP server section"]
  43.  
  44. #STP section
  45. try:
  46. stp_al=rx_stp.search(config).group(0)
  47. if not 'stp enable' in stp_al:
  48. r+=["stp command should looks like 'stp enable'"]
  49. except:
  50. r+=["You should specify 'stp enable' command"]
  51.  
  52. #bpdu section
  53. try:
  54. bpdu_al=rx_bpdu.search(config).group(0)
  55. if not 'bpdu enable' in bpdu_al:
  56. r+=["bpdu command should looks like 'bpdu enable'"]
  57. except:
  58. r+=["You should specify 'bpdu enable' command"]
  59.  
  60. #aaa
  61. try:
  62. aaa_al=rx_aaa.search(config).group(0)
  63. if not 'undo local-user admin' in aaa_al:
  64. r+=["You should disable default user admin"]
  65. except:
  66. r+=["looks like there're regexp error in aaa section"]
  67.  
  68. #acl number 2000
  69. try:
  70. acl_al=rx_acl.search(config).group(0)
  71. if not 'rule 10 permit source 192.168.1.0 0.0.7.255' in acl_al:
  72. r+=["rule 10 command should looks like 'rule 10 permit source 192.168.1.0 0.0.7.255'"]
  73. if not 'rule 999 deny' in acl_al:
  74. r+=["rule 999 command should looks like 'rule 999 deny'"]
  75. except:
  76. r+=["You should specify 'acl number 1' command"]
  77.  
  78. #ntp-service
  79. try:
  80. ntp_al=rx_ntp.search(config).group(0)
  81. if not 'ntp-service unicast-server 192.168.1.1' in ntp_al:
  82. r+=["ntp-service command should looks like 'ntp-service unicast-server 192.168.1.1'"]
  83. except:
  84. r+=["You should specify 'ntp-service' command"]
  85.  
  86. #vty-service
  87. try:
  88. vty_al=rx_vty.search(config).group(0)
  89. if not 'acl 2000 inbound' in vty_al:
  90. r+=["you should specify 'acl 1 inbound' command"]
  91. except:
  92. r+=["looks like there're regexp error in vty-service section"]
  93.  
  94. #snmp-agent
  95. try:
  96. snmp_al=rx_snmp.search(config).group(0)
  97. if not 'snmp-agent community read tlk-read acl 1' in snmp_al:
  98. r+=["you should specify 'snmp-agent community read tlk-read acl 1' command"]
  99. if not 'snmp-agent target-host trap address udp-domain 192.168.1.1 params securityname tlk-read v2c' in snmp_al:
  100. r+=["you should specify 'snmp-agent target-host trap address udp-domain 192.168.1.1 params securityname tlk-read v2c' command"]
  101. except:
  102. r+=["you should specify snmp-agent section"]
  103.  
  104. if len(r) > 1:
  105. SystemNotification.notify(name="S23.Config.Validation",
  106. subject="%s - S23.Config.Validation " % managed_object.name, body="\n".join(r))
  107. return r
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!