import reimport sysreload(sys)sys.setdefaultencoding('utf-8')rx_storm

1. import re
2. import sys
3. reload(sys)
4. sys.setdefaultencoding('utf-8')
5.  
6. rx_storm = re.compile(
7. r"^config traffic control_trap none\nconfig traffic control 1-26 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5\n",
8. re.MULTILINE)
9.  
10. rx_loop = re.compile(
11. r"^enable loopdetect\nconfig loopdetect recover_timer 60\nconfig loopdetect interval 10\nconfig loopdetect mode port-based\nconfig loopdetect trap none\nconfig loopdetect ports 1-24 state enabled\nconfig loopdetect ports 25-26 state disabled\n",
12. re.MULTILINE)
13.  
14. rx_syslog = re.compile(
15. r"^enable syslog\ncreate syslog host 1 ipaddress 192.168.200.17 severity all facility local0 udp_port 514 state enable \nconfig log_save_timing on_demand\n",
16. re.MULTILINE)
17.  
18. rx_vlan = re.compile(
19. r"^disable asymmetric_vlan\nenable pvid auto_assign\nconfig vlan default delete 1-26\n",
20. re.MULTILINE)
21.  
22. rx_stp = re.compile(
23. r"^config stp version rstp\nconfig stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 6 fbpdu enable hellotime 2\nconfig stp priority \d+ instance_id 0 \nconfig stp mst_config_id name \S+ revision_level 0\nconfig stp ports 1-24 externalCost auto edge true p2p auto state disable\nconfig stp mst_ports 1-26 instance_id 0 internalCost auto priority 128\nconfig stp ports 1-26 fbpdu enable\nconfig stp ports 1-24 restricted_role true\nconfig stp ports 1-24 restricted_tcn true\nconfig stp ports 25-26 externalCost auto edge auto p2p auto state enable\nconfig stp ports 25-26 restricted_role false\nconfig stp ports 25-26 restricted_tcn false\nenable stp\n",
24. re.MULTILINE)
25.  
26. rx_fbd = re.compile(r"^config fdb aging_time 300\n", re.MULTILINE)
27.  
28. rx_acl = re.compile(
29. r"^config access_profile profile_id 2 add access_id auto_assign ip destination_ip 172.16.0.5 port 1-24 permit\n",
30. re.MULTILINE)
31.  
32. rx_ntp = re.compile(
33. r"^enable sntp\nconfig time_zone operator + hour 9 min 0\nconfig sntp primary 172.16.0.3 secondary 0.0.0.0 poll-interval 720\nconfig dst disable\n",
34. re.MULTILINE)
35.  
36. rx_ddos = re.compile(
37. r"^disable dos_prevention trap_log \nconfig dos_prevention dos_type land_attack action drop state enable \nconfig dos_prevention dos_type blat_attack action drop state enable \nconfig dos_prevention dos_type smurf_attack action drop state enable \nconfig dos_prevention dos_type tcp_null_scan action drop state enable \nconfig dos_prevention dos_type tcp_xmascan action drop state enable \nconfig dos_prevention dos_type tcp_synfin action drop state enable \nconfig dos_prevention dos_type tcp_syn_srcport_less_1024 action drop state disable\n",
38. re.MULTILINE)
39.  
40. rx_IP = re.compile(
41. r"^enable telnet 23\nenable web 80\ndisable autoconfig\n",
42. re.MULTILINE)
43.  
44. rx_lldp = re.compile(
45. r"^enable lldp\nconfig lldp message_tx_interval 60\nconfig lldp tx_delay 5\nconfig lldp message_tx_hold_multiplier 5\nconfig lldp reinit_delay 3\nconfig lldp notification_interval 10\nconfig lldp ports 1-24 notification disable\nconfig lldp ports 1-24 admin_status disable\nconfig lldp ports 25-26 notification enable\nconfig lldp ports 25-26 admin_status tx_and_rx\n",
46. re.MULTILINE)
47.  
48. rx_arp = re.compile(r"^config arp_aging time 20\n", re.MULTILINE)
49.  
50. rx_dhcp_local_relay = re.compile(
51. r"^enable dhcp_local_relay\nconfig dhcp_local_relay option_82 circuit_id default\nconfig dhcp_local_relay option_82 remote_id default\nconfig dhcp_local_relay vlan vlanid 1064 state enable \nconfig dhcp_local_relay option_82 ports 1-24 policy replace\nconfig dhcp_local_relay option_82 ports 25-26 policy keep\n",
52. re.MULTILINE)
53.  
54. rx_route = re.compile(
55. r"^create iproute default \S+ 1\n",
56. re.MULTILINE)
57.  
58.  
59. @pyrule
60. def rule(managed_object, config):
61. from noc.main.models import SystemNotification
62. """
63. DES-3200-26 Validation PyRule
64. """
65. s = 'While parsing config of device %s with IP %s we have found some errors:' % (managed_object.name, managed_object.address)
66. r = [s]
67.  
68. match = rx_storm.search(config)
69. if not match:
70. r += ["Storm is missconfiguring!"]
71.  
72. match = rx_loop.search(config)
73. if not match:
74. r += ["Loop is missconfiguring!"]
75.  
76. match = rx_syslog.search(config)
77. if not match:
78. r += ["Syslog is missconfiguring!"]
79.  
80. match = rx_vlan.search(config)
81. if not match:
82. r += ["VLAN is missconfiguring!"]
83.  
84. match = rx_stp.search(config)
85. if not match:
86. r += ["STP is missconfiguring!"]
87.  
88. match = rx_fbd.search(config)
89. if not match:
90. r += ["FBD is missconfiguring!"]
91.  
92. match = rx_acl.search(config)
93. if not match:
94. r += ["ACL is missconfiguring!"]
95.  
96. match = rx_ntp.search(config)
97. if not match:
98. r += ["NTP is missconfiguring!"]
99.  
100. match = rx_ddos.search(config)
101. if not match:
102. r += ["DDoS is missconfiguring!"]
103.  
104. match = rx_IP.search(config)
105. if not match:
106. r += ["IP is missconfiguring!"]
107.  
108. match = rx_lldp.search(config)
109. if not match:
110. r += ["LLDP is missconfiguring!"]
111.  
112. match = rx_arp.search(config)
113. if not match:
114. r += ["ARP is missconfiguring!"]
115.  
116. match = rx_dhcp_local_relay.search(config)
117. if not match:
118. r += ["DHCP local relay is missconfiguring!"]
119.  
120. if len(r) > 1:
121. SystemNotification.notify(name="DES-3200-26.Config.Validation",
122. subject="%s - DES-3200-26.Config.Validation " % managed_object.name, body="\n".join(r))
123. return r