Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import re
- import sys
- reload(sys)
- sys.setdefaultencoding('utf-8')
- rx_storm = re.compile(
- r"^config traffic control_trap none\nconfig traffic control 1-26 broadcast disable multicast disable unicast disable action drop threshold 64 countdown 0 time_interval 5\n",
- re.MULTILINE)
- rx_loop = re.compile(
- r"^enable loopdetect\nconfig loopdetect recover_timer 60\nconfig loopdetect interval 10\nconfig loopdetect mode port-based\nconfig loopdetect trap none\nconfig loopdetect ports 1-24 state enabled\nconfig loopdetect ports 25-26 state disabled\n",
- re.MULTILINE)
- rx_syslog = re.compile(
- r"^enable syslog\ncreate syslog host 1 ipaddress 192.168.200.17 severity all facility local0 udp_port 514 state enable \nconfig log_save_timing on_demand\n",
- re.MULTILINE)
- rx_vlan = re.compile(
- r"^disable asymmetric_vlan\nenable pvid auto_assign\nconfig vlan default delete 1-26\n",
- re.MULTILINE)
- rx_stp = re.compile(
- r"^config stp version rstp\nconfig stp maxage 20 maxhops 20 forwarddelay 15 txholdcount 6 fbpdu enable hellotime 2\nconfig stp priority \d+ instance_id 0 \nconfig stp mst_config_id name \S+ revision_level 0\nconfig stp ports 1-24 externalCost auto edge true p2p auto state disable\nconfig stp mst_ports 1-26 instance_id 0 internalCost auto priority 128\nconfig stp ports 1-26 fbpdu enable\nconfig stp ports 1-24 restricted_role true\nconfig stp ports 1-24 restricted_tcn true\nconfig stp ports 25-26 externalCost auto edge auto p2p auto state enable\nconfig stp ports 25-26 restricted_role false\nconfig stp ports 25-26 restricted_tcn false\nenable stp\n",
- re.MULTILINE)
- rx_fbd = re.compile(r"^config fdb aging_time 300\n", re.MULTILINE)
- rx_acl = re.compile(
- r"^config access_profile profile_id 2 add access_id auto_assign ip destination_ip 172.16.0.5 port 1-24 permit\n",
- re.MULTILINE)
- rx_ntp = re.compile(
- r"^enable sntp\nconfig time_zone operator + hour 9 min 0\nconfig sntp primary 172.16.0.3 secondary 0.0.0.0 poll-interval 720\nconfig dst disable\n",
- re.MULTILINE)
- rx_ddos = re.compile(
- r"^disable dos_prevention trap_log \nconfig dos_prevention dos_type land_attack action drop state enable \nconfig dos_prevention dos_type blat_attack action drop state enable \nconfig dos_prevention dos_type smurf_attack action drop state enable \nconfig dos_prevention dos_type tcp_null_scan action drop state enable \nconfig dos_prevention dos_type tcp_xmascan action drop state enable \nconfig dos_prevention dos_type tcp_synfin action drop state enable \nconfig dos_prevention dos_type tcp_syn_srcport_less_1024 action drop state disable\n",
- re.MULTILINE)
- rx_IP = re.compile(
- r"^enable telnet 23\nenable web 80\ndisable autoconfig\n",
- re.MULTILINE)
- rx_lldp = re.compile(
- r"^enable lldp\nconfig lldp message_tx_interval 60\nconfig lldp tx_delay 5\nconfig lldp message_tx_hold_multiplier 5\nconfig lldp reinit_delay 3\nconfig lldp notification_interval 10\nconfig lldp ports 1-24 notification disable\nconfig lldp ports 1-24 admin_status disable\nconfig lldp ports 25-26 notification enable\nconfig lldp ports 25-26 admin_status tx_and_rx\n",
- re.MULTILINE)
- rx_arp = re.compile(r"^config arp_aging time 20\n", re.MULTILINE)
- rx_dhcp_local_relay = re.compile(
- r"^enable dhcp_local_relay\nconfig dhcp_local_relay option_82 circuit_id default\nconfig dhcp_local_relay option_82 remote_id default\nconfig dhcp_local_relay vlan vlanid 1064 state enable \nconfig dhcp_local_relay option_82 ports 1-24 policy replace\nconfig dhcp_local_relay option_82 ports 25-26 policy keep\n",
- re.MULTILINE)
- rx_route = re.compile(
- r"^create iproute default \S+ 1\n",
- re.MULTILINE)
- @pyrule
- def rule(managed_object, config):
- from noc.main.models import SystemNotification
- """
- DES-3200-26 Validation PyRule
- """
- s = 'While parsing config of device %s with IP %s we have found some errors:' % (managed_object.name, managed_object.address)
- r = [s]
- match = rx_storm.search(config)
- if not match:
- r += ["Storm is missconfiguring!"]
- match = rx_loop.search(config)
- if not match:
- r += ["Loop is missconfiguring!"]
- match = rx_syslog.search(config)
- if not match:
- r += ["Syslog is missconfiguring!"]
- match = rx_vlan.search(config)
- if not match:
- r += ["VLAN is missconfiguring!"]
- match = rx_stp.search(config)
- if not match:
- r += ["STP is missconfiguring!"]
- match = rx_fbd.search(config)
- if not match:
- r += ["FBD is missconfiguring!"]
- match = rx_acl.search(config)
- if not match:
- r += ["ACL is missconfiguring!"]
- match = rx_ntp.search(config)
- if not match:
- r += ["NTP is missconfiguring!"]
- match = rx_ddos.search(config)
- if not match:
- r += ["DDoS is missconfiguring!"]
- match = rx_IP.search(config)
- if not match:
- r += ["IP is missconfiguring!"]
- match = rx_lldp.search(config)
- if not match:
- r += ["LLDP is missconfiguring!"]
- match = rx_arp.search(config)
- if not match:
- r += ["ARP is missconfiguring!"]
- match = rx_dhcp_local_relay.search(config)
- if not match:
- r += ["DHCP local relay is missconfiguring!"]
- if len(r) > 1:
- SystemNotification.notify(name="DES-3200-26.Config.Validation",
- subject="%s - DES-3200-26.Config.Validation " % managed_object.name, body="\n".join(r))
- return r
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement