Resources
The
IT world is full of surprises.
That’s why we have assembled a
set of reference material and
some simple tools to help make it
through a crisis or perhaps provide
a stunning result to a stern
demand.
Our resource page is always
growing
and currently divided into the following areas.
Everyone needs a MacGyver kit so feel
free to review the resources listed below. Also, check
the site occasionally, as we face different challenges,
we’ll be sure to write and build additional
tools to make things just a bit easier.
IPv6
IPv6-DNS-0-04.pl
- This is an early revision of a PERL script to generate the DNS zone files neccessary for a simple
implementation of BIND. This early version takes an IPv6 hosts file and parses it into the necessary
files for a DNS implementation. Thus eliminating the painstaking task, and likely human error in
creating the IPv6 zone files. As this is an early revision, we are limited to IPv6 only and a single
zone. However, as we add features, we'll be sure to post an update.
SIP
Calc - This is an IPv6 address calculator produced
by the folks at routemeister.net. Remember IPv6 is
128bits and written in Hexadecimal, so even the best
of us will need a calculator from time to time.
IPal
- This is a commercial address management tool that
is produced by Internet Associates. It is a very robust
tool that brings carrier class capability to enterprise
Address allocation.
FreeIPdb - This is a freeware application
that will keep track of your IPv4 and IPv6 allocations.
It is based on Perl, Postgres, and Apache.
Big
Numbers – As the Allocation of IPv6 creates
some numbers that are larger than we have seen; this
chart that was assembled by Russ Rowlett may be of
use. For instance, what comes after septillion?
Security
We have assembled Security conventions/guidelines
for many of the platforms that we regularly install.
The documents below are provided as a framework to
a security policy.
Given the nature of security, these
documents are merely a beginning and certainly not
a panacea to the security needs of ANY enterprise.
IOS
Security Configuration v0.92
CatOS
Security Configuration 0.86
Solaris
Security Configuration 0.87
HP
Openview Security Configuration 0.72
General
Security Practices
Tacacs+
tacacs+ is the software/application
that allows an Enterprise to assign unique user ID’s
and passwords to Engineers and technicians that maintain
a Cisco based network. tacacs+ implements Cisco’s
AAA standard. AAA stands for Authentication, Authorization,
and Accounting.
There are commercial applications
of tacacs+, however, for smaller companies that do
not have the necessary budget, there are a number
of free tacacs+ toolkits. Cisco produces one of these
kits. The snipet of code below may be useful for a
small to medium enterprise that uses the freeware
tacacs+ from Cisco. If you happen to be using the
Cisco freeware v2.1 this may help.
HTC-tac_plus.c
HTC-tacs_plus.h
Scripting
Sometimes it is necessary to automate
certain tasks. In many cases, scripting the action
can easily conquer repetition. This can be done at
a variety of levels from the Korn Shell to a more
advanced interpreted language or even a compiled language
such as c.
Most of the tasks that Network and
systems administrators face on a daily basis involve
problems that need to be addressed quickly. This generally
forces us to use an interpreted language or shell
such as the Korn Shell, Perl or Expect.
We have assembled some of the tools
that we use on a daily basis. Some are written in
Perl, Expect, and other languages of choice for that
particular task.
Perl
iosSanitize2.pl
Reads Cisco IOS configuration files and removes information
such as passwords, community strings, local user information,
& BGP neighbor authentication.
CatSanitize2.pl
Reads Cisco Catalyst configuration files and removes
information such as passwords, community strings,
& local user information.
event.pl
Generates a syslog event within a perl script. This
can be modified for a variety of purposes.
Expect
iosArchiveV2a.exp
Automates the archival of Cisco IOS configuration
files. Supplied with a tacacs+ ID or the cisco legacy
password information the script will telnet to the
specified list of routers, capture the running configuration,
and write the configuration to a file.
CatalystArchiveV2.exp
Automates the archival of Cisco Catalyst configuration
files. Supplied with a tacacs+ ID or the cisco legacy
password information the script will telnet to the
specified list of routers, capture the running configuration,
and write the configuration to a file.
PIXArchiveV2.exp
Automates the archival of Cisco PIX configuration
files. Supplied with a tacacs+ ID or the cisco legacy
password information the script will telnet to the
specified list of routers, capture the running configuration,
and write the configuration to a file.
iosConfigV2.exp
Automates the deployment of global commands to cisco
IOS devices. Supplied with a tacacs+ ID or the cisco
legacy password information the script will telnet
to the specified list of routers, apply the specifies
changes and exit gracefully.
TCP/IP
Even
if you work with VLSM EVERY day, it never hurts to
have a good TCP/IP calculator. Krischan Jodies wrote
the best one we have seen so far. It is available
at http://jodies.de/ipcalc.
Miscellaneous
newSyslog.HTC
This is an extension to Sun’s newsyslog
script file. We have extended the functionality to
start a new syslog and messages file on a daily basis.
Newsyslog.HTC.conf
Configuration file for newSyslog.HTC
