Configuration Remediation

[GoogleCodeExporter]

I would like to see a tool that can be used to automatically fix violations in 
a running-configuration file. The tool would use rules to identify violations 
(i.e. changes to ACLs), a change script to fix the violation, tags to identify 
the devices to apply the rule to, and command runner to run the change script.

Original issue reported on code.google.com by counts.a...@gmail.com on 3 Jan 2011 at 8:10

[GoogleCodeExporter]

The first step here would be a policy engine to define and detect violations.

Original comment by aure...@xerela.com on 26 Apr 2011 at 5:04

• Changed state: Accepted
• Added labels: Type-Enhancement

[GoogleCodeExporter]

attached you will find a data flow for checking for policy violations. I have 
done this before using a CRON job that runs once a day. Since I have not 
figured out how to properly code this, I have the CRON job doing a show run 
command on Cisco devices and copy the output to a file. The next process is 
that it runs checks the newly created files for each line of the configuration 
that I want or do not want modified, if it finds something that is not expected 
it runs a script to change that portion of the configuration on the device.

Original comment by aaron_co...@reyrey.com on 18 Oct 2011 at 2:29

Attachments:

• [AR process.pdf](https://storage.googleapis.com/google-code-attachments/xerela/issue-6/comment-2/AR process.pdf)