search

jamiecaesar / securecrt-tools

SecureCRT scripts, written in Python, for doing various tasks when connected to Cisco equipment.
Apache License 2.0
252 stars 77 forks source link

Modifications to WriteOutput function #17

Closed methridge closed 8 years ago

methridge commented 8 years ago

Greetings: I've been working on another script that is used in the decommissioning process. It clears AAA and creates a local username / password. The idea is to have a single log file rather than one per command.
Based on this I had a couple of questions about the WriteOutput function.

  1. Would changing file open mode from 'wb' to 'ab' so we can append data to a single file cause any major issues in other scripts?
  2. Prompt changes. As the prompt changes when in config mode, is there an easy way to account for this in the function? Or do we need to pass in all possible prompt variations as a variable to the function? Maybe with a default list?

--ME

jamiecaesar commented 8 years ago
  1. I think it might be possible for this to affect other scripts, but I'd have to review them all to be sure. I'd say either modify WriteOutput to use an additional default parameter -- something like append=false. That way, the existing calls would behave the same, but if you passed append=true, it could open as 'ab' instead. Or make an AppendOutput function that opens it, although that would lead to 2 very similar functions, so I think I like the first option better.
  2. Are you talking only about the WriteOutput function with regards to the prompt? Would there be a need to write the output of a config command (which generally should have nothing) to a file? Or are you referring to something else? I haven't really built in anything to reliably push commands (and possibly check for the proper config sub-level, etc). We'd probably need a different function to push config commands, because we'd expect no output (except the prompt) if the command is successful.
methridge commented 8 years ago
  1. I like the write mode parameter idea as well. And wouldn't impact any of the existing scripts.
  2. I was thinking about the WriteOutput function, but we could do a LogOutput one for doing configuration changes. As you say, there is no output to really check. You could get invalid commands, but I'd think that would be up to the user to make sure the config changes are correct. Even with this the big issue is matching the prompt as there are so many possibilities, e.g (config), (config-router), (config-if), (config-line) just to name a few. If we could do a regex match that might work.
methridge commented 8 years ago

For sending configuration commands to the active session, my thought is to just assume the user knows what commands they need to send, therefor just send it check for the echo back and be done.

def SendConfigCommand(session, command):
    #This function sends configuration commands to the session
    tab = session['tab']

    # Send command
    tab.Send(command + "\n")

    # Ignore the echo of the command we typed (including linefeed)
    tab.WaitForString(command.strip())

With this in mind, I'm using another function to write a few lines to the "log file" we've been appending to in this script.

def WriteLogLine(command, filename):
    now = GetDateString(settings['date_format'])
    textToAdd = "\n/********************************************/\n\*\n\* " + \
                now + "\n\* " + command.strip() + \
                "\n\*\n/********************************************/\n\n"
    f = file(filename, 'ab')
    f.write(textToAdd)
    f.close()

Not sure if you want to include both of these into the ciscolib.py. Or just keep them in the script.

I'm attaching the script that these have been used in so you can see what I'm working with. ClearAAA.txt

jamiecaesar commented 8 years ago

Sorry for the delay - just now catching up with work and everything else, but hopefully I'll find time to take a look at this soon.

I'm also trying to weigh in my mind if we just have "SendConfigCommand" as a function that sends the command without capturing output, or if we might want to have the function account for multiple commands that are encapsulated by a "conf t" and "end". For example, it could accept a list of commands -- it would then send the "config t" before sending each command in the list individually, and finally sending the "end". It would be easy enough to check if the input was a string or a list, and if a string, just send the one command.

The downside is that if this was ever used in a loop, it would be messy going in and out of config mode all the time.

methridge commented 8 years ago

No worries. I've been working on another script to load a base config from a file. Marking which lines fail. So, I have something that mostly works. Again there are issues. For example, the banner command doesn't echo back the same. So something might have to be done to not check for the command echo. ConfigLoad.txt

methridge commented 8 years ago

Completed working Config_Load script. We can adjust later and pull out some functions as desired.