Scripts

:: Lucent Stinger DSLAM Scripts ::
The following script will load/save a config to/from a Stinger using snmpset’s

#!/bin/sh
#restore config
#The host to restore
IP="[Stinger IP to Restore]"
#The write community string
community="[write string]"
snmpset -v 1 -c $community $IP .1.3.6.1.4.1.529.9.5.3.0 a [tftp server]
snmpset -v 1 -c $community $IP .1.3.6.1.4.1.529.9.5.4.0 s [filename]
snmpset -v 1 -c $community $IP .1.3.6.1.4.1.529.9.5.1.0 i 2
exit 0

To save the running configuration to a tftp server change the last snmpset INTEGER value to ‘1’.

Using the above as an example, you can backup multiple Stingers by using the script below, just change the snmpsets 🙂

:: Cisco Config Copy using TFTP ::
This script will read the ‘hosts.txt’ file and on a per line basis set the ccConfigCopy variables necessary to save router/switch configs to a tftp server.

Once the tftp transaction is complete the script will clear the ccConfigCopy variables with an INTEGER 6 (destroy).

Changelog: v0.2 This script has been changed to ask for the system.sysDescr.0 to show the IOS version and to pipe output to a log file /var/log/ccopy..txt because versions of IOS lower than 12.3(11)T8 on the 12.3 branch of code do not seem to support ccConfigCopy.
Changelog: v0.2.1 Created a new script for backing up Pix and 2600/2800 routers as these now use a slightly different SNMP set order.

#!/bin/sh
RW="[read/write string]"
TFTP="[tftpserver IP]"
LOG="/var/log/ccopy.$(date +%R-+%F).txt"
cat hosts.txt | while read H
do
echo $H
snmpget -c $RW -v 1 $H system.sysDescr.0
snmpset -c $RW -v 1 $H .1.3.6.1.4.1.9.9.96.1.1.1.1.3.135 i 4 .1.3.6.1.4.1.9.9.96.1.1.1.1.4.135 i 1 .1.3.6.1.4.1.9.9.96.1.1.1.1.5.135 a $TFTP .1.3.6.1.4.1.9.9.96.1.1.1.1.6.13 5 s $H.$(date +%R-+%F).txt
snmpset -c $RW -v 1 $H .1.3.6.1.4.1.9.9.96.1.1.1.1.14.135 i 1
sleep 10
snmpset -c $RW -v 1 $H .1.3.6.1.4.1.9.9.96.1.1.1.1.14.135 i 6
done &>$LOG

The above script works on 873’s and Aironet AP’s but it doesn’t work on Pix or 2600/2800 Routers. Cisco have now posted a nice pdf file which details how to use SNMP to backup such devices. As a consequence of this, here’s another script which will allow you to do so.

#!/bin/sh
RW="[read/write string]"
TFTP="[tftp server IP]"
LOG="/var/log/ccopy_ipp.$(date +%R-+%F).txt"
cat hosts.txt | while read H
do
echo $H
snmpget -c $RW -v 1 $H system.sysDescr.0
snmpset -c $RW -v 1 $H .1.3.6.1.4.1.9.9.96.1.1.1.1.2.136 i 1 .1.3.6.1.4.1.9.9.96.1.1.1.1.3.136 i 4 .1.3.6.1.4.1.9.9.96.1.1.1.1.4.136 i 1 .1.3.6.1.4.1.9.9.96.1.1.1.1.5.136 a $TFTP .1.3.6.1.4.1.9.9.96.1.1.1.1.6.136 s $H.$(date +%R-+%F).txt .1.3.6.1.4.1.9.9.96.1.1.1.1.14.136 i 4
sleep 10
snmpset -c $RW -v 1 $H .1.3.6.1.4.1.9.9.96.1.1.1.1.14.136 i 6
done

:: Proxy Pac Files ::
Proxy PAC files can be used to configure a browser to use a proxy server. Here’s an example.

function FindProxyForURL( url, host) {
if ( dnsDomainIs( host, "*.unimatrixzero.co.uk") )
// Use direct access to our own servers
if (isInNet(myIpAddress(), "192.168.1.0", "255.255.255.0"))
// Use direct access for local subnets
return "DIRECT";
else
// Use the proxy for everything else. But if
// the proxy server is down, surf without it.
return "PROXY 10.0.0.4:3128;" +
"DIRECT";
}

You can actually save the file in two different formats; a .pac or a .dat. In the .dat form you can drop a copy into c:\windows (as WPAD.DAT) and as long as ‘Automatically detect settings’ is checked in IE (the default) Windows will search for this file and use the settings.

There are other parameters you can use within pac files to determine whether proxying is used or not. Some of them are –

(shExpMatch(url, "*:8080/*"))|| // regular expression matching alternate ports.
(shExpMatch(url, "domain.name.tld/*"))|| // regular expression matching domains.

The ‘||’ tells the script to ‘or’ each entry. The last entry would finish with ‘))’.

Another example of a proxy.pac file use is with the Sharp (Japan) Super Proxy Script which allows for load-balancing across multiple proxy servers and includes failover. As the original site now seems to be unavailable you can copy it from here.

/* Super Proxy Script
 Copyright 1996 SHARP Corp.
 See http://naragw.sharp.co.jp/sps/
 Load balancing example:
 123.45.67.89:3080 has twice the performance of 123.45.67.90:10080
*/
function FindProxyForURL(url, host)
{
ret = URLhash(url);
if ( (ret % 3) < 2 ) {
return "PROXY 123.45.67.89:3080 ; PROXY 123.45.67.90:10080";
} else {
return "PROXY 123.45.67.90:10080 ; PROXY 123.45.67.89:3080";
}
}
function URLhash(name)
{
var cnt=0;
var str=name.toLowerCase(name);
if ( str.length ==0) {
return cnt;
}
for(var i=0;i < str.length ; i++) {
 var ch= atoi(str.substring(i,i + 1));
cnt = cnt + ch;
}
return cnt ;
}
/*
 URLhash2( ) for directory name hash computing version.
 written by SHARP Corp in Feb 1997 
 Objects in a same directory will be accessed via the same proxy.
 Use URLhash2( ) instead of URLhash( ) if you prefer to use persistent
 connection in HTTP 1.1
 http://www.sharp.co.jp/sample/test/img/mebius.gif
 http://www.sharp.co.jp/sample/test/img/zaurus.gif
 http://www.sharp.co.jp/sample/test/img/wiz.gif
 <------------------------------------->
 directory name hashing here 
*/
function URLhash2(name)
{
var cnt=0;
var dirptr=0;
var str=name.toLowerCase(name);
if ( str.length ==0) {
return cnt;
}
/* skip filename in directory */
for(var i=str.length - 1;i >=0 ; i--) {
if ( str.substring(i,i +1) == '/' ) {
dirptr = i+1 ;
break;
}
}
for(var i=0;i < dirptr; i++) {
 var ch= atoi(str.substring(i,i + 1));
cnt = cnt + ch;
}
return cnt ;
}
function atoi(charstring)
{
if ( charstring == "a" ) return 0x61; if ( charstring == "b" ) return 0x62;
if ( charstring == "c" ) return 0x63; if ( charstring == "d" ) return 0x64;
if ( charstring == "e" ) return 0x65; if ( charstring == "f" ) return 0x66;
if ( charstring == "g" ) return 0x67; if ( charstring == "h" ) return 0x68;
if ( charstring == "i" ) return 0x69; if ( charstring == "j" ) return 0x6a;
if ( charstring == "k" ) return 0x6b; if ( charstring == "l" ) return 0x6c;
if ( charstring == "m" ) return 0x6d; if ( charstring == "n" ) return 0x6e;
if ( charstring == "o" ) return 0x6f; if ( charstring == "p" ) return 0x70;
if ( charstring == "q" ) return 0x71; if ( charstring == "r" ) return 0x72;
if ( charstring == "s" ) return 0x73; if ( charstring == "t" ) return 0x74;
if ( charstring == "u" ) return 0x75; if ( charstring == "v" ) return 0x76;
if ( charstring == "w" ) return 0x77; if ( charstring == "x" ) return 0x78;
if ( charstring == "y" ) return 0x79; if ( charstring == "z" ) return 0x7a;
if ( charstring == "0" ) return 0x30; if ( charstring == "1" ) return 0x31;
if ( charstring == "2" ) return 0x32; if ( charstring == "3" ) return 0x33;
if ( charstring == "4" ) return 0x34; if ( charstring == "5" ) return 0x35;
if ( charstring == "6" ) return 0x36; if ( charstring == "7" ) return 0x37;
if ( charstring == "8" ) return 0x38; if ( charstring == "9" ) return 0x39;
if ( charstring == "." ) return 0x2e;
return 0x20;
}

:: Apache2 htpasswd2 password conversion script ::
The following script will convert plain text passwords into encrypted NCSA passwords for use with Apache. This script was used to convert plain text passwords into useable passwords for local authentication on a Bluecoat ProxySG.

The file to convert is in a ‘user:password’ combination with the ‘:’ as the delimiter.

Run the script as ‘[script name] /path/to/plaintext_passwords_file’

while read LINE
do
htpasswd2 -b [htpasswd2 filename] `echo $LINE | awk -F: '{print $1" "$2}'`
done < $1

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.