rat.1p

Langue: en

Version: 2004-08-05 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

NAME

rat (Router Audit Tool) - A tool for auditing Cisco configs

SYNOPSIS

rat [OPTIONS] config [config ...]

DESCRIPTION

rat audits router configurations. It will log into the routers specified (you have to provide login info), pull down the configurations, audit them against a set of rules and produces four output files (see FILES section) for each router. One is a passwd style file listing all rules, pass/fail and other info. Two is a simple text-based report. Three is a ``fix'' file suitable for cut-and-past into config mode to fix the problems identified. Four is an HTML version of the report.

OPTIONS

-u, --user
The --user flag allows the specification of an a username to be used when logging in to routers. The default is the current login name.
-w, --userpw
The --userpw flag allows the specification of a user-level password on the command line. If the password is not specified, then the user will be prompted (without echo) for the password.
-e, --enablepw
The --enablepw flag allows the specification of an enable password. If the password is not specified, then the user will be prompted (without echo) for the password.
-b, --noclobber
The --noclobber flag indicates that devices configurations should not be pulled if they already exist.
-a, --snarf
The --snarf flag indicates that devices configurations should be downloaded.
-n, --nonenable
The --noenable flag indicates that snarf should not try to enable before pulling configs.
-r, --rules
The --rules flag is used to specify the ncat(1) rules file to be used to audit the default is ncat_out.conf
-l, --limitrulesto
The "--limitrulestoto" allows the commandline specification of a regular expression to limit the rules that are checked. The name of the rule must match the regexp specified or the rule is skipped. You might try something like
   --limitrulesto=finger
 
 

or

    --limitrulesto='finger\|syslog'
 
 
-c, --limitclassto
The "--limitclassto" allows the commandline specification of a regular expression to limit the rules that are checked. The class of the rule must match the regexp specified or the rule is skipped. You might try something like
   --limitclassto=access
   --limitclassto=localrules
   --limitclassto=access,logging,aaa
   --limitclassto='access\|logging\|localrules'
 
 

See the rules file for definition of rule classes. By default, only rules matching the class ``default'' are checked. ``all'' is synonym for ``.*''. You can give a ``normal'' comma separated list of classes that you want to check because ``,'' is treated as a synonym for the regular expression or (``|'').

-s, --sortorder
The "--sortorder" flag allows the specification of the field that reports are sorted by. Possible values are ``importance'' (default), ``passfail'',``rule'',``device'',``line'',``instance''.
-p, --onlypass
The "--onlypass" flag indicates flag indicates that only passing rules should be reported. It may not be combined with "--onlyfail"
-f, --onlyfail
The "--onlyfail" flag indicates flag indicates that only failing rules should be reported. It may not be combined with "--onlypass"
-V, --version
The "--version" option displays the current program version.

ARGUMENTS

The router argument(s) allow the user to specify which devices are to be audited. These may be either IP addresses or DNS names.

RETURN VALUE

???

EXAMPLES

  % rat --snarf --rules=$HOME/etc/ncat.conf gw1.atl7
  User Password: 
  Enable Password [same as user]: 
  snarfing gw1.atl7...done.
  auditing gw1.atl7...done.
  Generating report gw1.atl7.ncat_report.txt...done.
  %
  % ls -1 gw1*
  gw1.atl7               # the config file
  gw1.atl7.ncat_fix.txt  # the fix file
  gw1.atl7.ncat_out.txt  # the raw data
  gw1.atl7.ncat_report.txt # the report
  gw1.atl7.html          # the HTML report
  rules.html             # the rules in HTML
  index.html             # index of html files
 
 

FILES

  $config                        - the config file that was pulled
  $config.ncat_out.txt           - a passwd style file with raw results
  $config.ncat_fix.txt           - commands to correct problems found
  $config.ncat_report.txt        - a simple text report with statistics
  all.ncat_report.txt            - a simple text report listing all device
  $config.html                   - an HTML version of the report w/fixes
  all.html                       - an HTML version of the report listing all devices
  rules.html                     - an HTML version of the rules applied
  index.html                     - an index of the rules and html files
 
 

SEE ALSO

   sbin/rat                      - this program
   sbin/router-snarf             - the config puller
   sbin/ncat                     - the audit tool
   sbin/ncat_report              - the report generator
   etc/ncat.conf                 - file containing audit rules
 
 

CAVEATS

Yes, there are some.

BUGS

Yes.

AUTHOR

George M. Jones <gmj@users.sourceforge.net>

CREDIT WHERE CREDIT IS DUE

John Stewart has helped with the code in numerous ways. It's much cleaner, and the install process is better thanks to his efforts.

Eric Brandwine and Jared Allison at UUNET wrote a config checker that has provided some ideas for this one. Rob Thomas developed a security template for IOS that was the initial inspiration.

Joshua Wright did the port for ActiveState on Windows.