Rechercher une page de manuel
rat.1p
Langue: en
Version: 2004-08-05 (debian - 07/07/09)
Section: 1 (Commandes utilisateur)
Sommaire
NAME
rat (Router Audit Tool) - A tool for auditing Cisco configsSYNOPSIS
rat [OPTIONS] config [config ...]DESCRIPTION
rat audits router configurations. It will log into the routers specified (you have to provide login info), pull down the configurations, audit them against a set of rules and produces four output files (see FILES section) for each router. One is a passwd style file listing all rules, pass/fail and other info. Two is a simple text-based report. Three is a ``fix'' file suitable for cut-and-past into config mode to fix the problems identified. Four is an HTML version of the report.OPTIONS
- -u, --user
- The --user flag allows the specification of an a username to be used when logging in to routers. The default is the current login name.
- -w, --userpw
- The --userpw flag allows the specification of a user-level password on the command line. If the password is not specified, then the user will be prompted (without echo) for the password.
- -e, --enablepw
- The --enablepw flag allows the specification of an enable password. If the password is not specified, then the user will be prompted (without echo) for the password.
- -b, --noclobber
- The --noclobber flag indicates that devices configurations should not be pulled if they already exist.
- -a, --snarf
- The --snarf flag indicates that devices configurations should be downloaded.
- -n, --nonenable
- The --noenable flag indicates that snarf should not try to enable before pulling configs.
- -r, --rules
- The --rules flag is used to specify the ncat(1) rules file to be used to audit the default is ncat_out.conf
- -l, --limitrulesto
- The "--limitrulestoto" allows the commandline specification of a regular expression to limit the rules that are checked. The name of the rule must match the regexp specified or the rule is skipped. You might try something like
--limitrulesto=finger
or
--limitrulesto='finger\|syslog'
- -c, --limitclassto
- The "--limitclassto" allows the commandline specification of a regular expression to limit the rules that are checked. The class of the rule must match the regexp specified or the rule is skipped. You might try something like
--limitclassto=access --limitclassto=localrules --limitclassto=access,logging,aaa --limitclassto='access\|logging\|localrules'
See the rules file for definition of rule classes. By default, only rules matching the class ``default'' are checked. ``all'' is synonym for ``.*''. You can give a ``normal'' comma separated list of classes that you want to check because ``,'' is treated as a synonym for the regular expression or (``|'').
- -s, --sortorder
- The "--sortorder" flag allows the specification of the field that reports are sorted by. Possible values are ``importance'' (default), ``passfail'',``rule'',``device'',``line'',``instance''.
- -p, --onlypass
- The "--onlypass" flag indicates flag indicates that only passing rules should be reported. It may not be combined with "--onlyfail"
- -f, --onlyfail
- The "--onlyfail" flag indicates flag indicates that only failing rules should be reported. It may not be combined with "--onlypass"
- -V, --version
- The "--version" option displays the current program version.
ARGUMENTS
The router argument(s) allow the user to specify which devices are to be audited. These may be either IP addresses or DNS names.RETURN VALUE
???EXAMPLES
% rat --snarf --rules=$HOME/etc/ncat.conf gw1.atl7 User Password: Enable Password [same as user]: snarfing gw1.atl7...done. auditing gw1.atl7...done. Generating report gw1.atl7.ncat_report.txt...done. % % ls -1 gw1* gw1.atl7 # the config file gw1.atl7.ncat_fix.txt # the fix file gw1.atl7.ncat_out.txt # the raw data gw1.atl7.ncat_report.txt # the report gw1.atl7.html # the HTML report rules.html # the rules in HTML index.html # index of html files
FILES
$config - the config file that was pulled $config.ncat_out.txt - a passwd style file with raw results $config.ncat_fix.txt - commands to correct problems found $config.ncat_report.txt - a simple text report with statistics all.ncat_report.txt - a simple text report listing all device $config.html - an HTML version of the report w/fixes all.html - an HTML version of the report listing all devices rules.html - an HTML version of the rules applied index.html - an index of the rules and html files
SEE ALSO
sbin/rat - this program sbin/router-snarf - the config puller sbin/ncat - the audit tool sbin/ncat_report - the report generator etc/ncat.conf - file containing audit rules
CAVEATS
Yes, there are some.BUGS
Yes.AUTHOR
George M. Jones <gmj@users.sourceforge.net>CREDIT WHERE CREDIT IS DUE
John Stewart has helped with the code in numerous ways. It's much cleaner, and the install process is better thanks to his efforts.Eric Brandwine and Jared Allison at UUNET wrote a config checker that has provided some ideas for this one. Rob Thomas developed a security template for IOS that was the initial inspiration.
Joshua Wright did the port for ActiveState on Windows.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre