man rat () - A tool for auditing Cisco configs
NAME
rat (Router Audit Tool) - A tool for auditing Cisco configs
SYNOPSIS
rat [OPTIONS] config [config ...]
DESCRIPTION
rat audits router configurations. It will log into the routers specified (you have to provide login info), pull down the configurations, audit them against a set of rules and produces four output files (see FILES section) for each router. One is a passwd style file listing all rules, pass/fail and other info. Two is a simple text-based report. Three is a fix file suitable for cut-and-past into config mode to fix the problems identified. Four is an HTML version of the report.
OPTIONS
- -u, --user
- The --user flag allows the specification of an a username to be used when logging in to routers. The default is the current login name.
- -w, --userpw
- The --userpw flag allows the specification of a user-level password on the command line. If the password is not specified, then the user will be prompted (without echo) for the password.
- -e, --enablepw
- The --enablepw flag allows the specification of an enable password. If the password is not specified, then the user will be prompted (without echo) for the password.
- -b, --noclobber
- The --noclobber flag indicates that devices configurations should not be pulled if they already exist.
- -a, --snarf
- The --snarf flag indicates that devices configurations should be downloaded.
- -n, --nonenable
- The --noenable flag indicates that snarf should not try to enable before pulling configs.
- -r, --rules
- The --rules flag is used to specify the BIncat(1) rules file to be used to audit the default is ncat_out.conf
- -l, --limitrulesto
-
The CW--limitrulestoto allows the commandline specification of a regular
expression to limit the rules that are checked. The name of the rule
must match the regexp specified or the rule is skipped. You might
try something like
--limitrulesto=finger
or--limitrulesto='finger\|syslog'
- -c, --limitclassto
-
The CW--limitclassto allows the commandline specification of a regular
expression to limit the rules that are checked. The class of the rule
must match the regexp specified or the rule is skipped. You might
try something like
--limitclassto=access --limitclassto=localrules --limitclassto=access,logging,aaa --limitclassto='access\|logging\|localrules'
See the rules file for definition of rule classes. By default, only rules matching the class default are checked. all is synonym for .*. You can give a normal comma separated list of classes that you want to check because , is treated as a synonym for the regular expression or (|). - -s, --sortorder
- The CW--sortorder flag allows the specification of the field that reports are sorted by. Possible values are importance (default), passfail,rule,device,line,instance.
- -p, --onlypass
- The CW--onlypass flag indicates flag indicates that only passing rules should be reported. It may not be combined with CW--onlyfail
- -f, --onlyfail
- The CW--onlyfail flag indicates flag indicates that only failing rules should be reported. It may not be combined with CW--onlypass
- -V, --version
- The CW--version option displays the current program version.
ARGUMENTS
The router argument(s) allow the user to specify which devices are to be audited. These may be either IP addresses or DNS names.
RETURN VALUE
???
EXAMPLES
% rat --snarf --rules=$HOME/etc/ncat.conf gw1.atl7 User Password: Enable Password [same as user]: snarfing gw1.atl7...done. auditing gw1.atl7...done. Generating report gw1.atl7.ncat_report.txt...done. % % ls -1 gw1* gw1.atl7 # the config file gw1.atl7.ncat_fix.txt # the fix file gw1.atl7.ncat_out.txt # the raw data gw1.atl7.ncat_report.txt # the report gw1.atl7.html # the HTML report rules.html # the rules in HTML index.html # index of html files
FILES
$config - the config file that was pulled $config.ncat_out.txt - a passwd style file with raw results $config.ncat_fix.txt - commands to correct problems found $config.ncat_report.txt - a simple text report with statistics all.ncat_report.txt - a simple text report listing all device $config.html - an HTML version of the report w/fixes all.html - an HTML version of the report listing all devices rules.html - an HTML version of the rules applied index.html - an index of the rules and html files
SEE ALSO
sbin/rat - this program sbin/router-snarf - the config puller sbin/ncat - the audit tool sbin/ncat_report - the report generator etc/ncat.conf - file containing audit rules
CAVEATS
Yes, there are some.
BUGS
Yes.
AUTHOR
George M. Jones <gmj@users.sourceforge.net>
CREDIT WHERE CREDIT IS DUE
John Stewart has helped with the code in numerous ways. It's much cleaner, and the install process is better thanks to his efforts.
Eric Brandwine and Jared Allison at UUNET wrote a config checker that has provided some ideas for this one. Rob Thomas developed a security template for IOS that was the initial inspiration.
Joshua Wright did the port for ActiveState on Windows.