Backing up Cisco Configurations for Routers, Switches and Firewalls

I will add more about this when I have time. Until then, you should be able to just install python, paramiko and pexpect and run this script as-is (obviously changing the variables).

This should give you all the software you need:

sudo apt-get update
sudo apt-get install python python-pexpect python-paramiko

I plan on GREATLY increasing the ability of this script, adding additional functionality, as well as setting up a bash script that will be able to parse the configs, and perform much deeper backup abilities for ASAs.

I have not tested this on Routers and Switches. I can tell you that the production 5520 HA Pair that I ran this script against was running “Cisco Adaptive Security Appliance Software Version 8.4(2)160”. Theoretically, I would believe that this would work with all 8.4 code and up, including the 9.x versions that are out as of the writing of this blog.

Here you go! Full Scripted interrogation of Cisco ASA 5520 that can be setup to run on a CRON job.

#!/usr/bin/python
import paramiko, pexpect, hashlib, StringIO, re, getpass, os, time, ConfigParser, sys, datetime, cmd, argparse



### DEFINE VARIABLES

currentdate="10-16-2014"
hostnamesfile='vpnhosts'
asahost="192.168.222.1"
tacacsuser='testuser'
userpass='Password1'
enpass='Password2'
currentipaddress="192.168.222.1"
currenthostname="TESTASA"


#dummy=sys.argv[0]
#currentdate=sys.argv[1]
#currentipaddress=sys.argv[2]
#tacacsuser=sys.argv[3]
#userpass=sys.argv[4]
#enpass=sys.argv[5]
#currenthostname=sys.argv[6]

parser = argparse.ArgumentParser(description='Get "show version" from a Cisco ASA.')
parser.add_argument('-u', '--user',     default='cisco', help='user name to login with (default=cisco)')
parser.add_argument('-p', '--password', default='cisco', help='password to login with (default=cisco)')
parser.add_argument('-e', '--enable',   default='cisco', help='password for enable (default=cisco)')
parser.add_argument('-d', '--device',   default=asahost, help='device to login to (default=192.168.120.160)')
args = parser.parse_args()

   


#python vpnbackup.py $currentdate $currentipaddress $tacacsuser $userpass $enpass $currenthostname



def asaLogin():
   
    #start ssh")
    child = pexpect.spawn ('ssh '+tacacsuser+'@'+asahost)
   
    #testing to see if I can increase the buffer
    child.maxread=9999999
   
    #expect password prompt")
    child.expect ('.*assword:.*')
    #send password")
    child.sendline (userpass)
    #expect user mode prompt")
    child.expect ('.*>.*')
    #send enable command")
    child.sendline ('enable')
    #expect password prompt")
    child.expect ('.*assword:.*')
    #send enable password")
    child.sendline (enpass)
    #expect enable mode prompt = timeout 5")
    child.expect ('#.*', timeout=10)
    #set term pager to 0")
    child.sendline ('terminal pager 0')
    #expect enable mode prompt = timeout 5")
    child.expect ('#.*', timeout=10)
    #run create dir function")
    createDir()
    #run create show version")
    showVersion(child)
    #run create show run")
    showRun(child)
    # run showCryptoIsakmp(child)
    showCryptoIsakmp(child)
    # run dirDisk0(child)
    dirDisk0(child)
    # run showInterfaces(child)
    showInterfaces(child)
    #run  showRoute")
    showRoute(child)
    #run showVpnSessionDetail")
    showVpnSessionDetail(child)
    # run showVpnActiveSessions(child)
    showWebVpnSessions(child)
    # run showVpnActiveSessions(child)
    showAnyConnectSessions(child)
    #send exit")
    child.sendline('exit')
    #close the ssh session")
    child.close()
   
   
def createDir():
    if not os.path.exists(currentdate):
        os.makedirs(currentdate)
    if not os.path.exists(currentdate+"/"+currenthostname):
        os.makedirs(currentdate+"/"+currenthostname)
   
   
   
def showVersion(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"sh-ver.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show version")
    child.sendline('show version')
    #expect enable mode prompt = timeout 400")
    child.expect(".*# ", timeout=50)
    #closing the log file")
    fout.close()
   
   
def showRun(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"sh-run.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending more system running-config")
    child.sendline('more system:running-config')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=999)
    #closing the log file
    fout.close()   
   

def showCryptoIsakmp(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"cryptoisakmp.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show crypto isakmp sa")
    child.sendline('show crypto isakmp sa')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=50)
    #closing the log file
    fout.close()   


def dirDisk0(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"dirdisk0.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending dir disk0:")
    child.sendline('dir disk0:')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=75)
    #closing the log file
    fout.close()


def showInterfaces(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"interfaces.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show interface")
    child.sendline('show interface')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=100)
    #closing the log file
    fout.close()


def showRoute(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"show-route.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show route")
    child.sendline('show route')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=300)
    #closing the log file
    fout.close()


def showVpnSessionDetail(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"vpnsession.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show vpn-sessiondb detail")
    child.sendline('show vpn-sessiondb detail')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=50)
    #closing the log file
    fout.close()


def showWebVpnSessions(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"webvpns.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show vpn-sessiondb webvpn")
    child.sendline('show vpn-sessiondb webvpn')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=200)
    #closing the log file
    fout.close()


def showAnyConnectSessions(child):
    #setting a new file for output")
    fout = file(currentdate+"/"+currenthostname+"/"+currenthostname+datetime.datetime.now().strftime("%m-%d-%Y")+"anyconnectvpns.txt",'w')
    #capturing the command output to the file")
    child.logfile_read = fout
    #sending show vpn-sessiondb anyconnect")
    child.sendline('show vpn-sessiondb anyconnect')
    #expect enable mode prompt = timeout 400
    child.expect(".*# ", timeout=999)
    #closing the log file
    fout.close()




def main():
    #Nothing has been executed yet
    #executing asaLogin function
    asaLogin()
    #Finished running parTest\n\n Now exiting
   

main()

Here are all the websites that have provided help to me writing these scripts:
http://www.802101.com/2014/06/automated-asa-ios-and-nx-os-backups.html
http://yourlinuxguy.com/?p=300
http://content.hccfl.edu/pollock/Unix/FindCmd.htm
http://paulgporter.net/2012/12/08/30/
http://paklids.blogspot.com/2012/01/securely-backup-cisco-firewall-asa-fwsm.html
http://ubuntuforums.org/archive/index.php/t-106287.html
http://stackoverflow.com/questions/12604468/find-and-delete-txt-files-in-bash
http://stackoverflow.com/questions/9806944/grep-only-text-files
http://unix.stackexchange.com/questions/132417/prompt-user-to-login-as-root-when-running-a-shell-script
http://stackoverflow.com/questions/6961389/exception-handling-in-shell-scripting
http://stackoverflow.com/questions/7140817/python-ssh-into-cisco-device-and-run-show-commands
http://pastebin.com/qGRdQwpa
http://blog.pythonicneteng.com/2012/11/pexpect-module.html
https://pynet.twb-tech.com/blog/python/paramiko-ssh-part1.html
http://twistedmatrix.com/pipermail/twisted-python/2007-July/015793.html
http://www.lag.net/paramiko/
http://www.lag.net/paramiko/docs/
http://stackoverflow.com/questions/25127406/paramiko-2-tier-cisco-ssh
http://rtomaszewski.blogspot.com/2012/08/problem-runing-ssh-or-scp-from-python.html
http://www.copyandwaste.com/posts/view/pexpect-python-and-managing-devices-tratto/
http://askubuntu.com/questions/344407/how-to-read-complete-line-in-for-loop-with-spaces
http://stackoverflow.com/questions/10463216/python-pexpect-timeout-falls-into-traceback-and-exists
http://stackoverflow.com/questions/21055943/pxssh-connecting-to-an-ssh-proxy-timeout-exceeded-in-read-nonblocking
http://www.pennington.net/tutorial/pexpect_001/pexpect_tutorial.pdf
https://github.com/npug/asa-capture/blob/master/asa-capture.py
http://stackoverflow.com/questions/26227791/ssh-with-subprocess-popen

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Tagged , , , , , , , , , . Bookmark the permalink.

Comments are closed.