KBI 311733 Making Total Network Integrity Work With Any Device
Version
Argent Advanced Technology 5.1A-1807-A and above
Date
Wednesday, 6 February 2019
Summary
The Argent Total Network Integrity product provides a robust, very powerful, and automatic means to ensure the integrity of all network devices
This new product was created with Cisco devices in mind
However, with a few minor changes to SSH any device using SSH can be supported by Argent Total Network Integrity
This KBI explains how network devices such as Juniper can be supported, along with Linux distributions
See: KBI 311674 Enhancement To Total Network Integrity: Enhanced Change Logging For Device Configuration
https://help.argent.com/#KBI_311674
Technical Background
The Argent for SNMP out-of-the-box node property configuration is set to get the Cisco device configuration using SSH and the command ‘show running-config’
Example 1 – Cisco
The License Manager – Node Properties, with defaults (empty field or {default}) set to support Cisco only
Example 2 – Juniper
The License Manager – Node Properties with changes to ‘Password Prompt’, ‘Shell Prompt’ and ‘Backup Command’ is typically all that’s required to support Juniper devices
Note that a username and password would be required with ‘SSH Logon Option’ ‘Keyboard Interactive’
Password Prompt: Password:
Shell Prompt: >
Backup Command: show configuration
Reference: Junos OS – CLI User Guide – Viewing the Configuration
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/junos-configuartion-viewing.html
Example 3 – Debian Linux
The License Manager – Node Properties with changes to ‘Password Prompt’, ‘Shell Prompt’ and ‘Backup Command’ is typically all that’s required to support Linux OS
Note that a username and password credentials should have rights to access the configuration commands of files listed in ‘Backup Command’
Password Prompt: Password:
Shell Prompt: $
Backup Command: dpkg-query –show –showformat=’${binary:Package}\t${Version}\n’
Backup Command: /sbin/iptables-save
Backup Command: cat /etc/apache2/apache2.conf
Depending upon the Linux distribution used, the ‘Shell Prompt’ could be different
The ‘Backup Command’ would entirely depend upon what would be considered essential configurations to save or changes made, in the case of a Debian Linux Webserver the package list, firewall (iptables) and Apache configurations could be consider essential
SSH with PuTTY to the Linux computer to see the ‘Password Prompt’ and ‘Shell Prompt’
Saved Device Configuration:
Resolution
N/A