KBI 311733 Making Total Network Integrity Work With Any Device

Version

Argent Advanced Technology 5.1A-1807-A and above

Date

Wednesday, 6 February 2019

Summary

The Argent Total Network Integrity product provides a robust, very powerful, and automatic means to ensure the integrity of all network devices

This new product was created with Cisco devices in mind

However, with a few minor changes to SSH any device using SSH can be supported by Argent Total Network Integrity

This KBI explains how network devices such as Juniper can be supported, along with Linux distributions

See: KBI 311674 Enhancement To Total Network Integrity: Enhanced Change Logging For Device Configuration

https://help.argent.com/#KBI_311674

Technical Background

The Argent for SNMP out-of-the-box node property configuration is set to get the Cisco device configuration using SSH and the command ‘show running-config’

Example 1 – Cisco

The License Manager – Node Properties, with defaults (empty field or {default}) set to support Cisco only

Example 2 – Juniper

The License Manager – Node Properties with changes to ‘Password Prompt’, ‘Shell Prompt’ and ‘Backup Command’ is typically all that’s required to support Juniper devices

Note that a username and password would be required with ‘SSH Logon Option’ ‘Keyboard Interactive’

Password Prompt: Password:

Shell Prompt: >

Backup Command: show configuration

Reference: Junos OS – CLI User Guide – Viewing the Configuration

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/junos-configuartion-viewing.html

Example 3 – Debian Linux

The License Manager – Node Properties with changes to ‘Password Prompt’, ‘Shell Prompt’ and ‘Backup Command’ is typically all that’s required to support Linux OS

Note that a username and password credentials should have rights to access the configuration commands of files listed in ‘Backup Command’

Password Prompt: Password:

Shell Prompt: $

Backup Command: dpkg-query –show –showformat=’${binary:Package}\t${Version}\n’

Backup Command: /sbin/iptables-save

Backup Command: cat /etc/apache2/apache2.conf

Depending upon the Linux distribution used, the ‘Shell Prompt’ could be different

The ‘Backup Command’ would entirely depend upon what would be considered essential configurations to save or changes made, in the case of a Debian Linux Webserver the package list, firewall (iptables) and Apache configurations could be consider essential

SSH with PuTTY to the Linux computer to see the ‘Password Prompt’ and ‘Shell Prompt’

Saved Device Configuration:




Click For Full Size

Resolution

N/A