December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Removing Passwords from a Router Configuration File
Problem
You want to remove sensitive information from a router configuration file.
Solution
The following Perl script removes sensitive information like passwords and SNMP community strings from configuration files. The script takes the name of the file containing the router’s configuration as its only command-line argument.
Here’s some sample output:
Freebsd%strip.plversion 12.2 service password-encryption ! hostname Router1 ! aaa new-model aaa authentication login default local enable secret <removed> enable password <removed> ! username ijbrown password <removed> username kdooley password <removed> ! !Lines removed for brevity ! ! snmp-server community <removed> RO snmp-server community <removed> RW ! line con 0 password <removed> line aux 0 password <removed> line vty 0 4 password <removed> end Freebsd%Router1-confg
The Perl code follows in Example 3-1.
Example 3-1. strip.pl
#!/usr/local/bin/perl
#
# strip.pl -- a script to remove sensitive information
# from a router configuration file.
#
#
my $configf;
undef $/;
#
$configf = shift(@ARGV);
if (open (CNFG, $configf ) ){
$config=<CNFG>;
close (CNFG);
$config =~ s/password .*/password <removed>/gi;
$config =~ s/secret .*/secret <removed>/gi;
$config =~ s/community [^ ]+/community <removed>/gi;
print $config;
} else {
print STDERR "Failed to open config file \"$configf\"\n";
}Discussion
This script strips sensitive information from router configuration files. You can safely store or ...