#!/usr/local/bin/perl # clean up cisco configuration # # -v remove volatile config commands like ntp clock-period # # -p remove passwords # # enable # vty line # snmp-server # ip ospf authentication-key 7 (OSPF) # neighbor 1.2.3.4 password (BGP) # # -c remove extra cat5xxx passwords # # maf@net.ohio-state.edu - Nov 1998 # require "getopts.pl"; &Getopts('vpc'); while (<>) { chomp; if (/^line /) { $in_line = 1; } if (/^router bgp/) { $in_bgp = 1; } if (/^router ospf/) { $in_ospf = 1; } if ($opt_v) { if (/^ntp clock-period /) { $_ = "!! ntp clock-period (REMOVED)"; } if (/^#time: /) { $_ = "#time: (REMOVED)"; } if (/^#Time: /) { $_ = "#Time: (REMOVED)"; } if ($in_line) { if (/ length/) { $_ = "!! length (REMOVED)"; } } next if (/\.+$/); } # $opt_v if ($opt_p) { if ($in_line) { if (/^\s*password/) { $_ = "!! password (REMOVED)"; } # password } # in_line if ($in_bgp) { if (/^\s*neighbor \d+\.\d+\.\d+\.\d+ password/) { @a = split; $_ = "!! $a[0] $a[1] password (REMOVED)"; } } if (/^\s*ip ospf authentication-key /) { $_ = "!! ip ospf authentication-key (REMOVED)"; } if (/^\s*snmp-server community/) { @a = split; $_ = "!! $a[0] $a[1] (REMOVED) "; $_ .= join ' ', splice(@a,3); } if (/^\s*enable password/) { @a = split; $_ = "!! $a[0] $a[1] (REMOVED)"; } if (/^\s*enable secret/) { @a = split; $_ = "!! $a[0] $a[1] $a[2] (REMOVED)"; } # CAT 5xxx if ($opt_c) { if (/^set password/) { $_ = "!! set password (REMOVED)"; } if (/^set snmp community read-only /) { $_ = "!! snmp community read-only (REMOVED)"; } if (/^set snmp community read-write /) { $_ = "!! snmp community write-only (REMOVED)"; } if (/^set snmp community read-write-all /) { $_ = "!! snmp community read-write-all (REMOVED)"; } } # opt_c } # opt_p print "$_\n"; } # while