topic Script to Sync IPS Configs in Network Security

Script to Sync IPS Configs

manfernandez — Sun, 10 Mar 2019 11:50:16 GMT

Good day,

First time posting a new question. I have many customers that have ASA in HA with Dual ssm-10 or 20s. I want to know if anyone out there has a script already created that will,

1. Connect to the IPS running on the ACTIVE ASA and pull the config.

2. Run a 'Search AND Replace' for the specific IP address of the Sensor (e.g. 10.1.1.50/24 10.1.1.1) and replace it with the standby IPS' IP Address.

3. Run a 'Search AND Replace' for the 'host-name' and replace that with the standby's hostname.

4. Then TFTP the NEW config to the secondary IPS.

This would insure that all the changes, exceptions etc are the same on both boxes. You could then run a cron that would do this regularly. I found this code snippet online and modified it. I am in the process of teaching myself Perl since I have seen the benefits of it, but for now I fummble along. I was able to get the first part to work. It matches the IP exactly as it appears there (would be nicer to be able to look for ANY string after the host-ip).

Thanks

Manny

****** SNIPPET *******

#!/usr/bin/perl

use strict;
use warnings;
use File::Find;

my $startdir = 'c:\ips-test';
my $find = 'host-ip 10\.1\.1\.50';
my $replace = 'host-ip 10.1.1.51';
my $doctype = 'txt';

print qq~Finding "$find" and replacing it with "$replace"\n~;

find(
   sub{
      return unless (/\.$doctype$/i);
      local @ARGV = $_;
      local $^I = '.bac';
      while( <> ){
         if( s/$find/$replace/ig ) {
            print;
         }
         else {
            print;
         }
      }
}, $startdir);

print "Finished";

Re: Script to Sync IPS Configs

manfernandez — Sun, 29 Nov 2009 14:47:13 GMT

OK, here is the other piece to it. Now I am able to find and replace the IP and the Hostname however the IP gets written twice.

I am just curious if others think this would be helpful.

#!/usr/bin/perl

use strict;
use warnings;
use File::Find;

my $startdir = 'c:\ips-test';
my $find = 'host-ip 10\.1\.1\.101';
my $replace = 'host-ip 10.1.1.102';
my $find2 = 'host-name corpips01';
my $replace2 = 'host-name corpips02';
my $doctype = 'txt';

print qq~Finding "$find" and replacing it with "$replace" and "$find2" with "$replace2" \n~;

find(
   sub{
      return unless (/\.$doctype$/i);
      local @ARGV = $_;
      local $^I = '.bac';
      while( <> ){
         if( s/$find/$replace/ig ) {
            print;
         }
          if( s/$find2/$replace2/ig ) {
            print;
         }
         else {
            print;
         }
      }
}, $startdir);
print "Finished";

Re: Script to Sync IPS Configs

froekjaer — Thu, 04 Feb 2010 05:19:56 GMT

Using IPS ver. 7, I found that the following procedure will do the job:

- FTP the CurrentConfig of the primary unit to a FTP server

- FTP the unchanged config file on to the failover unit.

In the process of overwriting the CurrentConfig, on the failover unit:

you will be asked if you want to overwrite IP, and Hostname – don’t 😉

#Would you like to replace existing network

#settings(host-ipaddress/netmask/gateway/access-list) on sensor before proceeding? [no]:

Re: Script to Sync IPS Configs

manfernandez — Tue, 25 May 2010 13:44:23 GMT

Peter,

I will take a look at that this week. That sounds a lot more simple 🙂