Today I’ve been automating Juniper router configuration assessment. Basically issuing a “show configuration” from the CLI and then using a Nessus .nasl script to parse the results.

The main problem is that JunOS uses multiline config statements, so to check if HTTP is enabled, you end up having to go through this lot:

system {
    services {
        web-management {
            http {
                interface em0.0;
            }
        }
    }
}

So you have to use a combination of functions – ereg() which can look for a multiline regex and return true/false, egrep() which can return a single matching line from a multiline string and eregmatch() which returns just the matching portion of that single line!

I’m thinking of checking for a true return of ereg() and then looping through the whole string to return the matching bit, seems a bit naff, but may be better than three function calls….

I’m not sure if I’m going to stick with my new VPS host, they don’t seem to know their way around OpenVZ, Hell I’ve been playing with it for a few days and seem to be able to run rings around them. The support does seem to have been outsourced to Pakistan by the looks of the IP addresses showing up in the control panel logs.

Every time they reboot the host node or my VPS for whatever reason (without telling me!) they seem to lose the NTP permissions, or bugger up the iptables state/conntrack modules etc. As I’ve not migrated to them yet and I’ve got a month or so before I have to pay them again and my existing host shouldn’t go away that quickly, I might sign up for some other hosts in the meantime.