Cisco CSS Toy

xrayspx's picture

[music | Bauhaus - Dark Entries (Live)]

This is the first of a few tools I have to release in the coming couple of weeks, mainly involving Cisco's CSS product. The purpose of me writing them is that Cisco's web interface to the CSS is both a terrible user experience and has shown itself to be vulnerable to trivial attacks in the past (in a security sense). I don't want to run the web gui on my CSS's, and most of our admins were terrified of the command line. So I wrote a bunch of tools to help do their jobs, without the possibility of screwing up the load balancers.

This first one logs onto the CSS, runs "show service summary", sorts that data, makes HTML tables out of it, and presents it in a browser. There are two versions in the package, one which uses tables and presents session data, state changes, etc., and one which is slimmed down for phones, without tables, using colored text to indicate "up/down/suspended". It's a simple enough script, but I haven't seen that anyone's written it before, so now you don't have to.

The larger tool, still to come, allows admins to suspend and activate services by server, rather than having to log onto the CSS and select each checkbox by service. Now they can just highlight 4 or 5 servers, hit suspend, and watch them come out. I'm kind of waiting on that one a little bit so I can clean it up some, and try to lay my hands on a CSS. They're going for like a grand on eBay for the little ones, if you would like to give me a CSS, I'll get this stuff out much quicker. Otherwise I'm just going to guess that it probably works. Or have to write a test harness for it so that I can give the scripts the answers they want.

requires: perl, Expect, Cisco CSS that you can telnet to. SSH with PW or keys would work great, you just have to remember to put the keys in a folder you generate for whatever your Apache user runs as, important, and you'll have to ssh to the device once as your Apache user to accept the remote RSA key the first time, and then of course edit the expect script.

Download Page
Demo with tables
Demo without tables(great for phones)

Comments

looks familiar. LOL

xrayspx's picture

It better, dangit.

Big one's "coming soon", since I don't really have a test environment for it, and I'd prefer not to clean up the code and release some horribly broken POS.

Maybe I can work something out with Nick where you guys beta test the shit for me in Dev/Test just to make sure it doesn't completely shit all over itself whenever I release new versions.

Or I buy a CSS for a grand, undecided.