Finding Cisco IOS XE CVE-2023-20198 With ConfigSources
On October 16, 2023, Cisco published a vulnerability that affects IOS XE machines running the built-in web server:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z This is tracked ashttps://nvd.nist.gov/vuln/detail/CVE-2023-20198 By adding a simple Config Check to an existing Cisco IOS ConfigSource, LogicMonitor can help people quickly identify which resources have the web server enabled. Here is an example: Name: Cisco-CSCwh87343-Check Check type: "Use Groovy Script" Groovy script: /* The built-in string variable 'config' contains the entire contents of the configuration file. The following example will trigger an alert when the configuration file contains the string "blue". if (config.contains("blue")) { return 1; } else { return 0; } */ if (config.contains("ip http")) { return 1; } else { return 0; } Then trigger this type of alert: Warning Description: "Search for presence of Cisco CSCwh87343 vulnerability" Caveats: -This will apply to all devices where the ConfigSource is used, even though all devices may not be affected by the vulnerability -This assumes usage of ConfigSources and specifically the Cisco_iOS ConfigSource Thanks to Todd Ritter for finding this CVE and Creating the ConfigSource150Views16likes1CommentDownloading configsource configs via API
I recently had an incident where the resource was accidentally removed from LM and the next day we needed the configs for the device, because it was removed from LM (and permanently deleted) we couldn't retrieve the configs. I'd like to be able to download the configs via API and store the files somewhere if possible. Has anyone implemented something similar?76Views1like3CommentsCustom ConfigSource Issues
I am having to write a custom configsource for Steelhead Riverbeds. There isn't a way to sftp a file off so I am having to write an expect script in groovy. I am trying to cobble together something using the Cisco Generic RunningConfig as a stepping stone, but I just can't get it off the ground. If I run it via the ConfigSources page with Test Script I get this. Quote Failed to execute the script - null java.nio.channels.ClosedByInterruptException at java.nio.channels.spi.AbstractInterruptibleChannel.end(AbstractInterruptibleChannel.java:202) at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:407) at sun.nio.ch.SourceChannelImpl.read(SourceChannelImpl.java:113) If I run it via collector debug and !groovy I get Quote $ !groovy Waiting... This may take up to 10 minutes. Waiting... This may take up to 10 minutes. End of stream reached, no match found java.io.IOException: End of stream reached, no match found at com.santaba.agent.groovyapi.expect.expectj.Spawn._expect2(Spawn.java:595) at com.santaba.agent.groovyapi.expect.expectj.Spawn._expect2(Spawn.java:511) at com.santaba.agent.groovyapi.expect.expectj.Spawn.expect(Spawn.java:647) at com.santaba.agent.groovyapi.expect.expectj.Spawn.expect(Spawn.java:617) at com.santaba.agent.groovyapi.expect.Expect.expect(Expect.java:193) at com.santaba.agent.groovyapi.expect.Expect$expect$1.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) at Script69.run(Script69.groovy:22) at com.santaba.agent.util.GroovyScriptShell.execute(GroovyScriptShell.java:127) at com.santaba.agent.util.GroovyScriptExecutor.execute(GroovyScriptExecutor.java:119) at com.santaba.agent.debugger.GroovyTask._executeInAgent(GroovyTask.java:186) at com.santaba.agent.debugger.GroovyTask._handle(GroovyTask.java:165) at com.santaba.agent.debugger.DebugTask.run(DebugTask.java:106) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Any help would appreciated. Oh yeah the formatting of the cli. Quote servername > servername > enable servername # show configuration ## ## Other IP configuration ## And what I have so far. import com.santaba.agent.groovyapi.expect.Expect; host = hostProps.get("system.hostname"); user = hostProps.get("config.user"); pass = hostProps.get("config.pass"); // open an ssh connection and wait for the prompt cli=Expect.open(host, user, pass); cli.expect("#"); // ensure the page-by-page view doesn't foul the config output cli.send("terminal length 0\n"); cli.expect("#"); // display the config cli.send("show configuration\n"); cli.expect("##\n") // logout from the device cli.send("exit\n"); cli.expect("#exit"); // collect the output config=cli.before(); // close the ssh connection handle then print the config cli.expectClose(); println config; And now what I have so far8Views0likes1CommentRetaining attributes while updating LogicModules
Can I also make a feature request to retain the custom thresholds / attributes (user optional, probably by means of a toggle button to choose between overwrite or leave as is ) while updating LogicModules? I did notice related requests from the past and it seems that it is not yet released. /topic/1282-maintain-thresholdsappliesto-when-updating-during-datasource-updates//topic/1180-import-datasource-from-logic-monitor-repository-improvments/4Views1like6Comments