Automatically backup config to scp or tftp when “write mem”

In Cisco, I can automatically backup config using scp or tftp to other location every time I issue “wr me”

How to achieve the same in other brand?

CISCO:
archive
path scp://root:eve@10.0.10.70/$h
write-memory

 

FORTIGATE:

 

HP:

 

JUNIPER:
https://forum.ivorde.com/junos-system-configuration-archival-is-not-working-over-scp-t19351.html

 

RUCKUS:

 

IOS Tips

-Reset port gi1/0/1 to default:
# conf t
(config) # default interface gi1/0/1

-Reset ports 1-48 to default:
# conf t
(config)# default int range gi1/0/1-48

-Edit ports 1-48 at the same time
# conf t
(config)# int range gi1/0/1-48
(config-if)# <enter config change>

-Apply a config change to a non-contiguous range of ports
# conf t
(config) # int range gi1/0/1 – 5 , gi1/0/10 – 15
(config-if)# <enter config change>

-Do multiple steps in a single command when provisioning a port for an end-device
# conf t
(config)# int gi1/0/1
(config-if)# switchport host
   sets switch port mode to access + enables spanning tree Port Fast + disables channel grouping.

-Use macros to run a script by entering a single command AND use variables
 Create the macro
# conf t
(config)# macro name SetTrunk
shut
description TRUNK PORT
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan $NATIVE
switchport trunk allowed vlan $ALLOWED
mls qos trust dscp
no shut
@
 Now apply the macro to a port you want to create as a trunk, set the native VLAN to 123 and define all VLANs as being allowed
# conf t
(config)# int gi1/0/1
(config-if)# macro apply SetTrunk $NATIVE 123 $ALLOWED all

-Show all interfaces and the CRC count for each
# show interface | i protocol|CRC
GigabitEthernet1/0/5 is up, line protocol is up (connected)
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

-Find what ports are not currently connected
# sh int status | i notconnect

-Show what ports are down due to BPDUguard
# sh int status | i err
or
# show log | i BPDU|bpdu
%SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet1/0/16 with BPDU Guard enabled. Disabling port.
%PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/16, putting Gi1/0/16 in err-disable state

-Delete a directory
# del /force /recursive directory_name

-For all switches in a stack, define both a primary AND a secondary boot image
# all flash:c3750-ipbasek9-mz.122-55.SE8.bin;flash:c3750-ipbasek9-mz.122-55.SE7.bin

-Get extended details about the packets crossing an interface
#show interfaces f2/0/17 controller
     Transmit FastEthernet2/0/17              Receive
     18971276 Bytes                         33189871 Bytes
        14754 Unicast frames                   59339 Unicast frames
        43389 Multicast frames                  3440 Multicast frames
        99892 Broadcast frames                 43925 Broadcast frames
            0 Too old frames                29986661 Unicast bytes
            0 Deferred frames                 346082 Multicast bytes
            0 MTU exceeded frames            2855260 Broadcast bytes
            0 1 collision frames                   0 Alignment errors
            0 2 collision frames                   0 FCS errors
            0 3 collision frames                   0 Oversize frames
            0 4 collision frames                  17 Undersize frames
            0 5 collision frames                   0 Collision fragments
            0 6 collision frames
            0 7 collision frames               46501 Minimum size frames
            0 8 collision frames                7813 65 to 127 byte frames
            0 9 collision frames                1613 128 to 255 byte frames
            0 10 collision frames               2114 256 to 511 byte frames
            0 11 collision frames              47218 512 to 1023 byte frames
            0 12 collision frames               1462 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames
            0 14 collision frames                  0 Pause frames
            0 15 collision frames
            0 Excessive collisions                 0 Symbol error frames
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large
            0 Excess defer frames                  0 Invalid frames, too small
       112850 64 byte frames                       0 Valid frames, too small
         6718 127 byte frames
        20771 255 byte frames                      0 Too old frames
        16109 511 byte frames                      0 Valid oversize frames
         1445 1023 byte frames                     0 System FCS error frames
          142 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames
            0 Good (1 coll) frames
            0 Good (>1 coll) frames

-Show receive and transmit utilization for all ports
0# sh controllers utilization
Port       Receive Utilization  Transmit Utilization
Fa2/0/1            0                    0
Fa2/0/2            0                    0
Fa2/0/3            0                    0
Fa2/0/4            0                    0
Fa2/0/5            0                    0

-Modify an access-list that is referenced with a class-map and policy-map (basically, you need to delete from the top down and rebuild from the bottom up):
Steps explained
# conf t
   remove the policy within the policy map that references the class-map that references the access-list (access-group)
   Remove the class-map that references the access-list (access-group)
   do a no access-list to remove the ACL
   Enter in the ACL statements
   Enter in the class-map statements
   change to policy-map
   Enter in the policy-map statements
Steps performed
   For this setup we’ll use this configuration
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# access-list 105 permit ip host 192.168.2.1 any
GOAL: To edit access-list 105 and change one of the source IP’s without the switch choking on itself
# conf t
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# no class EF-105-CLASS
(config-pmap) # exit
(config)# no class-map match-any EF-105-CLASS
(config)# no access-list 105
(config)# access-list 105 permit ip host 10.0.0.1 any
(config)# access-list 105 permit ip host 192.168.2.1 any
(config)# class-map match-any EF-105-CLASS
(config-cmap)# match access-group 105
(config-cmap)# exit
(config)# policy-map MARK-LAN-DSCP
(config-pmap)# class EF-105-CLASS
(config-pmap-c)# set dscp ef
(config-pmap-c)# exit
(config-pmap)# exit
(config)# exit
# wr

kron backup config

NOTE: make sure all devices has the same clock or point to the same NTP server

(config)# clock timezone GMT +7
(config)# archive
(config-archive)# path tftp://IP_of_TFTP_SERVER/$h$t
(config-archive)# write-memory
-kron will run 12AM
(config)# kron occurrence backup-config at 0:0 recurring
or
-kron will run 1 min later
(config)# kron occurrence backup-config in 1 oneshot

(config-kron-occurrence)# policy-list backup-config
(config)# kron policy-list backup-config
(config-kron-policy)# cli wr me
(config-kron-policy)# end
# wr me
#show kron schedule
backup-config inactive, will run once in 0 days 11:43:14

-to backup to local flash directory
#dir
Directory of flash0:/
    1  drw-           0  Jan 30 2013 07:00:00 +07:00  boot
  264  drw-           0  Oct 14 2013 07:00:00 +07:00  config
  267  -rw-   139942304  Mar 25 2015 07:00:00 +07:00  vios-adventerprisek9-m
  270  -rw-      524288  Feb 15 2018 21:55:44 +07:00  nvram
  271  -rw-          79  Feb 19 2018 11:35:08 +07:00  e1000_bia.txt
#cd backup
R1#dir
Directory of flash0:/backup/
No files in directory
2142715904 bytes total (1997635584 bytes free)
(config)# archive
(config-archive)#path flash:/backup/$h$t

How to save running-config to a text file

OPTION1:
# copy run flash:STAN.txt
make changes

# configure replace flash:STAN.txt

NOTE:
# copy flash:STAN.txt run
Its actually merge the config but not replace it

 

OPTION2:
enable archive and rollback which will rollback the old configuration if not confirmed (Just like in Junos)
# conf t
# (config) archive
# (config) path flash:STAN
# (config) end
-first archive
# archive config
# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named flash:STAN-<timestamp>-1
Archive #  Name
   1        flash:STAN-Feb-15-02-28-02.841-0 <- Most Recent
   2
   3
   4
   5
   6
   7
   8
   9
   10
-make changes
-save 2nd archive
# archive config
# show archive
-two archive listed then choose which archive you want to revert to
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger timer 10
after 10min running-config will be reverted to STAN-Feb-15-02-28-02.841-0
or
# configure replace flash:STAN-Feb-15-02-28-02.841-0 revert trigger

if you want to immediately revert to target archive

OPTION3:
send either the startup or running config to a TFTP, FTP or SCP server
# copy running-config archive:
# copy running-config flash:
# copy running-config flash0:
# copy running-config flash1:
# copy running-config flash2:
# copy running-config flash3:
# copy running-config ftp:
# copy running-config tftp:
# copy running-config scp:
# copy running-config http:

# copy running-config https:

OPTION4:
Putty
enable session> logging in putty using connection properties
then
term len 0
sh run
in this way all the file is placed without need to press for next page
then you stop logging and you have your file.
to have again pages type:
term len 25

putty saves an header with date and time at the beginning after that you have clean text file.

OPTION5:
SecureCRT
go to file then click on log session then save the file with .txt extension

thay way your config file will be saved in text format

OPTION6:
using Ansible
OPTION7:
SolarWInds NCM

Console Cisco causing BSOD with EventViewer Error 10016

SW INFO:
-Putty 0.7
-Windows 10 Pro

HW INFO:
-Aten USB to RS-232 Adapter UC232A

PROBLEMS:
1. every time I console to Cisco switch through COM port.
It will crash BSOD after some time

Error 10016 in EventViewer:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NBCTCP\nbctcp SID (S-1-5-21-2067972773-1120365315-274810299-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

SOLUTION:
-download and install latest ATEN UC232A WIN10 driver from
NOTE:
The solution seems odd because Win10 already has Aten driver as shown below.
But if I didn’t install latest WIN10 driver, it will causing BSOD
aten

Error “The first key-exchange algorithm supported by the server is diffie-hellman-group1-sha1”

2018-01-31 21_43_01-Windows 10 Event 10016 Fix_ The application-specific permission settings do not

Above error happen every time I ssh to my 3750 using Putty 0.7

SW INFO
CAT3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE12

SOLUTION1:

-using latest TeraTerm. It seems TeraTerm using relaxed Key Exchange

SOLUTION2:

-modify Putty as shown below (I am not prefer this method)
2018-02-01 09_22_37-PuTTY Configuration

SOLUTION3:
-harden IOS by upgrading to version 15 and follow this

Killing stuck process

Arista:
# bash
$ ps –ef | grep -i Stp
$ sudo kill PID

CheckPoint:
ps -auxww  Report all active processes in the kernel we can see zombi process with this command  (z)
You must first identify the parent process of these zombies;
ps -l -p <pid of zombie>
pidof fwd (splat)
pgrep -l sshd   Find the PIDs of processes by (part of) name
ps axjf              See in tree format also i can see parent pid )
pmap PID       Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)
ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying the processes in order of real memory use
ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for  (CDP,FWM,FWD)
cpwd_admin list
more explanation on  this post
******************************************************
Kill a Firewall process
kill -9 (pid of process)
fw kill [-t sig] proc_name
Example:
fw kill -t 9 fwm
Also process can be kill with top command and just press -k follow by process PID

Cisco:
# show processes cpu sorted
# clear sockets PID

F5
# ps ax | grep -i sshd
# kill -9 PID

Fortinet:
-check version
# fnsysctl cat /proc/version
Linux version 2.4.37 (root@build) #1 Mon Dec  4 20:51:05 UTC 2017
-check running daemon
# fnsysctl ls /var/run
alertmail.pid       authd.pid           bgpd.pid
cmdbsvr.pid         cw_acd.pid          daemon.pid
dhcpd.pid           dnsproxy.pid        eap_proxy.pid
fclicense.pid       fcnacd.pid          fgfmd.pid
fnbamd.pid          foauthd.pid         forticldd.pid
forticron.pid       fsvrd.pid           httpclid.pid
httpd.pid           iked.pid            imi.pid
init.pid            ipsengine.pid       ipsmonitor.pid
isisd.pid           kmiglogd.pid        merged_daemons.pid
miglogd000.pid      miglogd001.pid      nsm.pid
ntpd.pid            ospf6d.pid          ospfd.pid
pdmd.pid            pim6d.pid           pimd.pid
pyfcgid.pid         ripd.pid            ripngd.pid
snmpd.pid           sshd.pid            stpd.pid
telnetd.pid         updated.pid         uploadd.pid
wpad.pid            zebos_launcher.pid
-check running PID
# fnsysctl ps
PID       UID     GID     STATE   CMD
1         0       0       S       /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2         0       0       S       [keventd]
3         0       0       S       [ksoftirqd_CPU0]
4         0       0       S       [kswapd]
5         0       0       S       [bdflush]
6         0       0       S       [kupdated]
7         0       0       S       [memoryd]
8         0       0       S       [khubd]
12        0       0       S       [usb-storage-0]
13        0       0       S       [scsi_eh_0]
31        0       0       S       [mvl_link]
32        0       0       S       /bin/cmdbsvr
38        0       0       S       /bin/zebos_launcher
39        0       0       S       /bin/nsm -L 2
40        0       0       S       /bin/ripd -L 2
41        0       0       S       /bin/ripngd -L 2
42        0       0       S       /bin/ospfd -L 3
43        0       0       S       /bin/ospf6d -L 2
44        0       0       S       /bin/bgpd -L 3
45        0       0       S       /bin/isisd -L 2
46        0       0       S       /bin/pimd -L 2
47        0       0       S       /bin/pim6d -L 2
48        0       0       S       /bin/pdmd -L 2
49        0       0       S       /bin/imi -L 2
50        0       0       S       /bin/uploadd
51        0       0       S       /bin/miglogd
52        0       0       S       /bin/kmiglogd
53        0       0       S       /bin/httpsd
55        0       0       S       /bin/getty
56        0       0       S       /bin/ipsmonitor
59        0       0       S       /bin/merged_daemons
60        0       0       S       /bin/fnbamd
61        0       0       S       /bin/fclicense
62        0       0       S       /bin/ipshelper
63        0       0       S       /bin/forticron
64        0       0       S       /bin/forticldd
65        0       0       S       /bin/authd
66        0       0       S       /bin/foauthd
67        0       0       S       /bin/httpclid
68        0       0       S       /bin/iked
69        0       0       S       /bin/updated
70        0       0       S       /bin/snmpd
71        0       0       S       /bin/dhcpd
72        0       0       S       /bin/miglogd 1
73        0       0       S       /bin/ntpd
74        0       0       S       /bin/sshd
75        0       0       S       /bin/telnetd
78        0       0       S       /bin/alertmail
79        0       0       S       /bin/dnsproxy
80        0       0       S       /bin/eap_proxy
81        0       0       S       /bin/fgfmd
82        0       0       S       /bin/cw_acd
83        0       0       S       /bin/wpad_ac
84        0       0       S       /bin/stpd
85        0       0       S       /bin/fsvrd
87        0       0       S       /bin/fcnacd
92        0       0       S       /bin/httpsd
93        0       0       S       /bin/httpsd
94        0       0       S       /bin/httpsd
510       0       0       S       /bin/pyfcgid
512       0       0       S       /bin/pyfcgid
513       0       0       S       /bin/pyfcgid
514       0       0       S       /bin/pyfcgid
553       0       0       S       /bin/sshd
554       0       0       S       /bin/newcli
556       0       0       R       ps

-you can use diag to check 100 the most 100 top resources with 25s delay, but the list not as comprehensive as “fnsysctl ps” above
# diag sys top 25 100
Run Time:  0 days, 8 hours and 15 minutes
0U, 0N, 0S, 100I; 499T, 253F
         pyfcgid      510      S       0.0     5.1
         pyfcgid      512      S       0.0     5.0
         pyfcgid      513      S       0.0     5.0
         pyfcgid      514      S       0.0     5.0
         cmdbsvr       32      S       0.0     5.0
          httpsd       94      S       0.0     4.7
          httpsd       93      S       0.0     4.7
          httpsd       53      S       0.0     4.1
          cw_acd       82      S       0.0     4.0
          httpsd       92      S       0.0     3.9
       forticron       63      S       0.0     3.3
         miglogd       51      S       0.0     3.3
          newcli      560      R       0.0     3.1
          newcli      554      S       0.0     3.1
           fgfmd       81      S       0.0     3.0
       ipshelper       62      S <     0.0     2.5
          fcnacd       87      S       0.0     2.4
           authd       65      S       0.0     2.3
            iked       68      S       0.0     2.2
       eap_proxy       80      S       0.0     2.2

-for example we want to check dhcp PID
# fnsysctl more /var/run/dhcpd.pid
71
-to kill dhcpd
# diag sys kill 9 71
or
# fnsysctl kill -9 71
-to disable dhcpd service
# config sys dhcp server
# edit 1
# set status dis
-to enable back
# set status ena

HP:

Juniper:
> show system processes extensive
last pid: 16727; load averages: 22.24, 22.19, 22.15 up 0+17:39:34 01:26:10
265 processes: 28 running, 215 sleeping, 1 zombie, 21 waiting
Mem: 970M Active, 128M Inact, 147M Wired, 230M Cache, 112M Buf, 386M Free
> start shell
% top
   last pid: 37244; load averages: 0.04, 0.03, 0.00 up 16+16:18:49 09:19:44 52 processes:    1 running, 51 sleeping, , 1 zombie, 21 waiting
   CPU states: 2.5% user, 0.0% nice, 0.6% system, 0.3% interrupt, 96.6% idle Mem: 429M     Active, 69M Inact, 59M Wired, 165M Cache, 110M Buf, 258M Free
If the PID is identified from CLI, or the top command
% ps aux | grep –Wz
Pid=16396
Pid=13256
-to kill target PID
# kill -9 16396

Mikrotik:

PaloAlto:
Sangfor:

SonicWall:

Sophos:

Cisco ASA Software 8.x / 9.x – IKEv1 and IKEv2 Buffer Overflow

SOURCE:
RESULT:
-crashed ASA and force it to reboot

AFFECTED DEVICE:
Buffer overflow in the IKEv1 and IKEv2 implementations in
-Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices
-ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices
-Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000

VERIFICATION:
-find open port using kali linux
# nmap -v -A 10.0.10.221
opened ports are 22 and 443

-download python script from https://www.exploit-db.com/exploits/39823/
# python 39823.py 10.0.10.221 10.0.10.103:443
10.0.10.103 is my pc ip
443 is port that we want to attack, we can use port 22 instead