OS/Software version does not match requirement-f5-all
Indeni can verify that the OS/software version installed is a specific one.
Install the OS/software version required.
How does this work?
This script uses the F5 iControl REST API to retrieve the version of the OS.
Why is this important?
Capture the device operating system version.
Without Indeni how would you find this?
An administrator could extract this data by logging in to the device, entering TMSH and issuing the command “show sys version”.
name: f5-rest-mgmt-tm-sys-version description: Determine end of software support type: monitoring monitoring_interval: 60 minutes requires: vendor: f5 product: load-balancer rest-api: 'true' comments: software-eos-date: why: | Ensuring the software being used is always within the vendor's list of supported versions is critical. Otherwise, during a critical issue, the vendor may decline to provide technical support. F5 Networks posts the list of supported software on their website (https://support.f5.com/csp/article/K5903). indeni tracks that list and updates this script to match. how: | This script uses the F5 iControl REST API to retrieve the current software version (the equivalent of running "show sys version" in TMSH) and based on the software version and the F5 Networks provided information at https://support.f5.com/csp/article/K5903 the correct end of support date is used. can-with-snmp: false can-with-syslog: false os-name: why: | Capture the device operating system name. how: | This script uses the F5 iControl REST API to retrieve the name of the OS. can-with-snmp: true can-with-syslog: false os-version: why: | Capture the device operating system version. how: | This script uses the F5 iControl REST API to retrieve the version of the OS. can-with-snmp: true can-with-syslog: false vendor: why: | Capture the device vendor name. how: | This script set the vendor value to F5. can-with-snmp: true can-with-syslog: false steps: - run: type: HTTP command: /mgmt/tm/sys/version?$select=Version parse: type: JSON file: rest-mgmt-tm-sys-version.parser.1.json.yaml
// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead. package com.indeni.server.rules.library.templatebased.crossvendor.compliance import com.indeni.server.rules.RuleContext import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity import com.indeni.server.rules.RemediationStepCondition case class crossvendor_compliance_check_os_version() extends SingleSnapshotComplianceCheckTemplateRule( ruleName = "crossvendor_compliance_check_os_version", ruleFriendlyName = "Compliance Check: OS/Software version does not match requirement", ruleDescription = "Indeni can verify that the OS/software version installed is a specific one.", severity = AlertSeverity.WARN, metricName = "os-version", baseRemediationText = "Install the OS/software version required.", parameterName = "OS/Software Version", parameterDescription = "The OS/software version to compare against.", expectedValue = "")( RemediationStepCondition.VENDOR_CISCO -> """| |1. Check that the vPC peers have the same NX-OS version except during the non-disruptive upgrade, that is, In-Service Software Upgrade (ISSU). |2. Execute the "show version" NX-OS command and check the installed NX-OS version across the vPC peer switches. |3. Schedule a Maintenance Window for NX-OS upgrade in order the vPC peer switches have exact the same NX-OS version. |4. You can follow the next NX-OS upgrade guides for Nexus 9k, 7k, 5k and 3k series: | |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/upgrade/guide/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x_chapter_01.html |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/upgrade/guide/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6-x.html |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/upgrade/503_N1_1/n5k_upgrade_downgrade_503.html |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/upgrade/6_x/Cisco_n3k_Upgrade_Downgrade_6x.html """.stripMargin )