OS/Software version does not match requirement-f5-all

OS/Software version does not match requirement-f5-all
0

OS/Software version does not match requirement-f5-all

Vendor: f5

OS: all

Description:
Indeni can verify that the OS/software version installed is a specific one.

Remediation Steps:
Install the OS/software version required.

How does this work?
This script uses the F5 iControl REST API to retrieve the version of the OS.

Why is this important?
Capture the device operating system version.

Without Indeni how would you find this?
An administrator could extract this data by logging in to the device, entering TMSH and issuing the command “show sys version”.

f5-rest-mgmt-tm-sys-version

name: f5-rest-mgmt-tm-sys-version
description: Determine end of software support
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: f5
    product: load-balancer
    rest-api: 'true'
comments:
    software-eos-date:
        why: |
            Ensuring the software being used is always within the vendor's list of supported versions is critical. Otherwise, during a critical issue, the vendor may decline to provide technical support. F5 Networks posts the list of supported software on their website (https://support.f5.com/csp/article/K5903). indeni tracks that list and updates this script to match.
        how: |
            This script uses the F5 iControl REST API to retrieve the current software version (the equivalent of running "show sys version" in TMSH) and based on the software version and the F5 Networks provided information at https://support.f5.com/csp/article/K5903 the correct end of support date is used.
        without-indeni: |
            Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing its software end of support and is in need of upgrading.
        can-with-snmp: false
        can-with-syslog: false
    os-name:
        why: |
            Capture the device operating system name.
        how: |
            This script uses the F5 iControl REST API to retrieve the name of the OS.
        without-indeni: |
            An administrator could extract this data by logging in to the device, entering TMSH and issuing the command "show sys version".
        can-with-snmp: true
        can-with-syslog: false
    os-version:
        why: |
            Capture the device operating system version.
        how: |
            This script uses the F5 iControl REST API to retrieve the version of the OS.
        without-indeni: |
            An administrator could extract this data by logging in to the device, entering TMSH and issuing the command "show sys version".
        can-with-snmp: true
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /mgmt/tm/sys/version?$select=Version
    parse:
        type: JSON
        file: rest-mgmt-tm-sys-version.parser.1.json.yaml

crossvendor_compliance_check_os_version

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition

case class crossvendor_compliance_check_os_version() extends SingleSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_os_version",
  ruleFriendlyName = "Compliance Check: OS/Software version does not match requirement",
  ruleDescription = "Indeni can verify that the OS/software version installed is a specific one.",
  severity = AlertSeverity.WARN,
  metricName = "os-version",
  baseRemediationText = "Install the OS/software version required.",
  parameterName = "OS/Software Version",
  parameterDescription = "The OS/software version to compare against.",
  expectedValue = "")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Check that the vPC peers have the same NX-OS version except during the non-disruptive upgrade, that is, In-Service Software Upgrade (ISSU).
      |2. Execute the "show version" NX-OS command and check the installed NX-OS version across the vPC peer switches.
      |3. Schedule a Maintenance Window for NX-OS upgrade in order the vPC peer switches have exact the same NX-OS version.
      |4. You can follow the next NX-OS upgrade guides for Nexus 9k, 7k, 5k and 3k series:
      |
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/upgrade/guide/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x_chapter_01.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/upgrade/guide/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6-x.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/upgrade/503_N1_1/n5k_upgrade_downgrade_503.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/upgrade/6_x/Cisco_n3k_Upgrade_Downgrade_6x.html
    """.stripMargin
)