OS/Software version does not match requirement-juniper-junos

OS/Software version does not match requirement-juniper-junos
0

OS/Software version does not match requirement-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni can verify that the OS/software version installed is a specific one.

Remediation Steps:
Install the OS/software version required.

How does this work?
This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the “show version” command. The output includes the device’s hardware and software related details.

Why is this important?
Capture the device operating system version. The version should be the same across all members of a cluster.

Without Indeni how would you find this?
An administrator would have to log into the device and manually issue commands to retrieve this information.

junos-show-version

name: junos-show-version
description: Fetch the information for the end of support for hardware and software
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    model:
        why: |
            Capture the device model.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
            command. The output includes the device's hardware and software related details.
        can-with-snmp: true
        can-with-syslog: false
    vendor:
        why: |
            Capture the device vendor name.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
            command. The output includes the device's hardware and software related details.
        can-with-snmp: true
        can-with-syslog: false
    hostname:
        why: |
            Capture the host name of the device. This is used for inventory purposes.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
            command. The output includes the device's hardware and software related details.
        can-with-snmp: true
        can-with-syslog: false
    os-name:
        why: |
            Capture the device operating system name.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
            command. The output includes the device's hardware and software related details.
        can-with-snmp: true
        can-with-syslog: false
    os-version:
        why: |
            Capture the device operating system version. The version should be the same across all members of a cluster.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
            command. The output includes the device's hardware and software related details.
        can-with-snmp: true
        can-with-syslog: false
    software-eos-date:
        why: "Ensuring the software being used is always within the vendor's list\
            \ of supported versions is critical.\nOtherwise, during a critical issue,\
            \ the vendor may decline to provide technical support. Juniper posts the\
            \ list\nof supported software on their website: \nhttp://www.juniper.net/support/eol/junos.html\n"
        how: |
            This script logs into the Juniper JUNOS-based device using SSH to retrieve the current software version and
            based on the software version and the Juniper provided information at:
            http://www.juniper.net/support/eol/junos.html the correct end of support date is used.
        can-with-snmp: false
        can-with-syslog: false
    hardware-eos-date:
        why: "Ensuring the hardware being used is always within the vendor's list\
            \ of supported models is critical. Otherwise,\nduring a critical issue,\
            \ the vendor may decline to provide technical support. Juniper posts the\
            \ list of\nsupported hardware on their website: \nhttp://www.juniper.net/support/eol/srxseries_hw.html\n"
        how: |
            This script logs into the Juniper JUNOS-based device using SSH to retrieve the current model used and based on
            it and the Juniper provided information at http://www.juniper.net/support/eol/srxseries_hw.html the correct end
            of support date is used.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: show-version.remote.1.bash
    parse:
        type: AWK
        file: show-version.parser.1.awk

crossvendor_compliance_check_os_version

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor.compliance

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotComplianceCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition

case class crossvendor_compliance_check_os_version() extends SingleSnapshotComplianceCheckTemplateRule(
  ruleName = "crossvendor_compliance_check_os_version",
  ruleFriendlyName = "Compliance Check: OS/Software version does not match requirement",
  ruleDescription = "Indeni can verify that the OS/software version installed is a specific one.",
  severity = AlertSeverity.WARN,
  metricName = "os-version",
  baseRemediationText = "Install the OS/software version required.",
  parameterName = "OS/Software Version",
  parameterDescription = "The OS/software version to compare against.",
  expectedValue = "")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Check that the vPC peers have the same NX-OS version except during the non-disruptive upgrade, that is, In-Service Software Upgrade (ISSU).
      |2. Execute the "show version" NX-OS command and check the installed NX-OS version across the vPC peer switches.
      |3. Schedule a Maintenance Window for NX-OS upgrade in order the vPC peer switches have exact the same NX-OS version.
      |4. You can follow the next NX-OS upgrade guides for Nexus 9k, 7k, 5k and 3k series:
      |
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/upgrade/guide/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x/b_Cisco_Nexus_9000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6x_chapter_01.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/upgrade/guide/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6-x.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/upgrade/503_N1_1/n5k_upgrade_downgrade_503.html
      |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/upgrade/6_x/Cisco_n3k_Upgrade_Downgrade_6x.html
    """.stripMargin
)