The configuration file of the network devices needs to be backed up in a timely manner to ensure device security, reliability, and availability of services. In case of a fault occurs on a device, the backup configuration file can be restore to the device to quickly for the continuity of service. The configuration backup must be operated with secure protocol such as SFTP or SSH only.
In this article we will do the configuration backup for a list of Cisco ASA Firewall with Python script using SSH secure protocol on Linux server running CentOS7.
In this tutorial, it is supposed that:
a. You have already install RHEL/CentOS 7 Linux server up and running. In case that you don’t, you would probably like to read this link. Minimal RHEL/CentOS 7 Installation With Logical Volume Manager (LVM).
b. You have already done the initial server setup. Please refer to this link Minimal RHEL/CentOS 7 Initial Server Setup.
c. You already done SSH configuration on Cisco ASA Firewall, Please refer to this link SSH Configuration on Cisco ASA Firewall 9.x
3. Scenario Diagram
There is a Linux server running CentOS7 and connected to Cisco ASA firewalls. From Linux server we can remote SSH to all Cisco ASA firewalls. You can download Python Backup script here Script_BackupConfig_CiscoASAFirewall extract it and upload to CentOS7 Linux server.
There are 2 files. One is the script file and another one is list of host to be backup by this script.You can create a directory any where and keep these 2 files together in the same directory. For our case now, let make directory /var/scripts/netbackup and keep this 2 files there.
# mkdir -p /var/scripts/netbackup # mv backup_ciscoasa_firewall.py /var/scripts/netbackup # mv ciscoasa_firewall /var/scripts/netbackup
In this script will backup Cisco ASA firewall configuration to directory /var/netbackup, so need to create this directory accordingly.
# mkdir -p /var/netbackup
You need to update USER, PASSWORD, and secret to your own username, password, and enable password.
# cd /var/scripts/netbackup # vim backup_ciscoasa_firewall.py ###authentication USER = 'netadmin' PASSWORD = 'Pa$word2019' secret = 'eNableP@ssWord'
The script will do multiple devices backup from list of host in file ciscoasa_firewall. So, we need to add Cisco ASA firewall hostname or IP address of remote SSH management into this file. Let use /etc/hosts to have a friendly name of backup file.
# vim /etc/hosts 192.168.1.12 ciscoasa_firewall01 192.168.1.13 ciscoasa_firewall02 # cd /var/scripts/netbackup # vim ciscoasa_firewall ciscoasa_firewall01 ciscoasa_firewall02
4. Install Prerequesed Phyton Packets
By default after installing CentOS7 Linux OS, Python version 2.7.5 should be installed there. We can verify with the following command.
# python --version Python 2.7.5
To execute this Python script, we need to install the following Python module.
# yum install python-pip # pip install paramiko
Now, we should be able to run this Python backup script, but need to make this script executable with the following command.
# chmod +x backup_cisco_routerswitch.py
Let test run the script manually with the following commands.
Then we need to verify to make sure that the script can backup the Cisco router and switch configuration successfully.
# ll /var/netbackup total 8 -rw-r--r--. 1 root root 6465 Jun 9 21:24 ciscoasa_firewall01_2019069_212353 -rw-r--r--. 1 root root 6425 Jun 9 21:24 ciscoasa_firewall02_2019069_212354 # du -sh * 10.0K ciscoasa_firewall01_2019069_212353 13.0K ciscoasa_firewall02_2019069_212354 # vim /var/netbackup/dc/ciscoasa_firewall01_2019069_212353 # vim /var/netbackup/dc/ciscoasa_firewall02_2019069_212354
6. Schedully Run The Script
Finally, It is time make a cronjob to run this script schedully. Let cronjon run this script everday at 21:00.
# cd /etc/cron.d # vim netbackup 0 21 * * * root cd /var/scripts/netbackup; /var/scripts/netbackup/backup_ciscoasa_firewall.py
That’s all about doing the configuration backup for a list of Cisco ASA firewall with Python script using SSH secure protocol on Linux server running CentOS7 from Tech Space KH. Hopefully, you can find this guide informative. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.