chammer

chammer is a tool built on top of the Net::IPBlocker library, designed to beat Cisco routers, switches, and firewalls into submission and compliance. Primary focus is to automate password changes, deploy configuration templates, fetch configs, and just about any other function a network engineer would peform via Telnet or SSH to a Cisco box. Command line interface is provided (no Web front-end yet, sorry). Logging, verbose output, automatic prompt detection, and automatic device type detection are included.

chammer is free software licensed under the GPL.

The Net::IPBlocker library is free software licensed under the same terms as Perl, allowing you to choose between the GPL and Artistic licenses.

Using chammer, a network engineer can quickly and easily run many commands across many Cisco devices over the network, automating many basic network management tasks.

We believe network engineers will find this utility useful (it makes their lives a little easier).

Example scenario:

You are now in charge of a large enterprise network with hundreds of Cisco devices. The crew in charge previously was messy and the network configs are in chaos. Several generations of passwords are in use, randomly scattered across various switches, routers, and firewalls. Nobody has taken the time to lockdown the global configurations. You have a list of IP addresses for Cisco devices, a list of old passwords, and chammer. In an hour or two you've restored order. All devices are now using a new set of passwords grouped by zone, and you've deployed a new security configuration baseline across the entire network. Ta da!

Primary function is a network management tool, assisting network engineers automate basic tasks.
When decision is required, follow the KISS path.
Perl.

chammer is a Perl application built on top of Net::IPBlocker, a series of Perl modules.

The full change log is available online.

September 5, 2005: New command line --run feature. Added support for Cisco PIX firewalls.

August 8, 2005: chammer.org online; initial public release, version 2.x.

May, 2005: Cisco switches and routers (Cisco IOS and CatOS) currently supported.

Perl
Net::IPBlocker

In addition to the dependencies required by Net::IPBlocker, chammer requires the following Perl modules (available via CPAN):
Crypt::DES
Net::SNMP

Development platform is Linux with Perl.

chammer is written in Perl and may run almost anywhere. Please let us know if you're successful at running it on platforms other than Linux.

chammer-2.0.20050905.tar.gz

If you have questions about this software or are interested in supporting the project, please contact us.

Cisco-centric Open Source Exchange
Pancho
WANdoc
Network Config Audit Tool / Router Audit Tool
Stuart Kendrick's scripts
Switchmap

Net::Telnet::Cisco

Location
We recommend you run this application on a host that is dedicated to network management tasks and benefits from defense-in-depth network protections. You're looking to share a platform that is allowed to manage your network infrastructure devices (maybe you have a box running MRTG or Nagios?). chammer is very light-weight and doesn't have resource requirements that would justify a box all to itself, but a dedicated box will work just fine.

Encrypting Communications with Network Devices
SSH is supported for accessing network devices securely. Note: Telnet and SNMP support is also included but does not use encryption.

Scalability and Speed
This script doesn't require a lot of resource so it ought to run on just about any hardware. Execution time is dependent upon network latency and responsiveness of the Cisco devices on your network. Obviously it'll take a lot longer to change passwords and deploy a twenty line config template to old and slow Cisco 2500 routers compared to running a five line template against a network full of brand new Cisco 7600 routers. In real world operations we've deployed config templates via telnet across 650+ mixed IOS and CatOS switches and routers in about 45 minutes. Running time will vary based on how many actions are involved with each configuration template.

Significant performance enhancements will be achieved by changing the architecture to support concurrency (parallel versus sequential processing). In a future release we'll setup a service loop to run multiple threads and/or processes in parallel, running many jobs simultaneously. This will greatly reduce the time required to complete a mission. Currently this script runs single-threaded, in serial, so that each device is accessed sequentially working down a list (great for debugging, not so great for overall performance).

The current release of chammer stores all data in flat text files. As we add add features and look at increasing scalability, using a database as an alternative to text files may be implemented. The goal for now is to write code that can easily toggle between text files and the potential for future database support.

There are significant risks associated with running a tool of this type if you aren't absolutely certain of the expected results. Applications of this type can help you very quickly deploy a new config across the network, but can also just as quickly lock you out of the network or cause widespread problems. Make sure you thoroughly test new templates on a couple non-production boxes before sending the commands out to hundreds or thousands of devices. You've been warned.

chammer is licensed under the terms of the GNU General Public License as published by the Free Software Foundation, either Version 2 of the License or any later version. This gives you legal permission to copy, distribute and/or modify chammer under certain conditions. Read the 'LICENSE' file in the chammer distribution or read the online version of the license for more details. IP Blocker is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2005-2007 Rob Patrick. All information, documentation, software, and other materials on this website are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE WARRANTY OF DESIGN, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE.

Linux is a registered trademark of Linus Torvalds. Cisco and Cisco IOS are registered trademarks of Cisco Systems, Inc.