[Nocrancid] autopop-onenet.net router config diffs
rancid at rancid.noc.onenet.net
rancid at rancid.noc.onenet.net
Tue Jan 8 16:03:26 CST 2013
Index: core1.nor-mx480.onenet.net
===================================================================
--- core1.nor-mx480.onenet.net (revision 48241)
+++ core1.nor-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at NORMAN1-MX480-RE0> show system commit
+# 2013-01-08 15:40:38 CST by jeremyt via cli commit synchronize
# 2012-12-31 11:44:40 CST by joel via cli commit synchronize
# 2012-12-18 19:59:37 CST by joel via cli commit synchronize
# 2012-12-18 19:58:45 CST by joel via cli commit synchronize
# 2012-12-13 14:44:10 CST by bobby via cli commit synchronize
# 2012-12-04 16:40:26 CST by jeremyt via cli commit synchronize
-# 2012-11-16 14:42:33 CST by rnordmark via cli commit synchronize
# grnoc-mon at NORMAN1-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -328,7 +328,7 @@
# grnoc-mon at NORMAN1-MX480-RE0> show system uptime
# System booted: 2011-12-01 23:39 CST
# Protocols started: 2011-12-01 23:50 CST
-# Last configured: 2012-12-31 11:44 CST by joel
+# Last configured: 2013-01-08 15:40 CST by jeremyt
#
# {master}
# grnoc-mon at NORMAN1-MX480-RE0> show interface terse
@@ -428,7 +428,7 @@
#pp0 up up
#tap up up
# grnoc-mon at NORMAN1-MX480-RE0> show configuration
-## Last commit: 2012-12-31 11:44:40 CST by joel
+## Last commit: 2013-01-08 15:40:38 CST by jeremyt
version 10.4R6.5;
groups {
re0 {
@@ -487,6 +487,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -498,6 +513,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1353,11 +1376,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1497,8 +1520,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core4.tul-mx480.onenet.net
===================================================================
--- core4.tul-mx480.onenet.net (revision 48471)
+++ core4.tul-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system commit
+# 2013-01-08 15:43:15 CST by jeremyt via cli commit synchronize
# 2013-01-03 21:07:46 CST by rnordmark via cli commit synchronize
# 2013-01-03 12:09:02 CST by joel via cli commit synchronize
# 2013-01-03 11:17:58 CST by joel via cli commit synchronize
# 2012-12-30 15:52:32 CST by rnordmark via cli commit synchronize
# 2012-12-30 15:36:40 CST by rnordmark via cli commit synchronize
-# 2012-12-30 15:20:26 CST by rnordmark via cli commit confirmed, rollback in 5mins synchronize
# grnoc-mon at TULSA-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -331,7 +331,7 @@
# grnoc-mon at TULSA-CORE4-MX480-RE0> show system uptime
# System booted: 2011-11-30 00:15 CST
# Protocols started: 2011-11-30 00:19 CST
-# Last configured: 2013-01-03 21:07 CST by rnordmark
+# Last configured: 2013-01-08 15:43 CST by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE4-MX480-RE0> show interface terse
@@ -460,7 +460,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE4-MX480-RE0> show configuration
-## Last commit: 2013-01-03 21:07:46 CST by rnordmark
+## Last commit: 2013-01-08 15:43:15 CST by jeremyt
version 10.4R6.5;
groups {
re0 {
@@ -522,6 +522,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -533,6 +548,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -2927,8 +2950,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core2.nor-mx480.onenet.net
===================================================================
--- core2.nor-mx480.onenet.net (revision 47497)
+++ core2.nor-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at NORMAN2-MX480-RE0> show system commit
+# 2013-01-08 15:40:48 CST by jeremyt via cli commit synchronize
# 2012-12-17 10:55:01 CST by bobby via cli commit synchronize
# 2012-12-14 09:19:32 CST by bobby via cli commit synchronize
# 2012-12-04 16:40:30 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:42:40 CST by rnordmark via cli commit synchronize
# 2012-08-17 15:52:48 CDT by jeremyt via cli commit synchronize
-# 2012-05-24 15:57:53 CDT by joel via cli commit synchronize
# grnoc-mon at NORMAN2-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -313,7 +313,7 @@
# grnoc-mon at NORMAN2-MX480-RE0> show system uptime
# System booted: 2011-12-01 23:52 CST
# Protocols started: 2011-12-01 23:55 CST
-# Last configured: 2012-12-17 10:55 CST by bobby
+# Last configured: 2013-01-08 15:40 CST by jeremyt
#
# {master}
# grnoc-mon at NORMAN2-MX480-RE0> show interface terse
@@ -390,7 +390,7 @@
#pp0 up up
#tap up up
# grnoc-mon at NORMAN2-MX480-RE0> show configuration
-## Last commit: 2012-12-17 10:55:01 CST by bobby
+## Last commit: 2013-01-08 15:40:48 CST by jeremyt
version 10.4R6.5;
groups {
re0 {
@@ -449,6 +449,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -460,6 +475,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -987,11 +1010,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1131,8 +1154,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core4-mx480.onenet.net
===================================================================
--- core4-mx480.onenet.net (revision 48513)
+++ core4-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE4-MX480-RE0> show system commit
+# 2013-01-08 15:42:11 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:16:08 CST by joel via cli commit synchronize
# 2013-01-02 21:45:26 CST by joel via cli commit synchronize
# 2012-12-26 00:51:55 CST by admin via cli commit synchronize
# 2012-12-20 17:58:28 CST by joel via cli commit synchronize
# 2012-12-20 15:46:12 CST by joel via cli commit synchronize
-# 2012-12-20 13:19:39 CST by jeremyt via cli commit synchronize
# grnoc-mon at OKC-CORE4-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -385,7 +385,7 @@
# grnoc-mon at OKC-CORE4-MX480-RE0> show system uptime
# System booted: 2012-09-16 02:03 CDT
# Protocols started: 2012-09-16 02:04 CDT
-# Last configured: 2013-01-04 10:16 CST by joel
+# Last configured: 2013-01-08 15:42 CST by jeremyt
#
# {master}
# grnoc-mon at OKC-CORE4-MX480-RE0> show interface terse
@@ -581,7 +581,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE4-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:16:08 CST by joel
+## Last commit: 2013-01-08 15:42:11 CST by jeremyt
version 11.4R5.5;
groups {
re0 {
@@ -644,6 +644,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -655,6 +670,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -2684,11 +2707,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2828,8 +2851,6 @@
}
term DENY_ALL {
then {
- inactive: log;
- inactive: syslog;
discard;
}
}
Index: core1.okc-mx960.onenet.net
===================================================================
--- core1.okc-mx960.onenet.net (revision 48773)
+++ core1.okc-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE1-MX960-RE0> show system commit
+# 2013-01-08 15:41:23 CST by jeremyt via cli commit synchronize
# 2013-01-07 11:19:52 CST by rnordmark via cli commit synchronize
# 2013-01-07 11:10:54 CST by rnordmark via cli commit synchronize
# 2013-01-05 17:19:32 CST by jeremyt via cli commit synchronize
# 2013-01-03 20:43:21 CST by rnordmark via cli commit synchronize
# 2013-01-03 20:37:13 CST by rnordmark via cli commit synchronize
-# 2012-12-31 12:32:39 CST by joel via cli commit synchronize
# grnoc-mon at OKC-CORE1-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -447,7 +447,7 @@
# grnoc-mon at OKC-CORE1-MX960-RE0> show system uptime
# System booted: 2011-11-20 08:08 CST
# Protocols started: 2011-11-20 08:09 CST
-# Last configured: 2013-01-07 11:19 CST by rnordmark
+# Last configured: 2013-01-08 15:41 CST by jeremyt
#
# {master}
# grnoc-mon at OKC-CORE1-MX960-RE0> show interface terse
@@ -614,7 +614,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE1-MX960-RE0> show configuration
-## Last commit: 2013-01-07 11:19:52 CST by rnordmark
+## Last commit: 2013-01-08 15:41:23 CST by jeremyt
version 10.4R6.5;
groups {
re0 {
Index: core6.tul-m7i.onenet.net
===================================================================
--- core6.tul-m7i.onenet.net (revision 48431)
+++ core6.tul-m7i.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show system commit
+# 2013-01-08 15:43:32 CST by jeremyt via cli
# 2013-01-03 12:01:57 CST by joel via cli
# 2012-12-13 15:50:30 CST by joel via cli
# 2012-12-04 16:39:53 CST by jeremyt via cli
# 2012-11-21 16:16:54 CST by bobby via cli
# 2012-11-21 14:47:03 CST by bobby via cli
-# 2012-11-21 13:27:54 CST by bobby via cli
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show chassis environment
# Class Item Status Measurement
# Power Power Supply 0 OK
@@ -192,7 +192,7 @@
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show system uptime
# System booted: 2011-03-24 16:11 CDT
# Protocols started: 2011-04-05 03:27 CDT
-# Last configured: 2013-01-03 12:01 CST by joel
+# Last configured: 2013-01-08 15:43 CST by jeremyt
#
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show interface terse
#Interface Admin Link
@@ -234,7 +234,7 @@
#pime up up
#tap up up
# grnoc-mon at ROUTE-REFLECTOR-TULSA-M7i> show configuration
-## Last commit: 2013-01-03 12:01:57 CST by joel
+## Last commit: 2013-01-08 15:43:32 CST by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -279,6 +279,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -290,6 +305,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1083,11 +1106,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1217,8 +1240,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core2-okc-mx960.onenet.net
===================================================================
--- core2-okc-mx960.onenet.net (revision 48635)
+++ core2-okc-mx960.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE2-MX960-RE0> show system commit
+# 2013-01-08 15:41:32 CST by jeremyt via cli commit synchronize
# 2013-01-05 17:18:52 CST by jeremyt via cli commit synchronize
# 2013-01-04 13:43:14 CST by jeremyt via cli commit synchronize
# 2013-01-03 20:50:45 CST by rnordmark via cli commit synchronize
# 2013-01-02 21:31:11 CST by joel via cli commit synchronize
# 2013-01-02 21:28:57 CST by joel via cli commit synchronize
-# 2013-01-02 21:22:22 CST by joel via cli commit synchronize
# grnoc-mon at OKC-CORE2-MX960-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -407,7 +407,7 @@
# grnoc-mon at OKC-CORE2-MX960-RE0> show system uptime
# System booted: 2011-11-18 00:10 CST
# Protocols started: 2011-11-18 00:12 CST
-# Last configured: 2013-01-05 17:18 CST by jeremyt
+# Last configured: 2013-01-08 15:41 CST by jeremyt
#
# {master}
# grnoc-mon at OKC-CORE2-MX960-RE0> show interface terse
@@ -541,7 +541,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE2-MX960-RE0> show configuration
-## Last commit: 2013-01-05 17:18:52 CST by jeremyt
+## Last commit: 2013-01-08 15:41:32 CST by jeremyt
version 10.4R6.5;
groups {
re0 {
@@ -600,6 +600,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -611,6 +626,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -1977,11 +2000,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2122,8 +2145,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.alt-mx480.onenet.net
===================================================================
--- hub.alt-mx480.onenet.net (revision 48754)
+++ hub.alt-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ALTUS-MX480-RE0> show system commit
+# 2013-01-08 15:45:56 CST by jeremyt via cli commit synchronize
# 2013-01-04 08:48:05 CST by rnordmark via cli commit synchronize
# 2012-12-14 21:40:03 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:59 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:02 CST by admin via netconf commit synchronize
# 2012-12-14 21:38:59 CST by admin via netconf commit synchronize
-# 2012-12-14 21:37:57 CST by admin via netconf commit synchronize
# grnoc-mon at ALTUS-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -279,7 +279,7 @@
# grnoc-mon at ALTUS-MX480-RE0> show system uptime
# System booted: 2012-08-20 15:04 CDT
# Protocols started: 2012-08-20 15:06 CDT
-# Last configured: 2013-01-04 08:48 CST by rnordmark
+# Last configured: 2013-01-08 15:45 CST by jeremyt
#
# {master}
# grnoc-mon at ALTUS-MX480-RE0> show interface terse
@@ -352,7 +352,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ALTUS-MX480-RE0> show configuration
-## Last commit: 2013-01-04 08:48:05 CST by rnordmark
+## Last commit: 2013-01-08 15:45:56 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -412,6 +412,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -423,6 +438,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -898,11 +921,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1042,8 +1065,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.alv.onenet.net
===================================================================
--- hub.alv.onenet.net (revision 48800)
+++ hub.alv.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ALVA-M120-RE0> show system commit
+# 2013-01-08 15:32:53 CST by jeremyt via cli commit synchronize
# 2013-01-04 08:56:10 CST by joe via cli commit synchronize
# 2012-12-13 15:11:27 CST by rnordmark via cli commit synchronize
# 2012-12-04 16:10:05 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:38:14 CST by rnordmark via cli commit synchronize
# 2012-08-30 22:23:10 CDT by joe via cli commit synchronize
-# 2012-08-30 22:21:20 CDT by joe via cli commit synchronize
# grnoc-mon at ALVA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at ALVA-M120-RE0> show system uptime
# System booted: 2011-04-15 20:34 CDT
# Protocols started: 2011-04-15 20:36 CDT
-# Last configured: 2013-01-04 08:56 CST by joe
+# Last configured: 2013-01-08 15:32 CST by jeremyt
#
# {master}
# grnoc-mon at ALVA-M120-RE0> show interface terse
@@ -426,7 +426,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ALVA-M120-RE0> show configuration
-## Last commit: 2013-01-04 08:56:10 CST by joe
+## Last commit: 2013-01-08 15:32:53 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -485,6 +485,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -496,6 +511,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1068,11 +1091,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1212,8 +1235,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core5.okc-mx480.onenet.net
===================================================================
--- core5.okc-mx480.onenet.net (revision 48393)
+++ core5.okc-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE5-MX480-RE0> show system commit
+# 2013-01-08 15:42:21 CST by jeremyt via cli commit synchronize
# 2013-01-02 23:02:19 CST by joel via cli commit synchronize
# 2012-12-20 12:33:46 CST by bobby via cli commit synchronize
# 2012-12-20 12:33:08 CST by bobby via cli commit synchronize
# 2012-12-20 12:32:13 CST by bobby via cli commit synchronize
# 2012-12-19 14:06:43 CST by bobby via cli commit synchronize
-# 2012-12-19 10:27:33 CST by joel via cli commit synchronize
# grnoc-mon at OKC-CORE5-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -386,7 +386,7 @@
# grnoc-mon at OKC-CORE5-MX480-RE0> show system uptime
# System booted: 2012-09-16 01:59 CDT
# Protocols started: 2012-09-16 02:00 CDT
-# Last configured: 2013-01-02 23:02 CST by joel
+# Last configured: 2013-01-08 15:42 CST by jeremyt
#
# {master}
# grnoc-mon at OKC-CORE5-MX480-RE0> show interface terse
@@ -543,7 +543,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE5-MX480-RE0> show configuration
-## Last commit: 2013-01-02 23:02:19 CST by joel
+## Last commit: 2013-01-08 15:42:21 CST by jeremyt
version 11.4R5.5;
groups {
re0 {
@@ -607,6 +607,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -618,6 +633,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -2013,11 +2036,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2157,8 +2180,6 @@
}
term DENY_ALL {
then {
- inactive: log;
- inactive: syslog;
discard;
}
}
Index: hub.bar.onenet.net
===================================================================
--- hub.bar.onenet.net (revision 48278)
+++ hub.bar.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at BARTLESVILLE-M120-RE0> show system commit
+# 2013-01-08 15:33:19 CST by jeremyt via cli commit synchronize
# 2012-12-14 15:36:40 CST by joel via cli commit synchronize
# 2012-12-14 13:20:19 CST by joel via cli commit synchronize
# 2012-12-13 15:25:59 CST by rnordmark via cli commit synchronize
# 2012-12-11 14:04:21 CST by bobby via cli commit synchronize
# 2012-12-04 16:22:52 CST by jeremyt via cli commit synchronize
-# 2012-11-29 13:15:18 CST by smclean via cli commit synchronize
# grnoc-mon at BARTLESVILLE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at BARTLESVILLE-M120-RE0> show system uptime
# System booted: 2011-02-25 14:01 CST
# Protocols started: 2011-02-25 14:02 CST
-# Last configured: 2012-12-14 15:36 CST by joel
+# Last configured: 2013-01-08 15:33 CST by jeremyt
#
# {master}
# grnoc-mon at BARTLESVILLE-M120-RE0> show interface terse
@@ -414,7 +414,7 @@
#pp0 up up
#tap up up
# grnoc-mon at BARTLESVILLE-M120-RE0> show configuration
-## Last commit: 2012-12-14 15:36:40 CST by joel
+## Last commit: 2013-01-08 15:33:19 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -473,6 +473,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -484,6 +499,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1300,11 +1323,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1444,8 +1467,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core6.okc-m7i.onenet.net
===================================================================
--- core6.okc-m7i.onenet.net (revision 48395)
+++ core6.okc-m7i.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ROUTE-REFLECTOR-OKC-M7i> show system commit
+# 2013-01-08 15:42:29 CST by jeremyt via cli
# 2013-01-02 23:04:55 CST by joel via cli
# 2012-12-14 14:34:34 CST by bobby via cli
# 2012-12-14 13:41:16 CST by bobby via cli
# 2012-12-04 16:38:39 CST by jeremyt via cli
# 2012-11-21 16:12:21 CST by bobby via cli
-# 2012-11-21 15:52:53 CST by bobby via cli
# grnoc-mon at ROUTE-REFLECTOR-OKC-M7i> show chassis environment
# Class Item Status Measurement
# Power Power Supply 0 OK
@@ -193,7 +193,7 @@
# grnoc-mon at ROUTE-REFLECTOR-OKC-M7i> show system uptime
# System booted: 2012-11-11 21:31 CST
# Protocols started: 2012-11-11 21:33 CST
-# Last configured: 2013-01-02 23:04 CST by joel
+# Last configured: 2013-01-08 15:42 CST by jeremyt
#
# grnoc-mon at ROUTE-REFLECTOR-OKC-M7i> show interface terse
#Interface Admin Link
@@ -235,7 +235,7 @@
#pime up up
#tap up up
# grnoc-mon at ROUTE-REFLECTOR-OKC-M7i> show configuration
-## Last commit: 2013-01-02 23:04:55 CST by joel
+## Last commit: 2013-01-08 15:42:29 CST by jeremyt
version 10.4R3.4;
groups {
re0 {
@@ -280,6 +280,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -291,6 +306,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1086,11 +1109,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1220,8 +1243,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core3.okc-m120.onenet.net
===================================================================
--- core3.okc-m120.onenet.net (revision 48901)
+++ core3.okc-m120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKC-CORE3-MX120-RE1> show system commit
+# 2013-01-08 15:41:59 CST by jeremyt via cli commit synchronize
# 2013-01-08 10:58:35 CST by joel via cli commit synchronize
# 2013-01-07 13:28:34 CST by jeremyt via cli commit synchronize
# 2013-01-07 13:17:45 CST by smclean via cli commit synchronize
# 2013-01-07 13:16:32 CST by smclean via cli commit synchronize
# 2013-01-04 10:31:01 CST by joe via cli commit synchronize
-# 2013-01-04 10:13:19 CST by joe via cli commit synchronize
# grnoc-mon at OKC-CORE3-MX120-RE1> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -384,7 +384,7 @@
# grnoc-mon at OKC-CORE3-MX120-RE1> show system uptime
# System booted: 2012-11-16 00:25 CST
# Protocols started: 2012-11-16 00:43 CST
-# Last configured: 2013-01-08 10:58 CST by joel
+# Last configured: 2013-01-08 15:41 CST by jeremyt
#
# {master}
# grnoc-mon at OKC-CORE3-MX120-RE1> show interface terse
@@ -2090,7 +2090,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKC-CORE3-MX120-RE1> show configuration
-## Last commit: 2013-01-08 10:58:35 CST by joel
+## Last commit: 2013-01-08 15:41:59 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -2149,6 +2149,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -2160,6 +2175,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -9951,11 +9974,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -10101,8 +10124,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ard-mx480.onenet.net
===================================================================
--- hub.ard-mx480.onenet.net (revision 48696)
+++ hub.ard-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ARDMORE-MX480-RE0> show system commit
+# 2013-01-08 15:46:06 CST by jeremyt via cli commit synchronize
# 2013-01-04 09:05:21 CST by rnordmark via cli commit synchronize
# 2012-12-14 21:40:03 CST by admin via netconf commit synchronize
# 2012-12-14 21:40:00 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:03 CST by admin via netconf commit synchronize
# 2012-12-14 21:38:59 CST by admin via netconf commit synchronize
-# 2012-12-14 21:38:00 CST by admin via netconf commit synchronize
# grnoc-mon at ARDMORE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -269,7 +269,7 @@
# grnoc-mon at ARDMORE-MX480-RE0> show system uptime
# System booted: 2012-08-14 20:24 CDT
# Protocols started: 2012-08-14 20:26 CDT
-# Last configured: 2013-01-04 09:05 CST by rnordmark
+# Last configured: 2013-01-08 15:46 CST by jeremyt
#
# {master}
# grnoc-mon at ARDMORE-MX480-RE0> show interface terse
@@ -335,7 +335,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ARDMORE-MX480-RE0> show configuration
-## Last commit: 2013-01-04 09:05:21 CST by rnordmark
+## Last commit: 2013-01-08 15:46:06 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -395,6 +395,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -406,6 +421,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -783,11 +806,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -927,8 +950,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core1.lan-mx80.onenet.net
===================================================================
--- core1.lan-mx80.onenet.net (revision 48162)
+++ core1.lan-mx80.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LANGSTON-MX80> show system commit
+# 2013-01-08 15:34:59 CST by jeremyt via cli
# 2012-12-29 11:56:03 CST by admin via netconf
# 2012-12-29 11:55:58 CST by admin via netconf
# 2012-12-29 11:55:12 CST by admin via netconf
# 2012-12-29 11:55:06 CST by admin via netconf
# 2012-12-17 11:26:43 CST by joel via cli
-# 2012-12-17 11:19:40 CST by joel via cli
# grnoc-mon at LANGSTON-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -210,7 +210,7 @@
# grnoc-mon at LANGSTON-MX80> show system uptime
# System booted: 2012-09-12 11:19 CDT
# Protocols started: 2012-09-12 11:20 CDT
-# Last configured: 2012-12-29 11:56 CST by admin
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# grnoc-mon at LANGSTON-MX80> show interface terse
#Interface Admin Link
@@ -275,7 +275,7 @@
#pp0 up up
#tap up up
# grnoc-mon at LANGSTON-MX80> show configuration
-## Last commit: 2012-12-29 11:56:03 CST by admin
+## Last commit: 2013-01-08 15:34:59 CST by jeremyt
version 11.4R4.4;
system {
host-name LANGSTON-MX80;
@@ -304,6 +304,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -315,6 +330,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -755,11 +778,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -899,8 +922,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.dunc.onenet.net
===================================================================
--- hub.dunc.onenet.net (revision 48902)
+++ hub.dunc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at DUNCAN-M120-RE0> show system commit
+# 2013-01-08 15:33:50 CST by jeremyt via cli commit synchronize
# 2013-01-04 09:48:47 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:06:51 CST by joel via cli commit synchronize
# 2012-12-17 13:05:43 CST by joel via cli commit synchronize
# 2012-12-17 13:04:18 CST by joel via cli commit synchronize
# 2012-12-17 09:27:06 CST by joel via cli commit synchronize
-# 2012-12-13 15:42:21 CST by rnordmark via cli commit synchronize
# grnoc-mon at DUNCAN-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -296,7 +296,7 @@
# grnoc-mon at DUNCAN-M120-RE0> show system uptime
# System booted: 2011-03-10 11:46 CST
# Protocols started: 2011-03-10 11:48 CST
-# Last configured: 2013-01-04 09:48 CST by rnordmark
+# Last configured: 2013-01-08 15:33 CST by jeremyt
#
# {master}
# grnoc-mon at DUNCAN-M120-RE0> show interface terse
@@ -458,7 +458,7 @@
#pp0 up up
#tap up up
# grnoc-mon at DUNCAN-M120-RE0> show configuration
-## Last commit: 2013-01-04 09:48:47 CST by rnordmark
+## Last commit: 2013-01-08 15:33:50 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -517,6 +517,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -528,6 +543,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1428,11 +1451,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1572,8 +1595,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.cla.onenet.net
===================================================================
--- hub.cla.onenet.net (revision 48376)
+++ hub.cla.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at CLAREMORE-M120-RE0> show system commit
+# 2013-01-08 15:33:40 CST by jeremyt via cli commit synchronize
# 2012-12-14 16:07:40 CST by joel via cli commit synchronize
# 2012-12-13 15:37:13 CST by rnordmark via cli commit synchronize
# 2012-12-04 16:24:37 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:38:43 CST by rnordmark via cli commit synchronize
# 2012-11-02 10:01:12 CDT by joe via cli commit synchronize
-# 2012-10-31 13:44:53 CDT by rnordmark via cli commit synchronize
# grnoc-mon at CLAREMORE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at CLAREMORE-M120-RE0> show system uptime
# System booted: 2012-03-16 12:32 CDT
# Protocols started: 2012-03-16 12:34 CDT
-# Last configured: 2012-12-14 16:07 CST by joel
+# Last configured: 2013-01-08 15:33 CST by jeremyt
#
# {master}
# grnoc-mon at CLAREMORE-M120-RE0> show interface terse
@@ -434,7 +434,7 @@
#pp0 up up
#tap up up
# grnoc-mon at CLAREMORE-M120-RE0> show configuration
-## Last commit: 2012-12-14 16:07:40 CST by joel
+## Last commit: 2013-01-08 15:33:40 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -493,6 +493,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -504,6 +519,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1260,11 +1283,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1404,8 +1427,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.dur.onenet.net
===================================================================
--- hub.dur.onenet.net (revision 48843)
+++ hub.dur.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at DURANT-M120-RE0> show system commit
+# 2013-01-08 15:34:00 CST by jeremyt via cli commit synchronize
# 2013-01-04 09:51:58 CST by rnordmark via cli commit synchronize
# 2013-01-04 09:06:35 CST by joe via cli commit synchronize
# 2012-12-17 11:50:49 CST by joel via cli commit synchronize
# 2012-12-13 15:59:12 CST by rnordmark via cli commit synchronize
# 2012-12-12 00:45:46 CST by admin via netconf commit synchronize
-# 2012-12-12 00:45:38 CST by admin via netconf commit synchronize
# grnoc-mon at DURANT-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -296,7 +296,7 @@
# grnoc-mon at DURANT-M120-RE0> show system uptime
# System booted: 2011-05-20 12:49 CDT
# Protocols started: 2011-05-20 12:51 CDT
-# Last configured: 2013-01-04 09:51 CST by rnordmark
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# {master}
# grnoc-mon at DURANT-M120-RE0> show interface terse
@@ -379,8 +379,8 @@
#t1-2/0/3:8.0 up up
#t1-2/0/3:9 up down
#t1-2/0/3:10 up down
-#t1-2/0/3:11 up up
-#t1-2/0/3:11.0 up up
+#t1-2/0/3:11 up down
+#t1-2/0/3:11.0 up down
#t1-2/0/3:12 up up
#t1-2/0/3:12.0 up up
#t1-2/0/3:13 up up
@@ -486,7 +486,7 @@
#pp0 up up
#tap up up
# grnoc-mon at DURANT-M120-RE0> show configuration
-## Last commit: 2013-01-04 09:51:58 CST by rnordmark
+## Last commit: 2013-01-08 15:34:00 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -545,6 +545,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -556,6 +571,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1777,11 +1800,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1921,8 +1944,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.elr-mx480.onenet.net
===================================================================
--- hub.elr-mx480.onenet.net (revision 48755)
+++ hub.elr-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EL-RENO-MX480-RE0> show system commit
+# 2013-01-08 15:47:58 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:27:01 CST by rnordmark via cli commit synchronize
# 2012-12-31 11:59:58 CST by joel via cli commit synchronize
# 2012-12-26 01:10:13 CST by admin via netconf commit synchronize
# 2012-12-26 01:10:09 CST by admin via netconf commit synchronize
# 2012-12-26 01:09:12 CST by admin via netconf commit synchronize
-# 2012-12-26 01:09:09 CST by admin via netconf commit synchronize
# grnoc-mon at EL-RENO-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -267,7 +267,7 @@
# grnoc-mon at EL-RENO-MX480-RE0> show system uptime
# System booted: 2012-08-08 11:49 CDT
# Protocols started: 2012-08-08 11:50 CDT
-# Last configured: 2013-01-04 10:27 CST by rnordmark
+# Last configured: 2013-01-08 15:47 CST by jeremyt
#
# {master}
# grnoc-mon at EL-RENO-MX480-RE0> show interface terse
@@ -335,7 +335,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EL-RENO-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:27:01 CST by rnordmark
+## Last commit: 2013-01-08 15:47:58 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -395,6 +395,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -406,6 +421,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -823,11 +846,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -967,8 +990,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.elr.onenet.net
===================================================================
--- hub.elr.onenet.net (revision 48516)
+++ hub.elr.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at EL-RENO-M120-RE0> show system commit
+# 2013-01-08 15:34:16 CST by jeremyt via cli commit synchronize
+# 2013-01-08 15:19:37 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:26:26 CST by rnordmark via cli commit synchronize
# 2012-12-21 14:27:41 CST by joel via cli commit synchronize
# 2012-12-21 14:23:56 CST by joel via cli commit synchronize
# 2012-12-17 10:21:49 CST by joel via cli commit synchronize
-# 2012-12-17 10:07:00 CST by joel via cli commit synchronize
-# 2012-12-14 09:31:25 CST by jed via cli commit synchronize
# grnoc-mon at EL-RENO-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at EL-RENO-M120-RE0> show system uptime
# System booted: 2011-02-22 16:32 CST
# Protocols started: 2011-02-22 16:34 CST
-# Last configured: 2013-01-04 10:26 CST by rnordmark
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# {master}
# grnoc-mon at EL-RENO-M120-RE0> show interface terse
@@ -436,7 +436,7 @@
#pp0 up up
#tap up up
# grnoc-mon at EL-RENO-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:26:26 CST by rnordmark
+## Last commit: 2013-01-08 15:34:16 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -503,6 +503,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -514,6 +529,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1415,11 +1438,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1565,8 +1588,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.goo.onenet.net
===================================================================
--- hub.goo.onenet.net (revision 48867)
+++ hub.goo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at GOODWELL-M120-RE0> show system commit
+# 2013-01-08 15:34:40 CST by jeremyt via cli commit synchronize
# 2013-01-08 10:58:27 CST by joel via cli commit synchronize
# 2013-01-04 12:31:16 CST by joel via cli commit synchronize
# 2013-01-04 11:33:22 CST by joel via cli commit synchronize
# 2012-12-17 11:46:45 CST by joel via cli commit synchronize
# 2012-12-13 23:43:40 CST by rnordmark via cli commit synchronize
-# 2012-12-11 16:35:31 CST by joe via cli commit synchronize
# grnoc-mon at GOODWELL-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -296,7 +296,7 @@
# grnoc-mon at GOODWELL-M120-RE0> show system uptime
# System booted: 2011-04-15 11:59 CDT
# Protocols started: 2011-04-15 12:00 CDT
-# Last configured: 2013-01-08 10:58 CST by joel
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# {master}
# grnoc-mon at GOODWELL-M120-RE0> show interface terse
@@ -445,7 +445,7 @@
#pp0 up up
#tap up up
# grnoc-mon at GOODWELL-M120-RE0> show configuration
-## Last commit: 2013-01-08 10:58:27 CST by joel
+## Last commit: 2013-01-08 15:34:40 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -504,6 +504,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -515,6 +530,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1305,11 +1328,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1449,8 +1472,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.end.onenet.net
===================================================================
--- hub.end.onenet.net (revision 48827)
+++ hub.end.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ENID-M120-RE0> show system commit
+# 2013-01-08 15:34:27 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:31:08 CST by rnordmark via cli commit synchronize
# 2013-01-04 08:41:15 CST by joe via cli commit synchronize
# 2012-12-17 11:34:32 CST by joel via cli commit synchronize
# 2012-12-13 23:35:57 CST by rnordmark via cli commit synchronize
# 2012-12-04 16:08:46 CST by jeremyt via cli commit synchronize
-# 2012-11-16 14:39:25 CST by rnordmark via cli commit synchronize
# grnoc-mon at ENID-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -298,7 +298,7 @@
# grnoc-mon at ENID-M120-RE0> show system uptime
# System booted: 2012-01-26 23:11 CST
# Protocols started: 2012-01-26 23:13 CST
-# Last configured: 2013-01-04 10:31 CST by rnordmark
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# {master}
# grnoc-mon at ENID-M120-RE0> show interface terse
@@ -444,7 +444,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ENID-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:31:08 CST by rnordmark
+## Last commit: 2013-01-08 15:34:27 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -503,6 +503,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -514,6 +529,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1230,11 +1253,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1374,8 +1397,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.alt.onenet.net
===================================================================
--- hub.alt.onenet.net (revision 48498)
+++ hub.alt.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ALTUS-M120-RE0> show system commit
+# 2013-01-08 15:32:41 CST by jeremyt via cli commit synchronize
# 2013-01-04 08:48:34 CST by joe via cli commit synchronize
# 2013-01-04 08:39:08 CST by rnordmark via cli commit synchronize
# 2012-12-14 14:15:37 CST by joel via cli commit synchronize
# 2012-12-13 15:00:05 CST by rnordmark via cli commit synchronize
# 2012-12-13 14:57:33 CST by rnordmark via cli commit synchronize
-# 2012-12-04 16:00:43 CST by jeremyt via cli commit synchronize
# grnoc-mon at ALTUS-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at ALTUS-M120-RE0> show system uptime
# System booted: 2011-06-08 13:06 CDT
# Protocols started: 2011-06-08 13:08 CDT
-# Last configured: 2013-01-04 08:48 CST by joe
+# Last configured: 2013-01-08 15:32 CST by jeremyt
#
# {master}
# grnoc-mon at ALTUS-M120-RE0> show interface terse
@@ -417,7 +417,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ALTUS-M120-RE0> show configuration
-## Last commit: 2013-01-04 08:48:34 CST by joe
+## Last commit: 2013-01-08 15:32:41 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -476,6 +476,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -487,6 +502,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1289,11 +1312,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1433,8 +1456,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ida-mx480.onenet.net
===================================================================
--- hub.ida-mx480.onenet.net (revision 48701)
+++ hub.ida-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-MX480-RE0> show system commit
+# 2013-01-08 15:46:48 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:36:29 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:52:12 CST by admin via netconf commit synchronize
# 2012-12-17 13:52:09 CST by admin via netconf commit synchronize
# 2012-12-17 13:51:12 CST by admin via netconf commit synchronize
# 2012-12-17 13:51:09 CST by admin via netconf commit synchronize
-# 2012-12-17 13:50:16 CST by admin via netconf commit synchronize
# grnoc-mon at IDABEL-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -272,7 +272,7 @@
# grnoc-mon at IDABEL-MX480-RE0> show system uptime
# System booted: 2012-08-01 18:05 CDT
# Protocols started: 2012-08-01 18:07 CDT
-# Last configured: 2013-01-04 10:36 CST by rnordmark
+# Last configured: 2013-01-08 15:46 CST by jeremyt
#
# {master}
# grnoc-mon at IDABEL-MX480-RE0> show interface terse
@@ -340,7 +340,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:36:29 CST by rnordmark
+## Last commit: 2013-01-08 15:46:48 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -400,6 +400,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -411,6 +426,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -813,11 +836,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -957,8 +980,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: core3.tul-m120.onenet.net
===================================================================
--- core3.tul-m120.onenet.net (revision 48906)
+++ core3.tul-m120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-CORE-3-M120-RE0> show system commit
+# 2013-01-08 15:43:07 CST by jeremyt via cli commit synchronize
# 2013-01-08 14:16:51 CST by joe via cli commit synchronize
# 2013-01-04 10:20:38 CST by joe via cli commit synchronize
# 2013-01-04 10:10:44 CST by joe via cli commit synchronize
# 2013-01-03 21:22:30 CST by joel via cli commit synchronize
# 2013-01-03 12:11:54 CST by joel via cli commit synchronize
-# 2012-12-21 16:11:54 CST by bobby via cli commit synchronize
# grnoc-mon at TULSA-CORE-3-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -342,7 +342,7 @@
# grnoc-mon at TULSA-CORE-3-M120-RE0> show system uptime
# System booted: 2011-04-16 20:58 CDT
# Protocols started: 2011-04-16 20:59 CDT
-# Last configured: 2013-01-08 14:16 CST by joe
+# Last configured: 2013-01-08 15:43 CST by jeremyt
#
# {master}
# grnoc-mon at TULSA-CORE-3-M120-RE0> show interface terse
@@ -679,7 +679,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-CORE-3-M120-RE0> show configuration
-## Last commit: 2013-01-08 14:16:51 CST by joe
+## Last commit: 2013-01-08 15:43:07 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -738,6 +738,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -749,6 +764,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -2451,11 +2474,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2595,8 +2618,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ida.onenet.net
===================================================================
--- hub.ida.onenet.net (revision 48534)
+++ hub.ida.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at IDABEL-M120-RE0> show system commit
+# 2013-01-08 15:34:50 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:35:39 CST by rnordmark via cli commit synchronize
# 2013-01-04 08:08:06 CST by joe via cli commit synchronize
# 2012-12-17 11:50:45 CST by joel via cli commit synchronize
# 2012-12-17 11:43:41 CST by joel via cli commit synchronize
# 2012-12-13 23:48:45 CST by rnordmark via cli commit synchronize
-# 2012-12-12 01:13:51 CST by admin via netconf commit synchronize
# grnoc-mon at IDABEL-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at IDABEL-M120-RE0> show system uptime
# System booted: 2012-08-01 18:05 CDT
# Protocols started: 2012-08-01 18:07 CDT
-# Last configured: 2013-01-04 10:35 CST by rnordmark
+# Last configured: 2013-01-08 15:34 CST by jeremyt
#
# {master}
# grnoc-mon at IDABEL-M120-RE0> show interface terse
@@ -450,7 +450,7 @@
#pp0 up up
#tap up up
# grnoc-mon at IDABEL-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:35:39 CST by rnordmark
+## Last commit: 2013-01-08 15:34:50 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -509,6 +509,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -520,6 +535,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1433,11 +1456,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1577,8 +1600,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.mca.onenet.net
===================================================================
--- hub.mca.onenet.net (revision 48352)
+++ hub.mca.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MCALESTER-M120-RE0> show system commit
+# 2013-01-08 15:35:28 CST by jeremyt via cli commit synchronize
# 2012-12-27 13:50:21 CST by admin via cli commit synchronize
# 2012-12-17 12:02:12 CST by joel via cli commit synchronize
# 2012-12-17 11:58:55 CST by joel via cli commit synchronize
# 2012-12-14 08:37:01 CST by rnordmark via cli commit synchronize
# 2012-12-04 16:13:18 CST by jeremyt via cli commit synchronize
-# 2012-11-16 14:40:12 CST by rnordmark via cli commit synchronize
# grnoc-mon at MCALESTER-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at MCALESTER-M120-RE0> show system uptime
# System booted: 2011-02-15 18:51 CST
# Protocols started: 2011-02-15 18:53 CST
-# Last configured: 2012-12-27 13:50 CST by admin
+# Last configured: 2013-01-08 15:35 CST by jeremyt
#
# {master}
# grnoc-mon at MCALESTER-M120-RE0> show interface terse
@@ -450,7 +450,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MCALESTER-M120-RE0> show configuration
-## Last commit: 2012-12-27 13:50:21 CST by admin
+## Last commit: 2013-01-08 15:35:28 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -509,6 +509,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -520,6 +535,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1411,11 +1434,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1555,8 +1578,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ard.onenet.net
===================================================================
--- hub.ard.onenet.net (revision 48907)
+++ hub.ard.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at ARDMORE-M120-RE0> show system commit
+# 2013-01-08 15:33:08 CST by jeremyt via cli commit synchronize
+# 2013-01-08 15:32:54 CST by joe via cli commit synchronize
+# 2013-01-08 15:32:12 CST by joe via cli commit synchronize
# 2013-01-04 09:04:33 CST by rnordmark via cli commit synchronize
# 2012-12-14 13:54:45 CST by joel via cli commit synchronize
# 2012-12-14 13:51:17 CST by joel via cli commit synchronize
-# 2012-12-13 15:23:41 CST by rnordmark via cli commit synchronize
-# 2012-12-13 12:57:55 CST by bobby via cli commit synchronize
-# 2012-12-13 12:55:53 CST by bobby via cli commit synchronize
# grnoc-mon at ARDMORE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -298,7 +298,7 @@
# grnoc-mon at ARDMORE-M120-RE0> show system uptime
# System booted: 2011-12-22 11:55 CST
# Protocols started: 2011-12-22 12:59 CST
-# Last configured: 2013-01-04 09:04 CST by rnordmark
+# Last configured: 2013-01-08 15:33 CST by jeremyt
#
# {master}
# grnoc-mon at ARDMORE-M120-RE0> show interface terse
@@ -470,7 +470,7 @@
#pp0 up up
#tap up up
# grnoc-mon at ARDMORE-M120-RE0> show configuration
-## Last commit: 2013-01-04 09:04:33 CST by rnordmark
+## Last commit: 2013-01-08 15:33:08 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -529,6 +529,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -540,6 +555,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1595,11 +1618,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1739,8 +1762,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.mus.onenet.net
===================================================================
--- hub.mus.onenet.net (revision 48644)
+++ hub.mus.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MUSKOGEE-M120-RE0> show system commit
+# 2013-01-08 15:36:01 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:43:38 CST by rnordmark via cli commit synchronize
# 2013-01-03 09:09:34 CST by joe via cli commit synchronize
# 2013-01-03 08:31:38 CST by joe via cli commit synchronize
# 2013-01-02 11:43:41 CST by joe via cli commit synchronize
# 2012-12-28 13:19:46 CST by joel via cli commit synchronize
-# 2012-12-18 12:59:51 CST by joel via cli commit synchronize
# grnoc-mon at MUSKOGEE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -321,7 +321,7 @@
# grnoc-mon at MUSKOGEE-M120-RE0> show system uptime
# System booted: 2011-08-12 19:41 CDT
# Protocols started: 2011-08-12 19:42 CDT
-# Last configured: 2013-01-04 10:43 CST by rnordmark
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# {master}
# grnoc-mon at MUSKOGEE-M120-RE0> show interface terse
@@ -504,7 +504,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MUSKOGEE-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:43:38 CST by rnordmark
+## Last commit: 2013-01-08 15:36:01 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -563,6 +563,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -574,6 +589,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1658,11 +1681,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1802,8 +1825,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.mus-mx480.onenet.net
===================================================================
--- hub.mus-mx480.onenet.net (revision 48775)
+++ hub.mus-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MUSKOGEE-MX480-RE0> show system commit
+# 2013-01-08 15:47:14 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:44:24 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:20:35 CST by joel via cli commit synchronize
# 2012-12-14 08:55:15 CST by cjensen via cli commit synchronize
# 2012-12-04 16:13:59 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:47:46 CST by rnordmark via cli commit synchronize
-# 2012-10-01 10:57:09 CDT by joel via cli commit synchronize
# grnoc-mon at MUSKOGEE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -268,7 +268,7 @@
# grnoc-mon at MUSKOGEE-MX480-RE0> show system uptime
# System booted: 2012-08-03 14:19 CDT
# Protocols started: 2012-08-03 14:20 CDT
-# Last configured: 2013-01-04 10:44 CST by rnordmark
+# Last configured: 2013-01-08 15:47 CST by jeremyt
#
# {master}
# grnoc-mon at MUSKOGEE-MX480-RE0> show interface terse
@@ -333,7 +333,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MUSKOGEE-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:44:24 CST by rnordmark
+## Last commit: 2013-01-08 15:47:14 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -393,6 +393,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -404,6 +419,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -778,11 +801,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -922,8 +945,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.lawm120.onenet.net
===================================================================
--- hub.lawm120.onenet.net (revision 48524)
+++ hub.lawm120.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at LAWTON-M120-RE0> show system commit
+# 2013-01-08 15:46:54 CST by jeremyt via cli commit synchronize
+# 2013-01-08 15:35:16 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:40:53 CST by rnordmark via cli commit synchronize
# 2013-01-04 08:51:52 CST by joe via cli commit synchronize
# 2012-12-17 12:53:49 CST by joel via cli commit synchronize
# 2012-12-17 12:35:29 CST by joel via cli commit synchronize
-# 2012-12-17 12:31:01 CST by joel via cli commit synchronize
-# 2012-12-17 12:26:41 CST by joel via cli commit synchronize
# grnoc-mon at LAWTON-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at LAWTON-M120-RE0> show system uptime
# System booted: 2011-02-23 20:35 CST
# Protocols started: 2011-02-23 20:37 CST
-# Last configured: 2013-01-04 10:40 CST by rnordmark
+# Last configured: 2013-01-08 15:46 CST by jeremyt
#
# {master}
# grnoc-mon at LAWTON-M120-RE0> show interface terse
@@ -428,7 +428,7 @@
#pp0 up up
#tap up up
# grnoc-mon at LAWTON-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:40:53 CST by rnordmark
+## Last commit: 2013-01-08 15:46:54 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -486,6 +486,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -497,6 +512,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1248,11 +1271,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1392,8 +1415,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.mia.onenet.net
===================================================================
--- hub.mia.onenet.net (revision 48802)
+++ hub.mia.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MIAMI-M120-RE0> show system commit
+# 2013-01-08 15:35:39 CST by jeremyt via cli commit synchronize
# 2013-01-07 15:41:59 CST by joel via cli commit synchronize
# 2012-12-17 12:12:59 CST by joel via cli commit synchronize
# 2012-12-17 12:07:17 CST by joel via cli commit synchronize
# 2012-12-17 12:05:04 CST by joel via cli commit synchronize
# 2012-12-14 08:34:41 CST by rnordmark via cli commit synchronize
-# 2012-12-05 12:53:46 CST by joe via cli commit synchronize
# grnoc-mon at MIAMI-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at MIAMI-M120-RE0> show system uptime
# System booted: 2011-02-28 14:08 CST
# Protocols started: 2011-02-28 14:09 CST
-# Last configured: 2013-01-07 15:41 CST by joel
+# Last configured: 2013-01-08 15:35 CST by jeremyt
#
# {master}
# grnoc-mon at MIAMI-M120-RE0> show interface terse
@@ -438,7 +438,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MIAMI-M120-RE0> show configuration
-## Last commit: 2013-01-07 15:41:59 CST by joel
+## Last commit: 2013-01-08 15:35:39 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -497,6 +497,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -508,6 +523,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1258,11 +1281,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1402,8 +1425,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.osuokc.onenet.net
===================================================================
--- hub.osuokc.onenet.net (revision 47150)
+++ hub.osuokc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OSUOKC-MX80> show system commit
+# 2013-01-08 15:36:21 CST by jeremyt via cli
# 2012-12-17 13:38:35 CST by joel via cli
# 2012-12-14 09:48:41 CST by cjensen via cli
# 2012-12-04 16:04:56 CST by jeremyt via cli
# 2012-11-16 14:40:49 CST by rnordmark via cli
# 2012-08-22 17:58:48 CDT by joel via cli
-# 2012-08-17 15:48:49 CDT by jeremyt via cli
# grnoc-mon at OSUOKC-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -220,7 +220,7 @@
# grnoc-mon at OSUOKC-MX80> show system uptime
# System booted: 2011-12-21 22:43 CST
# Protocols started: 2011-12-21 22:45 CST
-# Last configured: 2012-12-17 13:38 CST by joel
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# grnoc-mon at OSUOKC-MX80> show interface terse
#Interface Admin Link
@@ -276,7 +276,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OSUOKC-MX80> show configuration
-## Last commit: 2012-12-17 13:38:35 CST by joel
+## Last commit: 2013-01-08 15:36:21 CST by jeremyt
version 10.4R6.5;
system {
host-name OSUOKC-MX80;
@@ -304,6 +304,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -315,6 +330,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -644,11 +667,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -788,8 +811,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ponc.onenet.net
===================================================================
--- hub.ponc.onenet.net (revision 46865)
+++ hub.ponc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at PONCA-CITY-MX480-RE0> show system commit
+# 2013-01-08 15:36:29 CST by jeremyt via cli commit synchronize
# 2012-12-14 15:44:56 CST by joel via cli commit synchronize
# 2012-12-14 15:13:26 CST by joel via cli commit synchronize
# 2012-12-14 09:56:25 CST by cjensen via cli commit synchronize
# 2012-12-13 15:02:43 CST by jed via cli commit synchronize
# 2012-12-06 16:54:33 CST by admin via netconf commit synchronize
-# 2012-12-06 16:54:29 CST by admin via netconf commit synchronize
# grnoc-mon at PONCA-CITY-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -307,7 +307,7 @@
# grnoc-mon at PONCA-CITY-MX480-RE0> show system uptime
# System booted: 2011-09-28 23:32 CDT
# Protocols started: 2011-09-28 23:34 CDT
-# Last configured: 2012-12-14 15:44 CST by joel
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# {master}
# grnoc-mon at PONCA-CITY-MX480-RE0> show interface terse
@@ -389,7 +389,7 @@
#pp0 up up
#tap up up
# grnoc-mon at PONCA-CITY-MX480-RE0> show configuration
-## Last commit: 2012-12-14 15:44:56 CST by joel
+## Last commit: 2013-01-08 15:36:29 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -448,6 +448,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -459,6 +474,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -903,11 +926,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1047,8 +1070,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.pot.onenet.net
===================================================================
--- hub.pot.onenet.net (revision 48535)
+++ hub.pot.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at POTEAU-M120-RE0> show system commit
+# 2013-01-08 15:36:40 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:45:31 CST by rnordmark via cli commit synchronize
# 2012-12-18 16:39:11 CST by bobby via cli commit synchronize
# 2012-12-17 13:23:02 CST by bobby via cli commit synchronize
# 2012-12-17 13:19:18 CST by bobby via cli commit synchronize
# 2012-12-04 18:25:34 CST by rnordmark via cli commit synchronize
-# 2012-12-04 16:41:47 CST by joe via cli commit synchronize
# grnoc-mon at POTEAU-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -301,7 +301,7 @@
# grnoc-mon at POTEAU-M120-RE0> show system uptime
# System booted: 2012-08-08 17:29 CDT
# Protocols started: 2012-08-08 17:31 CDT
-# Last configured: 2013-01-04 10:45 CST by rnordmark
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# {master}
# grnoc-mon at POTEAU-M120-RE0> show interface terse
@@ -446,7 +446,7 @@
#pp0 up up
#tap up up
# grnoc-mon at POTEAU-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:45:31 CST by rnordmark
+## Last commit: 2013-01-08 15:36:40 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -505,6 +505,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -516,6 +531,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1338,11 +1361,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1482,8 +1505,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.say-mx480.onenet.net
===================================================================
--- hub.say-mx480.onenet.net (revision 48792)
+++ hub.say-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-MX480-RE0> show system commit
+# 2013-01-08 15:47:40 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:51:16 CST by rnordmark via cli commit synchronize
# 2012-12-14 21:40:02 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:59 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:01 CST by admin via netconf commit synchronize
# 2012-12-14 21:38:57 CST by admin via netconf commit synchronize
-# 2012-12-14 21:38:00 CST by admin via netconf commit synchronize
# grnoc-mon at SAYRE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -266,7 +266,7 @@
# grnoc-mon at SAYRE-MX480-RE0> show system uptime
# System booted: 2012-08-01 12:29 CDT
# Protocols started: 2012-08-01 12:30 CDT
-# Last configured: 2013-01-04 10:51 CST by rnordmark
+# Last configured: 2013-01-08 15:47 CST by jeremyt
#
# {master}
# grnoc-mon at SAYRE-MX480-RE0> show interface terse
@@ -333,7 +333,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:51:16 CST by rnordmark
+## Last commit: 2013-01-08 15:47:40 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -393,6 +393,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -404,6 +419,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -793,11 +816,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -937,8 +960,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.ton.onenet.net
===================================================================
--- hub.ton.onenet.net (revision 46861)
+++ hub.ton.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TONKAWA-M120-RE0> show system commit
+# 2013-01-08 15:37:48 CST by jeremyt via cli commit synchronize
# 2012-12-14 15:46:03 CST by joel via cli commit synchronize
# 2012-12-14 15:09:20 CST by joel via cli commit synchronize
# 2012-12-14 15:07:18 CST by joel via cli commit synchronize
# 2012-12-14 15:05:19 CST by joel via cli commit synchronize
# 2012-12-14 15:01:28 CST by joel via cli commit synchronize
-# 2012-12-14 08:37:24 CST by joe via cli commit synchronize
# grnoc-mon at TONKAWA-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -318,7 +318,7 @@
# grnoc-mon at TONKAWA-M120-RE0> show system uptime
# System booted: 2011-08-08 20:30 CDT
# Protocols started: 2011-08-08 20:32 CDT
-# Last configured: 2012-12-14 15:46 CST by joel
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at TONKAWA-M120-RE0> show interface terse
@@ -530,7 +530,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TONKAWA-M120-RE0> show configuration
-## Last commit: 2012-12-14 15:46:03 CST by joel
+## Last commit: 2013-01-08 15:37:48 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -589,6 +589,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -600,6 +615,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1882,11 +1905,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -2026,8 +2049,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.tah.onenet.net
===================================================================
--- hub.tah.onenet.net (revision 46864)
+++ hub.tah.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TAHLEQUAH-M120-RE0> show system commit
+# 2013-01-08 15:37:25 CST by jeremyt via cli commit synchronize
# 2012-12-14 15:14:06 CST by joe via cli commit synchronize
# 2012-12-14 09:54:28 CST by joe via cli commit synchronize
# 2012-12-04 16:21:47 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:41:34 CST by rnordmark via cli commit synchronize
# 2012-10-31 13:54:57 CDT by rnordmark via cli commit synchronize
-# 2012-08-17 15:50:23 CDT by jeremyt via cli commit synchronize
# grnoc-mon at TAHLEQUAH-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -313,7 +313,7 @@
# grnoc-mon at TAHLEQUAH-M120-RE0> show system uptime
# System booted: 2011-03-09 19:59 CST
# Protocols started: 2011-03-09 20:00 CST
-# Last configured: 2012-12-14 15:14 CST by joe
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at TAHLEQUAH-M120-RE0> show interface terse
@@ -515,7 +515,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TAHLEQUAH-M120-RE0> show configuration
-## Last commit: 2012-12-14 15:14:06 CST by joe
+## Last commit: 2013-01-08 15:37:25 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -574,6 +574,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -585,6 +600,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1729,11 +1752,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1873,8 +1896,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.war.onenet.net
===================================================================
--- hub.war.onenet.net (revision 48908)
+++ hub.war.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WARNER-M120-RE0> show system commit
+# 2013-01-08 15:37:57 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:05:31 CST by joe via cli commit synchronize
# 2013-01-03 12:28:42 CST by joel via cli commit synchronize
# 2013-01-03 11:39:50 CST by joe via cli commit synchronize
# 2013-01-03 08:29:30 CST by joe via cli commit synchronize
# 2012-12-13 15:16:09 CST by joe via cli commit synchronize
-# 2012-12-04 16:15:56 CST by jeremyt via cli commit synchronize
# grnoc-mon at WARNER-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at WARNER-M120-RE0> show system uptime
# System booted: 2011-11-03 01:57 CDT
# Protocols started: 2011-11-03 01:59 CDT
-# Last configured: 2013-01-04 10:05 CST by joe
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at WARNER-M120-RE0> show interface terse
@@ -309,7 +309,7 @@
#t1-2/0/2:1 up up
#t1-2/0/2:2 up up
#t1-2/0/2:2.0 up up
-#t1-2/0/2:3 down up
+#t1-2/0/2:3 down down
#t1-2/0/2:4 up up
#t1-2/0/2:5 up up
#t1-2/0/2:6 up up
@@ -427,7 +427,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WARNER-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:05:31 CST by joe
+## Last commit: 2013-01-08 15:37:57 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -486,6 +486,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -497,6 +512,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1501,11 +1524,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1645,8 +1668,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.wea.onenet.net
===================================================================
--- hub.wea.onenet.net (revision 48530)
+++ hub.wea.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WEATHERFORD-M120-RE0> show system commit
+# 2013-01-08 15:38:09 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:54:41 CST by rnordmark via cli commit synchronize
# 2012-12-17 10:56:48 CST by joel via cli commit synchronize
# 2012-12-13 15:04:43 CST by joe via cli commit synchronize
# 2012-12-04 16:02:55 CST by jeremyt via cli commit synchronize
# 2012-11-16 14:42:08 CST by rnordmark via cli commit synchronize
-# 2012-10-31 13:58:20 CDT by rnordmark via cli commit synchronize
# grnoc-mon at WEATHERFORD-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at WEATHERFORD-M120-RE0> show system uptime
# System booted: 2011-03-01 15:12 CST
# Protocols started: 2011-03-01 15:14 CST
-# Last configured: 2013-01-04 10:54 CST by rnordmark
+# Last configured: 2013-01-08 15:38 CST by jeremyt
#
# {master}
# grnoc-mon at WEATHERFORD-M120-RE0> show interface terse
@@ -493,7 +493,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WEATHERFORD-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:54:41 CST by rnordmark
+## Last commit: 2013-01-08 15:38:09 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -552,6 +552,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -563,6 +578,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1729,11 +1752,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1873,8 +1896,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.woo-mx480.onenet.net
===================================================================
--- hub.woo-mx480.onenet.net (revision 48785)
+++ hub.woo-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WOODWARD-MX480-RE0> show system commit
+# 2013-01-08 15:48:29 CST by jeremyt via cli commit synchronize
+# 2013-01-08 15:48:24 CST by jeremyt via cli commit synchronize
# 2013-01-04 11:06:57 CST by rnordmark via cli commit synchronize
# 2013-01-03 12:30:15 CST by joel via cli commit synchronize
# 2012-12-14 21:39:58 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:54 CST by admin via netconf commit synchronize
-# 2012-12-14 21:39:05 CST by admin via netconf commit synchronize
-# 2012-12-14 21:39:01 CST by admin via netconf commit synchronize
# grnoc-mon at WOODWARD-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -271,7 +271,7 @@
# grnoc-mon at WOODWARD-MX480-RE0> show system uptime
# System booted: 2012-08-02 14:14 CDT
# Protocols started: 2012-08-02 14:15 CDT
-# Last configured: 2013-01-04 11:06 CST by rnordmark
+# Last configured: 2013-01-08 15:48 CST by jeremyt
#
# {master}
# grnoc-mon at WOODWARD-MX480-RE0> show interface terse
@@ -338,7 +338,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WOODWARD-MX480-RE0> show configuration
-## Last commit: 2013-01-04 11:06:57 CST by rnordmark
+## Last commit: 2013-01-08 15:48:29 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -398,6 +398,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -409,6 +424,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -799,11 +822,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -943,8 +966,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.woo.onenet.net
===================================================================
--- hub.woo.onenet.net (revision 48858)
+++ hub.woo.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WOODWARD-M120-RE0> show system commit
+# 2013-01-08 15:38:29 CST by jeremyt via cli commit synchronize
# 2013-01-04 11:06:03 CST by rnordmark via cli commit synchronize
# 2012-12-14 14:30:29 CST by joe via cli commit synchronize
# 2012-12-13 15:55:59 CST by joe via cli commit synchronize
# 2012-12-13 15:39:52 CST by joe via cli commit synchronize
# 2012-12-13 14:42:38 CST by joe via cli commit synchronize
-# 2012-12-04 16:07:12 CST by jeremyt via cli commit synchronize
# grnoc-mon at WOODWARD-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -294,7 +294,7 @@
# grnoc-mon at WOODWARD-M120-RE0> show system uptime
# System booted: 2012-04-15 09:21 CDT
# Protocols started: 2012-04-15 09:23 CDT
-# Last configured: 2013-01-04 11:06 CST by rnordmark
+# Last configured: 2013-01-08 15:38 CST by jeremyt
#
# {master}
# grnoc-mon at WOODWARD-M120-RE0> show interface terse
@@ -491,7 +491,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WOODWARD-M120-RE0> show configuration
-## Last commit: 2013-01-04 11:06:03 CST by rnordmark
+## Last commit: 2013-01-08 15:38:29 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -550,6 +550,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -561,6 +576,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1636,11 +1659,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1780,8 +1803,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.say.onenet.net
===================================================================
--- hub.say.onenet.net (revision 48535)
+++ hub.say.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SAYRE-M120-RE0> show system commit
+# 2013-01-08 15:37:04 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:49:32 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:05:36 CST by bobby via cli commit synchronize
# 2012-12-14 11:05:39 CST by joe via cli commit synchronize
# 2012-12-14 10:38:48 CST by joe via cli commit synchronize
# 2012-12-14 10:15:23 CST by joe via cli commit synchronize
-# 2012-12-14 10:14:31 CST by joe via cli commit synchronize
# grnoc-mon at SAYRE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -292,7 +292,7 @@
# grnoc-mon at SAYRE-M120-RE0> show system uptime
# System booted: 2011-03-01 11:39 CST
# Protocols started: 2011-03-01 11:40 CST
-# Last configured: 2013-01-04 10:49 CST by rnordmark
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at SAYRE-M120-RE0> show interface terse
@@ -486,7 +486,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SAYRE-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:49:32 CST by rnordmark
+## Last commit: 2013-01-08 15:37:04 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -545,6 +545,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -556,6 +571,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1660,11 +1683,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1804,8 +1827,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.sem.onenet.net
===================================================================
--- hub.sem.onenet.net (revision 48619)
+++ hub.sem.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SEMINOLE-M120-RE0> show system commit
+# 2013-01-08 15:37:15 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:52:47 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:03:54 CST by bobby via cli commit synchronize
# 2012-12-14 10:04:08 CST by joe via cli commit synchronize
# 2012-12-14 09:59:59 CST by joe via cli commit synchronize
# 2012-12-04 16:04:14 CST by jeremyt via cli commit synchronize
-# 2012-11-16 14:41:26 CST by rnordmark via cli commit synchronize
# grnoc-mon at SEMINOLE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -290,7 +290,7 @@
# grnoc-mon at SEMINOLE-M120-RE0> show system uptime
# System booted: 2011-02-10 18:03 CST
# Protocols started: 2011-02-10 18:04 CST
-# Last configured: 2013-01-04 10:52 CST by rnordmark
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at SEMINOLE-M120-RE0> show interface terse
@@ -489,7 +489,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SEMINOLE-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:52:47 CST by rnordmark
+## Last commit: 2013-01-08 15:37:15 CST by jeremyt
version 10.4R1.9;
groups {
re0 {
@@ -548,6 +548,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -559,6 +574,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1648,11 +1671,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1792,8 +1815,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.wil.onenet.net
===================================================================
--- hub.wil.onenet.net (revision 48543)
+++ hub.wil.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WILBURTON-M120-RE0> show system commit
+# 2013-01-08 15:38:19 CST by jeremyt via cli commit synchronize
# 2013-01-04 11:04:08 CST by rnordmark via cli commit synchronize
# 2012-12-31 19:03:09 CST by joel via cli commit synchronize
# 2012-12-31 18:39:43 CST by joel via cli commit synchronize
# 2012-12-31 17:45:43 CST by rnordmark via cli commit synchronize
# 2012-12-31 14:33:00 CST by joel via cli commit synchronize
-# 2012-12-31 13:27:31 CST by joel via cli commit synchronize
# grnoc-mon at WILBURTON-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at WILBURTON-M120-RE0> show system uptime
# System booted: 2012-10-29 15:46 CDT
# Protocols started: 2012-10-29 15:48 CDT
-# Last configured: 2013-01-04 11:04 CST by rnordmark
+# Last configured: 2013-01-08 15:38 CST by jeremyt
#
# {master}
# grnoc-mon at WILBURTON-M120-RE0> show interface terse
@@ -467,7 +467,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WILBURTON-M120-RE0> show configuration
-## Last commit: 2013-01-04 11:04:08 CST by rnordmark
+## Last commit: 2013-01-08 15:38:19 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -526,6 +526,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -537,6 +552,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1584,11 +1607,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1728,8 +1751,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.sal.mx480.onenet.net
===================================================================
--- hub.sal.mx480.onenet.net (revision 48784)
+++ hub.sal.mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SALLISAW-MX480-RE0> show system commit
+# 2013-01-08 15:47:31 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:48:45 CST by rnordmark via cli commit synchronize
# 2012-12-14 21:40:02 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:58 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:07 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:03 CST by admin via netconf commit synchronize
-# 2012-12-14 21:38:01 CST by admin via netconf commit synchronize
# grnoc-mon at SALLISAW-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -269,7 +269,7 @@
# grnoc-mon at SALLISAW-MX480-RE0> show system uptime
# System booted: 2012-08-01 12:37 CDT
# Protocols started: 2012-08-01 12:38 CDT
-# Last configured: 2013-01-04 10:48 CST by rnordmark
+# Last configured: 2013-01-08 15:47 CST by jeremyt
#
# {master}
# grnoc-mon at SALLISAW-MX480-RE0> show interface terse
@@ -334,7 +334,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SALLISAW-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:48:45 CST by rnordmark
+## Last commit: 2013-01-08 15:47:31 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -394,6 +394,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -405,6 +420,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -772,11 +795,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -916,8 +939,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.tis.onenet.net
===================================================================
--- hub.tis.onenet.net (revision 48425)
+++ hub.tis.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TISHOMINGO-M120-RE0> show system commit
+# 2013-01-08 15:37:36 CST by jeremyt via cli commit synchronize
# 2012-12-14 09:00:14 CST by joe via cli commit synchronize
# 2012-12-04 16:12:12 CST by jeremyt via cli commit synchronize
# 2012-11-18 11:03:25 CST by admin via netconf commit synchronize
# 2012-11-18 11:03:18 CST by admin via netconf commit synchronize
# 2012-11-18 11:02:46 CST by admin via netconf commit synchronize
-# 2012-11-18 11:02:38 CST by admin via netconf commit synchronize
# grnoc-mon at TISHOMINGO-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -293,7 +293,7 @@
# grnoc-mon at TISHOMINGO-M120-RE0> show system uptime
# System booted: 2012-04-18 22:16 CDT
# Protocols started: 2012-04-18 22:18 CDT
-# Last configured: 2012-12-14 09:00 CST by joe
+# Last configured: 2013-01-08 15:37 CST by jeremyt
#
# {master}
# grnoc-mon at TISHOMINGO-M120-RE0> show interface terse
@@ -432,7 +432,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TISHOMINGO-M120-RE0> show configuration
-## Last commit: 2012-12-14 09:00:14 CST by joe
+## Last commit: 2013-01-08 15:37:36 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -491,6 +491,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -510,6 +525,14 @@
# ssh-dsa <removed>;
}
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1286,11 +1309,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1430,8 +1453,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.wea-mx480.onenet.net
===================================================================
--- hub.wea-mx480.onenet.net (revision 48778)
+++ hub.wea-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at WEATHERFORD-MX480-RE0> show system commit
+# 2013-01-08 15:48:07 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:55:24 CST by rnordmark via cli commit synchronize
# 2012-12-31 12:02:17 CST by joel via cli commit synchronize
# 2012-12-26 01:09:12 CST by admin via netconf commit synchronize
# 2012-12-26 01:09:08 CST by admin via netconf commit synchronize
# 2012-12-26 01:08:12 CST by admin via netconf commit synchronize
-# 2012-12-26 01:08:08 CST by admin via netconf commit synchronize
# grnoc-mon at WEATHERFORD-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -270,7 +270,7 @@
# grnoc-mon at WEATHERFORD-MX480-RE0> show system uptime
# System booted: 2012-08-01 15:47 CDT
# Protocols started: 2012-08-01 15:48 CDT
-# Last configured: 2013-01-04 10:55 CST by rnordmark
+# Last configured: 2013-01-08 15:48 CST by jeremyt
#
# {master}
# grnoc-mon at WEATHERFORD-MX480-RE0> show interface terse
@@ -337,7 +337,7 @@
#pp0 up up
#tap up up
# grnoc-mon at WEATHERFORD-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:55:24 CST by rnordmark
+## Last commit: 2013-01-08 15:48:07 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -397,6 +397,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -408,6 +423,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -804,11 +827,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -948,8 +971,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.okm.onenet.net
===================================================================
--- hub.okm.onenet.net (revision 48756)
+++ hub.okm.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at OKMULGEE-M120-RE0> show system commit
+# 2013-01-08 15:36:12 CST by jeremyt via cli commit synchronize
# 2012-12-17 13:32:58 CST by joel via cli commit synchronize
# 2012-12-17 13:32:12 CST by joel via cli commit synchronize
# 2012-12-17 13:26:23 CST by joel via cli commit synchronize
# 2012-12-14 09:35:48 CST by cjensen via cli commit synchronize
# 2012-12-04 16:16:47 CST by jeremyt via cli commit synchronize
-# 2012-11-21 10:45:21 CST by joe via cli commit synchronize
# grnoc-mon at OKMULGEE-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -295,7 +295,7 @@
# grnoc-mon at OKMULGEE-M120-RE0> show system uptime
# System booted: 2011-03-22 10:41 CDT
# Protocols started: 2011-03-22 10:43 CDT
-# Last configured: 2012-12-17 13:32 CST by joel
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# {master}
# grnoc-mon at OKMULGEE-M120-RE0> show interface terse
@@ -485,7 +485,7 @@
#pp0 up up
#tap up up
# grnoc-mon at OKMULGEE-M120-RE0> show configuration
-## Last commit: 2012-12-17 13:32:58 CST by joel
+## Last commit: 2013-01-08 15:36:12 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -544,6 +544,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -555,6 +570,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1687,11 +1710,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1831,8 +1854,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.mwc.onenet.net
===================================================================
--- hub.mwc.onenet.net (revision 47110)
+++ hub.mwc.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at MWC-MX80> show system commit
+# 2013-01-08 15:35:48 CST by jeremyt via cli
# 2012-12-17 11:57:14 CST by joel via cli
# 2012-12-14 09:30:32 CST by cjensen via cli
# 2012-12-06 16:58:44 CST by root via other
# 2012-12-06 16:55:52 CST by jeremyt via cli commit confirmed, rollback in 2mins
# 2012-12-06 16:45:34 CST by jeremyt via cli
-# 2012-12-06 16:45:18 CST by rnordmark via cli
# grnoc-mon at MWC-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -221,7 +221,7 @@
# grnoc-mon at MWC-MX80> show system uptime
# System booted: 2012-03-18 12:03 CDT
# Protocols started: 2012-03-18 12:04 CDT
-# Last configured: 2012-12-17 11:57 CST by joel
+# Last configured: 2013-01-08 15:35 CST by jeremyt
#
# grnoc-mon at MWC-MX80> show interface terse
#Interface Admin Link
@@ -280,7 +280,7 @@
#pp0 up up
#tap up up
# grnoc-mon at MWC-MX80> show configuration
-## Last commit: 2012-12-17 11:57:14 CST by joel
+## Last commit: 2013-01-08 15:35:48 CST by jeremyt
version 10.4R6.5;
system {
host-name MWC-MX80;
@@ -308,6 +308,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -319,6 +334,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -675,11 +698,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -819,8 +842,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.sal.onenet.net
===================================================================
--- hub.sal.onenet.net (revision 48520)
+++ hub.sal.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SALLISAW-M120-RE0> show system commit
+# 2013-01-08 15:36:52 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:48:08 CST by rnordmark via cli commit synchronize
# 2012-12-17 13:07:08 CST by bobby via cli commit synchronize
# 2012-12-14 13:26:30 CST by joe via cli commit synchronize
# 2012-12-14 13:23:30 CST by joe via cli commit synchronize
# 2012-12-05 08:33:32 CST by smclean via cli commit synchronize
-# 2012-12-04 16:18:58 CST by jeremyt via cli commit synchronize
# grnoc-mon at SALLISAW-M120-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -296,7 +296,7 @@
# grnoc-mon at SALLISAW-M120-RE0> show system uptime
# System booted: 2011-06-16 08:25 CDT
# Protocols started: 2011-06-16 08:27 CDT
-# Last configured: 2013-01-04 10:48 CST by rnordmark
+# Last configured: 2013-01-08 15:36 CST by jeremyt
#
# {master}
# grnoc-mon at SALLISAW-M120-RE0> show interface terse
@@ -460,7 +460,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SALLISAW-M120-RE0> show configuration
-## Last commit: 2013-01-04 10:48:08 CST by rnordmark
+## Last commit: 2013-01-08 15:36:52 CST by jeremyt
version 10.4R2.6;
groups {
re0 {
@@ -519,6 +519,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*;
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -530,6 +545,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -1473,11 +1496,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -1617,8 +1640,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.tsb.onenet.net
===================================================================
--- hub.tsb.onenet.net (revision 47635)
+++ hub.tsb.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at TULSA-STATE-BUILDING-MX80> show system commit
+# 2013-01-08 15:49:01 CST by jeremyt via cli
# 2012-12-22 04:50:06 CST by admin via netconf
# 2012-12-22 04:50:01 CST by admin via netconf
# 2012-12-17 15:05:01 CST by joel via cli
# 2012-12-17 15:02:44 CST by joel via cli
# 2012-12-09 00:46:58 CST by admin via netconf
-# 2012-12-09 00:46:53 CST by admin via netconf
# grnoc-mon at TULSA-STATE-BUILDING-MX80> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -211,7 +211,7 @@
# grnoc-mon at TULSA-STATE-BUILDING-MX80> show system uptime
# System booted: 2012-10-18 11:50 CDT
# Protocols started: 2012-10-18 11:51 CDT
-# Last configured: 2012-12-22 04:50 CST by admin
+# Last configured: 2013-01-08 15:49 CST by jeremyt
#
# grnoc-mon at TULSA-STATE-BUILDING-MX80> show interface terse
#Interface Admin Link
@@ -280,7 +280,7 @@
#pp0 up up
#tap up up
# grnoc-mon at TULSA-STATE-BUILDING-MX80> show configuration
-## Last commit: 2012-12-22 04:50:06 CST by admin
+## Last commit: 2013-01-08 15:49:01 CST by jeremyt
version 11.4R5.5;
system {
host-name TULSA-STATE-BUILDING-MX80;
@@ -309,6 +309,21 @@
idle-timeout 1044;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -320,6 +335,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ssh {
@@ -921,8 +944,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
Index: hub.sem-mx480.onenet.net
===================================================================
--- hub.sem-mx480.onenet.net (revision 48793)
+++ hub.sem-mx480.onenet.net (working copy)
@@ -1,12 +1,12 @@
# RANCID-CONTENT-TYPE: juniper
#
# grnoc-mon at SEMINOLE-MX480-RE0> show system commit
+# 2013-01-08 15:47:48 CST by jeremyt via cli commit synchronize
# 2013-01-04 10:53:35 CST by rnordmark via cli commit synchronize
# 2012-12-14 21:39:59 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:56 CST by admin via netconf commit synchronize
# 2012-12-14 21:39:00 CST by admin via netconf commit synchronize
# 2012-12-14 21:38:57 CST by admin via netconf commit synchronize
-# 2012-12-14 21:37:58 CST by admin via netconf commit synchronize
# grnoc-mon at SEMINOLE-MX480-RE0> show chassis environment
# Class Item Status Measurement
# Temp PEM 0 OK
@@ -271,7 +271,7 @@
# grnoc-mon at SEMINOLE-MX480-RE0> show system uptime
# System booted: 2012-07-30 11:06 CDT
# Protocols started: 2012-07-30 11:08 CDT
-# Last configured: 2013-01-04 10:53 CST by rnordmark
+# Last configured: 2013-01-08 15:47 CST by jeremyt
#
# {master}
# grnoc-mon at SEMINOLE-MX480-RE0> show interface terse
@@ -336,7 +336,7 @@
#pp0 up up
#tap up up
# grnoc-mon at SEMINOLE-MX480-RE0> show configuration
-## Last commit: 2013-01-04 10:53:35 CST by rnordmark
+## Last commit: 2013-01-08 15:47:48 CST by jeremyt
version 11.4R4.4;
groups {
re0 {
@@ -396,6 +396,21 @@
idle-timeout 1440;
permissions all;
}
+ class lockdown {
+ idle-timeout 2;
+ permissions view;
+ deny-commands .*;
+ deny-configuration .*; ## Warning: 'deny-configuration' is deprecated
+ }
+ class operator-local {
+ idle-timeout 15;
+ permissions [ access admin configure firewall interface network routing snmp system trace view ];
+ allow-commands "show log messages";
+ }
+ class robot {
+ idle-timeout 10;
+ permissions [ admin configure firewall interface routing secret security snmp system trace view ];
+ }
user admin {
uid 1000;
class super-user;
@@ -407,6 +422,14 @@
uid 2018;
class admin;
}
+ user rancid {
+ uid 2001;
+ class robot;
+ }
+ user remote {
+ uid 2002;
+ class operator-local;
+ }
}
services {
ftp;
@@ -779,11 +802,11 @@
156.110.31.0/27;
156.110.31.32/28;
164.58.10.0/24;
- 164.58.244.0/23;
164.58.253.0/24;
64.207.244.14/32;
66.129.224.37/32;
164.58.15.0/24;
+ 164.58.244.0/22;
}
protocol tcp;
destination-port [ ssh http ];
@@ -923,8 +946,6 @@
}
term DENY_ALL {
then {
- log;
- syslog;
discard;
}
}
More information about the Nocrancid
mailing list