[j-nsp] Sanitising m/t series routers?
chartley at oar.net
Tue Jul 7 08:42:30 EDT 2009
Depends on how paranoid you are... this is probably overdoing it.
Start shell (boot in single user if you can by interrupting boot sequence and
typing boot -s at loader> prompt, and using 'recovery' shell... still possible remotely
if you have terminal server)
# Identify the /config partition:
# df -h
Filesystem Size Used Avail Capacity Mounted on
. . .
/dev/da0s3e 55M 4.0K 51M 0% /config
. . .
# Choose /dev/da0s3e in this case.
# Force unmount the partition:
umount -f /dev/da03se
for a in 1 2 3 4 5 6 7 8 9; do
echo -n "Wipe $a:";
dd if=/dev/zero of=/dev/da0s3e
# Write super block to partition so that it can be remounted
# #### Clear logs
for a in *; do (cd $a 2>/dev/null && cd ..) && (echo "not a dir: $a") || (rm -f $a; echo ' ' > $a; echo "Cleared $a"); done
for a in */*; do rm -f $a; echo ' ' > $a; done
for a in 0 1 2 3 4 5 6 7 8 9; do
echo "Wipe $a";
dd if=/dev/zero of=garbage
rm -f garbage
# Mount and create some required directories
# Reboot and let device load default configs.
# While booting, you should see:
Creating initial configuration...mgd: error: Cannot open configuration file: /config/juniper.conf
mgd: warning: activating factory configuration
# The device will also need to create new key pairs since we blew them away.
# The root password will now be empty.
# Fix that:
set system root-authentication plaintext-password
request system halt
Nothing magical... I may have forgotten something. Oh yeah, this takes a while.
>>> Andrew Cheng <arbcat at gmail.com> 07/07/09 1:53 AM >>>
I have to sanitise a large number of routers (ie, remove all configs,
logs.. everything), and
was wondering if there was a magic way of doing it remotely?
There is the tedious way of going through and deleteing /var/log, all
configs.. etc etc, but surely
there must be a better way?
juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp