managewrt.pl - A tool to manage lists of NVRAM settings

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
wirerydr
DD-WRT Novice


Joined: 30 Nov 2013
Posts: 26

PostPosted: Fri Mar 27, 2015 4:54    Post subject: managewrt.pl - A tool to manage lists of NVRAM settings Reply with quote
managewrt.pl is a simple Perl-based tool to read, write, view and compare sets (called "lists") of NVRAM settings on routers running WRT-style firmware such as DD-WRT. It was originally conceived as a quick way of backing up lists of settings prior to upgrading firmware, and then restoring the settings after the upgrade has completed.

The following commands are supported:

get - Reads the current value(s) of a list of NVRAM settings and saves them to a data-file, which can later be written
back to a router or compared with the current settings of a router at that point in time.

set - Takes the value(s) of a list of NVRAM settings and writes them to a router's NVRAM. Once all value(s) have been
written they are committed.

view - Reads the current value(s) of a list of NVRAM settings, and outputs them to the screen.

compare - Reads the current value(s) of a list of NVRAM settings, and compares them to a saved set of value(s) using
your choice of "diff", "git diff" or "vimdiff".

managewrt.pl can properly handle NVRAM settings that contain such characters as single-quotes, double-quotes, backticks, backslashes and dollar-signs.

managewrt.pl operates on "lists" of settings, which are simply text files listing one or more NVRAM setting names. Settings can thus be grouped together however it makes sense to do so, and then operated on together all at once. An example of this would be a list of all settings related to SSH-based administration of the router. Such a text file would look simliar to the following:

Code:
limit_ssh
remote_mgt_ssh
sshd_authorized_keys
sshd_enable
sshd_forwarding
sshd_passwd_auth
sshd_port
sshd_wanport


With such a list defined, all settings related to SSH administration could be easily saved, viewed, written and compared with single commands. When saved, the resulting data-files are UTF8-encoded JSON files that can be edited by the text editor of your choice if desired, before being written back to the router later. Note that while this can be quite convenient and time-saving in many cases, care should always be taken to edit settings correctly, as managewrt.pl will perform exactly zero syntax / integrity checking on saved settings when writing them back to a router. An example of such a saved data-file is the following:

Code:
{
   "limit_ssh" : "0",
   "remote_mgt_ssh" : "0",
   "sshd_authorized_keys" : "ssh-rsa AAAAB3NzaCtyc2TESTKEYTESTKEYTESTKEY== root@here",
   "sshd_enable" : "1",
   "sshd_forwarding" : "0",
   "sshd_passwd_auth" : "1",
   "sshd_port" : "22",
   "sshd_wanport" : "22"
}

For every list that has been defined, managewrt.pl will save gotten settings on a per-router basis. I.e. if you have 3 routers all with slightly different sshd settings, you can define the list of all sshd settings once, and run managewrt.pl against each of your three routers to capture the individual settings for each router. Alternatively if you'd like to quickly copy lists of settings from one router to another, you can get a list of settings from one router with managewrt.pl, copy the data- file to a new name corresponding to a 2nd router, and then write those settings to the 2nd (and 3rd, etc.) router with managewrt.pl .


REQUIREMENTS

managewrt.pl is implemented as a single perl script. As such, it requires Perl (5.10.0 or higher) to be present and functional on the system where managewrt.pl is to be run.

managewrt.pl depends on a small number of perl modules to properly operate, which may or may not already be present on your system. (On the author's Fedora 21 system, all modules were automatically installed with Perl when it was installed.) At present the required modules are:
    Getopt::Long
    JSON::PP
    Pod::Usage
    File::Temp
    IO::Handle

managewrt.pl makes use of a very small number of utilities (e.g. ping, mktemp, cat) typically included in most unix-like operating systems such as Linux, BSD, OSX, etc. It should work similarly on any unix-like operating system that has Perl 5.10.0 (or later) installed along with the modules mentioned above. It has not been tested on Windows, but will presumably work in conjunction with something like CygWin (a large collection of GNU and open-source tools along with a POSIX API environment).

managewrt.pl communicates with routers via SSH. This means that: 1) the SSH server must be running on your router(s), and 2) the ssh client 'ssh' must exist on the system where managewrt.pl is installed to. It is also highly recommended that key-based SSH logins be configured beforehand. While not strictly necessary, if public/private SSH keys have not been properly installed beforehand then every invocation of managewrt.pl will cause the user to be prompted (often multiple times per command) to enter the valid login password for the router.

When performing compare commands, managewrt.pl supports the use of (currently) 3 comparison utilties: diff, git, and vim. Ensure that your choice(s) of these tools are installed beforehand.


WARNINGS

The names of NVRAM settings and the inter-relationships between them may occasionally change from one firmware version to another. Firmware developers almost-certainly will not do this casually, but it will happen occasionally. Care should always be taken when writing settings to routers to first ensure that setting names / relationships have not changed. One indicator that this might be the case is when something is mentioned in support forums similar to a factory-reset to default settings is required after upgrading to this firmware.

No attempt is made to obscure/filter out any sensitive NVRAM settings such as passwords. Care should always be taken when handling such settings. In order to help prevent you from shooting yourself in the foot too badly, this script will:
  1. When getting current settings from a router and saving them to a save-file, the file's permissions will be set to 0600 ( -rw------- ) to prevent access by any user other than the current owner and root.


INSTALLATION
  1. Obtain the latest ZIP file containing this release from https://github.com/wirerydr/ManageWrtSettings/archive/master.zip.

  2. Extract the ZIP file into your desired location. We will assume /opt in these instructions. Extracting the ZIP file will create a subdirectory called ManageWrtSettings-master. You may rename this subdirectory if you choose. Later, you may invoke managewrt.pl in one of three ways:
    1. By its full path/filename, e.g. /opt/ManageWrtSettings-master/managewrt.pl,
    2. By first switching into its subdirectory and then running ./managewrt.pl,
    3. By adding the subdirectory to your $PATH environment variable and then running managewrt.pl .

  3. cd into the installation directory and ensure that the script is accessible only by the owner and root.
      cd /opt/ManageWrtSettings-master
      chmod 0700 managewrt.pl

  4. Create required data and lists subdirectories. Make them accessible only by the owner and root.
      mkdir -p /opt/ManageWrtSettings-master/data
      mkdir -p /opt/ManageWrtSettings-master/lists
      chmod 0700 /opt/ManageWrtSettings-master/data /opt/ManageWrtSettings-master/lists

  5. Create one or more lists of NVRAM settings. Each list is a text file located in the lists subdirectory, where the filename corresponds to the name of the list. The following example text file (called lists/sshd) defines a list of settings related to the SSHD server:
      limit_ssh
      remote_mgt_ssh
      sshd_authorized_keys
      sshd_enable
      sshd_forwarding
      sshd_passwd_auth
      sshd_port
      sshd_wanport

  6. Set create and deploy SSH public/private keys between your router(s) and the system where you installed managewrt.pl. This is technically an optional step, but if not done then you will be repeatedly prompted to enter passwords whenever you run the script. One tutorial covering this appears on the DD-WRT wiki: http://www.dd-wrt.com/wiki/index.php/SSH

  7. Test your setup with something like the following command (assumes your router is 192.168.1.1). If you get any warnings about missing modules such as JSON::pp, IO::Handle etc, then refer to the REQUIREMENTS section above for a list of required Perl modules. Install them according to the procedures for your particular OS.
      ./managewrt.pl view -l sshd -r 192.168.1.1

  8. Run the following to get additional help on additional commands and options:
      ./managewrt.pl --help

Sponsor
wirerydr
DD-WRT Novice


Joined: 30 Nov 2013
Posts: 26

PostPosted: Tue Apr 07, 2015 2:32    Post subject: Reply with quote
The following are some list-definitions that I have personally found useful when preserving/restoring settings before and after firmware upgrades. To use any of these lists, create a new text file inside your "lists" subdirectory, and place the contents of a definition from here into the text file. If you want more than one of these lists, then create a separate text file for each one, named appropriately.

ddns (Settings on Setup -> DDNS WebGUI page)
Code:
ddns_cache
ddns_change
ddns_conf_buf
ddns_custom_5
ddns_custom_5_buf
ddns_dyndnstype
ddns_dyndnstype_6
ddns_dyndnstype_buf
ddns_enable
ddns_enable_buf
ddns_force
ddns_hostname
ddns_hostname_2
ddns_hostname_3
ddns_hostname_4
ddns_hostname_5
ddns_hostname_6
ddns_hostname_7
ddns_hostname_8
ddns_hostname_9
ddns_hostname_buf
ddns_passwd
ddns_passwd_10
ddns_passwd_2
ddns_passwd_3
ddns_passwd_4
ddns_passwd_5
ddns_passwd_6
ddns_passwd_7
ddns_passwd_8
ddns_passwd_9
ddns_passwd_buf
ddns_time
ddns_url_buf
ddns_username
ddns_username_10
ddns_username_2
ddns_username_3
ddns_username_4
ddns_username_5
ddns_username_6
ddns_username_7
ddns_username_8
ddns_username_9
ddns_username_buf
ddns_wan_ip
ddns_wildcard_6
ddns_wildcard_7
ddns_wildcard_buf



lighttpd (Settings on Services -> Webserver WebGUI page)
Code:
lighttpd_enable
lighttpd_port
lighttpd_root
lighttpd_sslport
lighttpd_wan



port_forwarding (Settings on NAT / QoS -> Port Forwarding WebGUI page)
Code:
forward_spec
forwardspec_entries



rc_commands (Settings on Administration -> Commands WebGUI page)
Code:
rc_custom
rc_firewall
rc_shutdown
rc_startup



sshd (Settings mostly on Services -> Services WebGUI page)
Code:
limit_ssh
remote_mgt_ssh
sshd_authorized_keys
sshd_enable
sshd_forwarding
sshd_passwd_auth
sshd_port
sshd_wanport



static_leases (Settings on Services -> Services WebGUI page)
Code:
static_leasenum
static_leases



syslogd (Settings on Services -> Services WebGUI page)
Code:
syslogd_enable
syslogd_rem_ip



usb (Settings on Services -> USB WebGUI page)
Code:
usb_automnt
usb_enable
usb_ip
usb_mntjffs
usb_mntopt
usb_mntpoint
usb_ohci
usb_printer
usb_runonmount
usb_ses_umount
usb_storage
usb_uhci
usb_usb2



dnsmasq (Settings on Setup -> Basic Setup and Services -> Services WebGUI page)
Code:
auth_dnsmasq
dhcp_dnsmasq
dns_dnsmasq
dnsmasq_add_mac
dnsmasq_enable
dnsmasq_no_dns_rebind
dnsmasq_options
dnsmasq_strict
dns_redirect
local_dns
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum