[168143] in North American Network Operators' Group
verify currently running software on ram
daemon@ATHENA.MIT.EDU (Tassos Chatzithomaoglou)
Mon Jan 13 05:26:22 2014
Date: Mon, 13 Jan 2014 12:26:02 +0200
From: Tassos Chatzithomaoglou <achatz@forthnet.gr>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc.
Something that will somehow compare the running software in ram with the software on flash/hd/storage/etc, so that i can verify that nobody has actually messed with the running software (by whatever means that's possible).
Besides the "install verify" command on IOS-XR (which i'm not 100% sure if it suits my needs), i haven't managed to find anything else. And the vendors say that indeed there is nothing more.
All other options are about verifying the software file integrity before it gets loaded into ram.
Have you ever done such an exercise? Are there maybe any external tools (or services) that offer this capability?
--
Tassos
